Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe

Overview

General Information

Sample name:PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
Analysis ID:1465956
MD5:fe67d87f3efefadb38a76aca77820504
SHA1:08c9f9f3c9be5b3fb9fbe6dfc3b6875323c3a4ad
SHA256:b740d4c07f1bfd42085caf8c5df442634f5415bcaffe2050c52a0f3379a5f03f
Tags:exeSnakeKeylogger
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7049924735:AAGvjcq8A7Onlbh1XDN_9YUW9tENxnyOWZ4/sendMessage?chat_id=5144477649"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x14789:$a1: get_encryptedPassword
      • 0x14a75:$a2: get_encryptedUsername
      • 0x14595:$a3: get_timePasswordChanged
      • 0x14690:$a4: get_passwordField
      • 0x1479f:$a5: set_encryptedPassword
      • 0x15d85:$a7: get_logins
      • 0x15ce8:$a10: KeyLoggerEventArgs
      • 0x15981:$a11: KeyLoggerEventArgsEventHandler
      00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x196ac:$x1: $%SMTPDV$
      • 0x18090:$x2: $#TheHashHere%&
      • 0x19654:$x3: %FTPDV$
      • 0x18030:$x4: $%TelegramDv$
      • 0x15981:$x5: KeyLoggerEventArgs
      • 0x15ce8:$x5: KeyLoggerEventArgs
      • 0x19678:$m2: Clipboard Logs ID
      • 0x198b6:$m2: Screenshot Logs ID
      • 0x199c6:$m2: keystroke Logs ID
      • 0x19ca0:$m3: SnakePW
      • 0x1988e:$m4: \SnakeKeylogger\
      00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Click to see the 17 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x12b89:$a1: get_encryptedPassword
            • 0x12e75:$a2: get_encryptedUsername
            • 0x12995:$a3: get_timePasswordChanged
            • 0x12a90:$a4: get_passwordField
            • 0x12b9f:$a5: set_encryptedPassword
            • 0x14185:$a7: get_logins
            • 0x140e8:$a10: KeyLoggerEventArgs
            • 0x13d81:$a11: KeyLoggerEventArgsEventHandler
            0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1a462:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x19694:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x19ac7:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1ab06:$a5: \Kometa\User Data\Default\Login Data
            0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x13710:$s1: UnHook
            • 0x13717:$s2: SetHook
            • 0x1371f:$s3: CallNextHook
            • 0x1372c:$s4: _hook
            Click to see the 23 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7049924735:AAGvjcq8A7Onlbh1XDN_9YUW9tENxnyOWZ4/sendMessage?chat_id=5144477649"}
            Multi AV Scanner detection for submitted file
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeReversingLabs: Detection: 31%
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeVirustotal: Detection: 33%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeJoe Sandbox ML: detected

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49708 version: TLS 1.0
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F07B74h3_2_00007FF848F07962
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F0A1BDh3_2_00007FF848F09EA2
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F08DFDh3_2_00007FF848F08AFA
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F0A7B0h3_2_00007FF848F0A3CD
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F085B5h3_2_00007FF848F07DEF
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F0A7B0h3_2_00007FF848F0A6CC
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F09CCDh3_2_00007FF848F099B2
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F077B9h3_2_00007FF848F07393
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F097DDh3_2_00007FF848F094E8
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 4x nop then jmp 00007FF848F092EDh3_2_00007FF848F08FD2
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49708 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036AF000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000369C000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036C3000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000370B000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000371E000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000034E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000371E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgp
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036AF000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.0000000003618000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000369C000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036C3000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000370B000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000371E000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000034E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036AF000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.0000000003646000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000369C000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036C3000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000370B000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000371E000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33p
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6152, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6152, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6164, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6164, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 0_2_00007FF848F2CC870_2_00007FF848F2CC87
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeStatic PE information: No import functions for PE file found
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefbXfjPLUOxpHounQOLpg.exeX vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2033995199.0000000002E80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dll0 vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034077493.0000000003421000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dll0 vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2036497072.000000001D8D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2035994867.000000001C070000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameAxiom.dll@ vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAxiom.dll@ vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034077493.00000000034BB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefbXfjPLUOxpHounQOLpg.exeX vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034077493.00000000034BB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameReactionDiffusion.dll0 vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefbXfjPLUOxpHounQOLpg.exeX vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeBinary or memory string: OriginalFilenameQcWJ.exe0 vs PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6152, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6152, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6164, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6164, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@2/2
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.logJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeMutant created: NULL
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeStatic file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.65%
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.0000000003816000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000037E7000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4459956677.0000000013578000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.0000000003822000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000037C9000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000037D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeReversingLabs: Detection: 31%
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeVirustotal: Detection: 33%
            Source: unknownProcess created: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe "C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe"
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess created: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe "C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe"
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess created: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe "C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 0_2_00007FF848F26F52 push ecx; retf 0_2_00007FF848F2785C
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 0_2_00007FF848F2C688 push E9605589h; ret 0_2_00007FF848F2C68E
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 0_2_00007FF848F200BD pushad ; iretd 0_2_00007FF848F200C1
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 0_2_00007FF848F28339 push E9FFFFFFh; iretd 0_2_00007FF848F2833F
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 3_2_00007FF848F000BD pushad ; iretd 3_2_00007FF848F000C1
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeCode function: 3_2_00007FF848F0C757 push ebp; retf 3_2_00007FF848F0C758
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeStatic PE information: section name: .text entropy: 7.985498538877946

            Hooking and other Techniques for Hiding and Protection

            barindex
            Uses an obfuscated file name to hide its real file extension (double extension)
            Source: Possible double extension: xlsx.scrStatic PE information: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeMemory allocated: CE0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeMemory allocated: 1B420000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeMemory allocated: F80000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeMemory allocated: 1B4E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599860Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599736Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599583Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599468Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599360Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599250Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599141Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599016Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598891Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598782Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598657Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598532Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598422Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598311Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598203Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598093Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597984Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597873Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597766Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597656Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597547Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597438Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597328Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597199Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597093Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596925Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596806Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596701Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596593Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596484Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596375Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596266Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596156Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596045Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595937Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595828Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595719Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595594Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595485Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595360Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595235Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595110Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594985Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594860Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594735Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594610Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594485Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594347Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594219Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeWindow / User API: threadDelayed 7640Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeWindow / User API: threadDelayed 2197Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 1220Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep count: 33 > 30Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -30437127721620741s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -599860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 6500Thread sleep count: 7640 > 30Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 6500Thread sleep count: 2197 > 30Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -599736s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -599583s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -599468s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -599360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -599250s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -599141s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -599016s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -598891s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -598782s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -598657s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -598532s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -598422s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -598311s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -598203s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -598093s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -597984s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -597873s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -597766s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -597656s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -597547s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -597438s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -597328s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -597199s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -597093s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -596925s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -596806s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -596701s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -596593s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -596484s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -596375s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -596266s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -596156s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -596045s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -595937s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -595828s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -595719s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -595594s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -595485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -595360s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -595235s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -595110s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -594985s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -594860s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -594735s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -594610s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -594485s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -594347s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe TID: 3452Thread sleep time: -594219s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599860Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599736Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599583Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599468Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599360Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599250Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599141Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 599016Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598891Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598782Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598657Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598532Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598422Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598311Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598203Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 598093Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597984Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597873Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597766Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597656Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597547Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597438Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597328Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597199Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 597093Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596925Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596806Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596701Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596593Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596484Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596375Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596266Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596156Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 596045Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595937Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595828Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595719Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595594Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595485Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595360Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595235Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 595110Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594985Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594860Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594735Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594610Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594485Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594347Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread delayed: delay time: 594219Jump to behavior
            Source: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4457393533.0000000000F29000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll==(]P
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeMemory written: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe base: 140000000 value starts with: 4D5AJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeThread register set: target process: 6164Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeProcess created: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe "C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe"Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeQueries volume information: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeQueries volume information: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4458271781.0000000003732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4458271781.00000000034E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6152, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6164, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6152, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6164, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.140000000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.13711de8.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.136f17a8.8.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4458271781.0000000003732000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.4458271781.00000000034E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6152, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe PID: 6164, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		211
            Process Injection            		11
            Masquerading            		1
            OS Credential Dumping            		1
            Query Registry            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Disable or Modify Tools            		LSASS Memory1
            Security Software Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Virtualization/Sandbox Evasion            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
            Process Injection            		NTDS31
            Virtualization/Sandbox Evasion            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script13
            Obfuscated Files or Information            		LSA Secrets1
            Application Window Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
            Software Packing            		Cached Domain Credentials1
            System Network Configuration Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading            		DCSync13
            System Information Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe32%ReversingLabsWin64.Spyware.Snakekeylogger
            PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe34%VirustotalBrowse
            PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            reallyfreegeoip.org0%VirustotalBrowse
            checkip.dyndns.com0%VirustotalBrowse
            checkip.dyndns.org1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://checkip.dyndns.orgp0%Avira URL Cloudsafe
            http://checkip.dyndns.org0%Avira URL Cloudsafe
            http://checkip.dyndns.org/0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/8.46.123.33p0%Avira URL Cloudsafe
            https://reallyfreegeoip.org0%Avira URL Cloudsafe
            https://reallyfreegeoip.org0%VirustotalBrowse
            http://checkip.dyndns.com0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe
            http://checkip.dyndns.org1%VirustotalBrowse
            http://checkip.dyndns.org/1%VirustotalBrowse
            http://checkip.dyndns.org/q0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/0%VirustotalBrowse
            http://checkip.dyndns.com0%VirustotalBrowse
            http://checkip.dyndns.org/q0%VirustotalBrowse
            http://reallyfreegeoip.org0%VirustotalBrowse
            http://reallyfreegeoip.org0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            		188.114.96.3
            		truetrueunknown
            checkip.dyndns.com
            		193.122.6.168
            		truefalseunknown
            checkip.dyndns.org
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://checkip.dyndns.org/false
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.org/xml/8.46.123.33false
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://reallyfreegeoip.orgPETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036AF000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.0000000003646000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000369C000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036C3000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000370B000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000371E000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.orgPETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.orgpPETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000371E000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.org/xml/8.46.123.33pPETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.comPETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036AF000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000369C000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036C3000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000370B000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000371E000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036D6000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000034E1000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.org/qPETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://reallyfreegeoip.orgPETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036AF000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.0000000003618000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000369C000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036C3000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000370B000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.000000000371E000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000036D6000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.org/xml/PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, 00000003.00000002.4458271781.00000000035F8000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            193.122.6.168
            		checkip.dyndns.comUnited States
            		31898ORACLE-BMC-31898USfalse
            188.114.96.3
            		reallyfreegeoip.orgEuropean Union
            		13335CLOUDFLARENETUStrue

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1465956
            Start date and time:2024-07-02 10:25:05 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 9s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:7
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Detection:MAL
            Classification:mal100.troj.spyw.evad.winEXE@3/1@2/2
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 72%
            • Number of executed functions: 107
            • Number of non-executed functions: 4
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, PID 6152 because it is empty
            • Execution Graph export aborted for target PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe, PID 6164 because it is empty
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            04:25:53API Interceptor12554885x Sleep call for process: PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            193.122.6.168whiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            PM114079-990528.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            Bank Slip 2.docGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            JgRVqrgNs4.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            H3fwQALXDX.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            z1MB267382625AE.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            Prouduct list Specifictions.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            188.114.96.3Vg46FzGtNo.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 000366cm.nyashka.top/phpflowergenerator.php
            QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • filetransfer.io/data-package/mHgyHEv5/download
            file.exeGet hashmaliciousFormBookBrowse
            • www.cavetta.org.mt/yhnb/
            http://johnlewisfr.comGet hashmaliciousUnknownBrowse
            • johnlewisfr.com/
            cL7A9wGE3w.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 445798cm.nyashka.top/ProviderEternalLinephpRequestSecurePacketprocessauthwordpress.php
            http://www.youkonew.anakembok.de/Get hashmaliciousHTMLPhisherBrowse
            • www.youkonew.anakembok.de/cdn-cgi/challenge-platform/h/g/jsd/r/89b98144d9c843b7
            hnCn8gE6NH.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • yenot.top/providerlowAuthApibigloadprotectflower.php
            288292021 ABB.exeGet hashmaliciousFormBookBrowse
            • www.oc7o0.top/2zff/?Hp=4L8xoD0W4Zo4sy87CvwWXXlmZfhaBYNiZZOBxyE5jHDJEgkxN8cq+PG6NIXzy1XRCqQIvL5VyJCknvUNNLKk6zzmBcbZOQR3Nr9VCMayuUBptQdoGcq8y485hKv0f5POEUdLprTAYpXY&5H=CtUlKhgP42a
            eiqj38BeRo.rtfGet hashmaliciousFormBookBrowse
            • www.liposuctionclinics2.today/btrd/?OR-TJfQ=g2Awi9g0RhXmDXdNu5BlCrpPGRTrEfCXfESYZTVa1wMirmNXITW5szlP5E4EhRYb22U+Mw==&2dc=kvXd-rKHCF
            Purchase Order -JJ023639-PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • filetransfer.io/data-package/9a4iHwft/download

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            reallyfreegeoip.orgwhiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            whiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            PM114079-990528.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            Bank Slip 2.docGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            MT_80362_72605XLS.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 188.114.97.3
            JgRVqrgNs4.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            JgRVqrgNs4.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            H3fwQALXDX.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            oHchwlxMNG.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            checkip.dyndns.comwhiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            whiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            lista de cotizaciones.xlam.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            PM114079-990528.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            Bank Slip 2.docGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            MT_80362_72605XLS.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 158.101.44.242
            JgRVqrgNs4.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            JgRVqrgNs4.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            H3fwQALXDX.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            ORACLE-BMC-31898USwhiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            whiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            mirai.mips.elfGet hashmaliciousMiraiBrowse
            • 129.147.199.239
            PM114079-990528.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            0wVYV60JHd.elfGet hashmaliciousMiraiBrowse
            • 129.147.194.27
            h1dNV0rAcX.elfGet hashmaliciousMiraiBrowse
            • 193.122.239.131
            Bank Slip 2.docGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            MT_80362_72605XLS.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 158.101.44.242
            JgRVqrgNs4.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            JgRVqrgNs4.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            CLOUDFLARENETUSPUGPDU-64096.docxGet hashmaliciousHTMLPhisherBrowse
            • 104.17.25.14
            https://m.exactag.com/ai.aspx?tc=d9608989bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253ABOJ.jaick.co.ke/index.xml%23?email=YWxlYy5wZXRlcnNvbkB2b3NzbG9oLmNvbQ==Get hashmaliciousUnknownBrowse
            • 172.67.219.91
            whiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            https://t.co/2dNESf0PrbGet hashmaliciousUnknownBrowse
            • 104.17.25.14
            3z5nZg91qJ.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • 172.67.74.152
            whiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            call_Playback_ball.com.htmlGet hashmaliciousHTMLPhisherBrowse
            • 104.17.25.14
            QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • 188.114.97.3
            6RVmzn1DzL.exeGet hashmaliciousLummaCBrowse
            • 172.67.141.234
            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousGuLoaderBrowse
            • 172.67.74.152

            JA3 Fingerprints

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            54328bd36c14bd82ddaa0c04b25ed9adwhiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            whiteee.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            PM114079-990528.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            MT_80362_72605XLS.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 188.114.96.3
            bJLd0SUHfj.exeGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            PGjIoaqfQY.exeGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            JgRVqrgNs4.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            x6221haMsm.exeGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            JgRVqrgNs4.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe.log

            Download File
            Process:C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            File Type:CSV text
            Category:dropped
            Size (bytes):1510
            Entropy (8bit):5.380493107040482
            Encrypted:false
            SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNl+84xp3/VclT:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAA
            MD5:3C7E5782E6C100B90932CBDED08ADE42
            SHA1:D498EE0833BB8C85592FB3B1E482267362DB3F74
            SHA-256:361A6FF160343A2400F7D3FA4A009EA20C994B9788C190EB9D53E544BB376490
            SHA-512:3A90D61631F4DC920860AEA31FDB5E56A102206311705D5D084E809D364F680B4E95F19CE9849D3F9CB3C2C273393FD2F2C67720BAAA885125EE358D59462B0A
            Malicious:true
            Reputation:moderate, very likely benign file
            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

            Static File Info

            General

            File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
            Entropy (8bit):7.978790410425317
            TrID:
            • Win64 Executable GUI Net Framework (217006/5) 49.65%
            • Win64 Executable GUI (202006/5) 46.21%
            • Win64 Executable (generic) (12005/4) 2.75%
            • Win16/32 Executable Delphi generic (2074/23) 0.47%
            • Generic Win/DOS Executable (2004/3) 0.46%
            File name:PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            File size:624'640 bytes
            MD5:fe67d87f3efefadb38a76aca77820504
            SHA1:08c9f9f3c9be5b3fb9fbe6dfc3b6875323c3a4ad
            SHA256:b740d4c07f1bfd42085caf8c5df442634f5415bcaffe2050c52a0f3379a5f03f
            SHA512:b19a43da549d0234b1aedc718eef6781d9f5fe7d06eb41fdb0a19b9d35c7627f660b9c956e2411fe94fe5d97ab7c273ef83ecc168c1ae1d28d683433e14414da
            SSDEEP:12288:xOaEg1tQwjJ3pOpHY2/KCnmJMh9NbMAs0Dmf5a93CjUlNqph:xpPtQwj7OhmJMh7b1siSKsU3y
            TLSH:46D423126E761B2FCDEF033F91972403E37987116223D7AA7DAC36755691B188B21783
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...xT.f.........."...0..|............... .....@..... ....................................@...@......@............... .....

            File Icon

            Icon Hash:00928e8e8686b000

            Static PE Info

            General

            Entrypoint:0x140000000
            Entrypoint Section:
            Digitally signed:false
            Imagebase:0x140000000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x66835478 [Tue Jul 2 01:14:32 2024 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:

            Entrypoint Preview

            Instruction
            dec ebp
            pop edx
            nop
            add byte ptr [ebx], al
            add byte ptr [eax], al
            add byte ptr [eax+eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x9a0000x5b8.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x97bb40x97c00e497f6ad873344eeead4be2c33c34524False0.9781986846169687data7.985498538877946IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0x9a0000x5b80x800027422f384360e5f35763743d1f13582False0.31689453125data3.3385960468300335IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_VERSION0x9a0900x328data0.41707920792079206
            RT_MANIFEST0x9a3c80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 2, 2024 10:25:56.204353094 CEST4970780192.168.2.5193.122.6.168
            Jul 2, 2024 10:25:56.209218979 CEST8049707193.122.6.168192.168.2.5
            Jul 2, 2024 10:25:56.209333897 CEST4970780192.168.2.5193.122.6.168
            Jul 2, 2024 10:25:56.213928938 CEST4970780192.168.2.5193.122.6.168
            Jul 2, 2024 10:25:56.218776941 CEST8049707193.122.6.168192.168.2.5
            Jul 2, 2024 10:25:57.616282940 CEST8049707193.122.6.168192.168.2.5
            Jul 2, 2024 10:25:57.622555971 CEST4970780192.168.2.5193.122.6.168
            Jul 2, 2024 10:25:57.627439022 CEST8049707193.122.6.168192.168.2.5
            Jul 2, 2024 10:25:57.813772917 CEST8049707193.122.6.168192.168.2.5
            Jul 2, 2024 10:25:57.855237961 CEST49708443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:57.855269909 CEST44349708188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:57.855345011 CEST49708443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:57.868577957 CEST49708443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:57.868591070 CEST44349708188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:57.868998051 CEST4970780192.168.2.5193.122.6.168
            Jul 2, 2024 10:25:58.342993975 CEST44349708188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:58.343240976 CEST49708443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:58.350456953 CEST49708443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:58.350466013 CEST44349708188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:58.350794077 CEST44349708188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:58.400219917 CEST49708443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:58.416368961 CEST49708443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:58.456505060 CEST44349708188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:58.525629997 CEST44349708188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:58.525708914 CEST44349708188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:58.525775909 CEST49708443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:58.539203882 CEST49708443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:58.543833017 CEST4970780192.168.2.5193.122.6.168
            Jul 2, 2024 10:25:58.548656940 CEST8049707193.122.6.168192.168.2.5
            Jul 2, 2024 10:25:59.735069990 CEST8049707193.122.6.168192.168.2.5
            Jul 2, 2024 10:25:59.765269995 CEST49711443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:59.765311003 CEST44349711188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:59.765825033 CEST49711443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:59.767106056 CEST49711443192.168.2.5188.114.96.3
            Jul 2, 2024 10:25:59.767117023 CEST44349711188.114.96.3192.168.2.5
            Jul 2, 2024 10:25:59.790858030 CEST4970780192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:00.239238024 CEST44349711188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:00.245975018 CEST49711443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:00.246005058 CEST44349711188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:00.367114067 CEST44349711188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:00.367230892 CEST44349711188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:00.367327929 CEST49711443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:00.368077040 CEST49711443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:00.377809048 CEST4970780192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:00.379291058 CEST4971280192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:00.383095026 CEST8049707193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:00.384161949 CEST8049712193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:00.384248972 CEST4970780192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:00.384294033 CEST4971280192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:00.385585070 CEST4971280192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:00.390320063 CEST8049712193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:01.025527000 CEST8049712193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:01.027379990 CEST49713443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:01.027419090 CEST44349713188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:01.027488947 CEST49713443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:01.027816057 CEST49713443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:01.027832031 CEST44349713188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:01.072088003 CEST4971280192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:01.499349117 CEST44349713188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:01.500693083 CEST49713443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:01.500729084 CEST44349713188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:01.645638943 CEST44349713188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:01.645735025 CEST44349713188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:01.645800114 CEST49713443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:01.646356106 CEST49713443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:01.662065029 CEST4971480192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:01.667078972 CEST8049714193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:01.667198896 CEST4971480192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:01.667313099 CEST4971480192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:01.672270060 CEST8049714193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:02.314662933 CEST8049714193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:02.316498995 CEST49715443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:02.316549063 CEST44349715188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:02.316628933 CEST49715443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:02.316927910 CEST49715443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:02.316942930 CEST44349715188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:02.368963003 CEST4971480192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:02.808206081 CEST44349715188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:02.809673071 CEST49715443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:02.809711933 CEST44349715188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:02.947901011 CEST44349715188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:02.947978973 CEST44349715188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:02.948029041 CEST49715443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:02.968972921 CEST49715443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:02.975836039 CEST4971480192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:02.976821899 CEST4971680192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:02.981976986 CEST8049714193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:02.982042074 CEST4971480192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:02.982700109 CEST8049716193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:02.982753992 CEST4971680192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:02.982892036 CEST4971680192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:02.988739967 CEST8049716193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:05.285706043 CEST8049716193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:05.287048101 CEST49717443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:05.287094116 CEST44349717188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:05.287270069 CEST49717443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:05.287528038 CEST49717443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:05.287539005 CEST44349717188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:05.337733984 CEST4971680192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:05.776819944 CEST44349717188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:05.795331955 CEST49717443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:05.795372009 CEST44349717188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:05.914200068 CEST44349717188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:05.914299011 CEST44349717188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:05.914370060 CEST49717443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:05.925457001 CEST49717443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:05.938020945 CEST4971680192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:05.938992977 CEST4971880192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:05.943311930 CEST8049716193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:05.943397999 CEST4971680192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:05.943789959 CEST8049718193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:05.943856955 CEST4971880192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:05.944073915 CEST4971880192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:05.954395056 CEST8049718193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:06.624840021 CEST8049718193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:06.627074957 CEST49719443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:06.627120972 CEST44349719188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:06.627197981 CEST49719443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:06.627675056 CEST49719443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:06.627686977 CEST44349719188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:06.665878057 CEST4971880192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:07.112947941 CEST44349719188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:07.114720106 CEST49719443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:07.114747047 CEST44349719188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:07.260298967 CEST44349719188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:07.260401964 CEST44349719188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:07.260457039 CEST49719443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:07.261096954 CEST49719443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:07.265502930 CEST4971880192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:07.266633987 CEST4972080192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:07.271035910 CEST8049718193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:07.271119118 CEST4971880192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:07.271461964 CEST8049720193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:07.271523952 CEST4972080192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:07.271765947 CEST4972080192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:07.276602983 CEST8049720193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:07.917072058 CEST8049720193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:07.918802023 CEST49721443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:07.918840885 CEST44349721188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:07.918920040 CEST49721443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:07.919223070 CEST49721443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:07.919245005 CEST44349721188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:07.962733984 CEST4972080192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:08.389332056 CEST44349721188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:08.436367035 CEST49721443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:08.439738989 CEST49721443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:08.439755917 CEST44349721188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:08.547060013 CEST44349721188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:08.547174931 CEST44349721188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:08.547247887 CEST49721443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:08.563700914 CEST49721443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:08.568681002 CEST4972080192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:08.569276094 CEST4972280192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:08.574187994 CEST8049720193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:08.574287891 CEST4972080192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:08.574816942 CEST8049722193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:08.574887037 CEST4972280192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:08.575000048 CEST4972280192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:08.579821110 CEST8049722193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:10.220266104 CEST8049722193.122.6.168192.168.2.5
            Jul 2, 2024 10:26:10.222035885 CEST49723443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:10.222095966 CEST44349723188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:10.222196102 CEST49723443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:10.222453117 CEST49723443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:10.222470999 CEST44349723188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:10.275201082 CEST4972280192.168.2.5193.122.6.168
            Jul 2, 2024 10:26:10.718943119 CEST44349723188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:10.720395088 CEST49723443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:10.720422983 CEST44349723188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:10.869505882 CEST44349723188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:10.869612932 CEST44349723188.114.96.3192.168.2.5
            Jul 2, 2024 10:26:10.869735003 CEST49723443192.168.2.5188.114.96.3
            Jul 2, 2024 10:26:10.871262074 CEST49723443192.168.2.5188.114.96.3
            Jul 2, 2024 10:27:06.025820017 CEST8049712193.122.6.168192.168.2.5
            Jul 2, 2024 10:27:06.025937080 CEST4971280192.168.2.5193.122.6.168
            Jul 2, 2024 10:27:15.221072912 CEST8049722193.122.6.168192.168.2.5
            Jul 2, 2024 10:27:15.221143961 CEST4972280192.168.2.5193.122.6.168
            Jul 2, 2024 10:27:50.228574991 CEST4972280192.168.2.5193.122.6.168
            Jul 2, 2024 10:27:50.233547926 CEST8049722193.122.6.168192.168.2.5

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 2, 2024 10:25:56.188071966 CEST6333453192.168.2.51.1.1.1
            Jul 2, 2024 10:25:56.195108891 CEST53633341.1.1.1192.168.2.5
            Jul 2, 2024 10:25:57.845721006 CEST6227053192.168.2.51.1.1.1
            Jul 2, 2024 10:25:57.854597092 CEST53622701.1.1.1192.168.2.5
            Jul 2, 2024 10:26:16.470052004 CEST53554681.1.1.1192.168.2.5

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jul 2, 2024 10:25:56.188071966 CEST192.168.2.51.1.1.10x880fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 2, 2024 10:25:57.845721006 CEST192.168.2.51.1.1.10x776Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jul 2, 2024 10:25:56.195108891 CEST1.1.1.1192.168.2.50x880fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 2, 2024 10:25:56.195108891 CEST1.1.1.1192.168.2.50x880fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 2, 2024 10:25:56.195108891 CEST1.1.1.1192.168.2.50x880fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 2, 2024 10:25:56.195108891 CEST1.1.1.1192.168.2.50x880fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 2, 2024 10:25:56.195108891 CEST1.1.1.1192.168.2.50x880fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 2, 2024 10:25:56.195108891 CEST1.1.1.1192.168.2.50x880fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 2, 2024 10:25:57.854597092 CEST1.1.1.1192.168.2.50x776No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 2, 2024 10:25:57.854597092 CEST1.1.1.1192.168.2.50x776No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • reallyfreegeoip.org
            • checkip.dyndns.org

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.549707193.122.6.168806164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            Jul 2, 2024 10:25:56.213928938 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 2, 2024 10:25:57.616282940 CEST320INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:25:57 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: a2060b70840a9c13c4d7eff665a67d71
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 2, 2024 10:25:57.622555971 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jul 2, 2024 10:25:57.813772917 CEST320INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:25:57 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: edb65433370288650eaba63f7fcc404b
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 2, 2024 10:25:58.543833017 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jul 2, 2024 10:25:59.735069990 CEST320INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:25:59 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: eb4721e47ecc35e03140d63954a6300c
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.549712193.122.6.168806164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            Jul 2, 2024 10:26:00.385585070 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jul 2, 2024 10:26:01.025527000 CEST320INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:00 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: b984db3c52a300c73df809165427783c
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.549714193.122.6.168806164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            Jul 2, 2024 10:26:01.667313099 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 2, 2024 10:26:02.314662933 CEST320INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:02 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 127e98455db74b1c3cc53505dff1a6bb
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.549716193.122.6.168806164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            Jul 2, 2024 10:26:02.982892036 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 2, 2024 10:26:05.285706043 CEST320INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:05 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 1e79c4c85f8fbed541c5c279e9a1ff01
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.549718193.122.6.168806164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            Jul 2, 2024 10:26:05.944073915 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 2, 2024 10:26:06.624840021 CEST320INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:06 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: cb642c548740575a30e70123c786cbd0
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.549720193.122.6.168806164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            Jul 2, 2024 10:26:07.271765947 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 2, 2024 10:26:07.917072058 CEST320INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:07 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: e8a7341be2c80f75dbe1d827761467bb
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.549722193.122.6.168806164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            Jul 2, 2024 10:26:08.575000048 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 2, 2024 10:26:10.220266104 CEST320INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:10 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: af8811f7272338cb69a6779de92ce9d9
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.549708188.114.96.34436164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            2024-07-02 08:25:58 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-02 08:25:58 UTC720INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:25:58 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 25087
            Last-Modified: Tue, 02 Jul 2024 01:27:51 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDmUMuSEk8QPKT3%2BmTlPppRh8vm5tmlKRaL%2FP7D%2BL4fsedrV0dwg%2BYUbcGahNBboKHijH9xW3nSRBOiqfmTgWMSEY9c2%2FIETihezTwYZ9LzLsgk9v%2B4YfeU%2FZ4RTUZAtdaA%2F6i%2FQ"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89cd3f8c6826c411-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-02 08:25:58 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-02 08:25:58 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.549711188.114.96.34436164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            2024-07-02 08:26:00 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-02 08:26:00 UTC704INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:00 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 25089
            Last-Modified: Tue, 02 Jul 2024 01:27:51 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Am7GfTcbKRk8MdWd57JL9uqjDrnbhKEzDCq6mH%2FF4t71ZANeRHuDclgz8fapoNAmsWpT30diP38rqto9Z0ICWEFzVoMIvUsXfB1U1FP5IKpCsvt5qs2x7%2BL6eVARhUmWPFLcaBeB"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89cd3f97eb754319-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-02 08:26:00 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-02 08:26:00 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.549713188.114.96.34436164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            2024-07-02 08:26:01 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-02 08:26:01 UTC710INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:01 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 25090
            Last-Modified: Tue, 02 Jul 2024 01:27:51 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rWMydgZCX7xXaZg2f17X%2FU2UwW%2FclY1LlsIG5HEQzNSMa7yKE9TiXEwO129Cs2FkQngMR63BoEBebaCjc%2FLnDrzFGQeUFLNCErwSmG6%2Fwf7p6b6hsFGerOlCWZMAhpOdWR%2FRoBjy"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89cd3f9fec510f43-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-02 08:26:01 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-02 08:26:01 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.549715188.114.96.34436164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            2024-07-02 08:26:02 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-02 08:26:02 UTC708INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:02 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 25091
            Last-Modified: Tue, 02 Jul 2024 01:27:51 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GJ3GL2xmIvk%2FKyfvAoxHWQcDsfOs7w7hCRGvZDJdm9W02A7FE%2FjsrPqQpoMsiLq06PlMSRfWZKyii1iFxPtavkuFECH9PxJXnL%2BJA2eJtE3jt8u2VEONP8X0GvmmNuc1R%2FH6yMNH"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89cd3fa80deb434c-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-02 08:26:02 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-02 08:26:02 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.549717188.114.96.34436164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            2024-07-02 08:26:05 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-02 08:26:05 UTC708INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:05 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 25094
            Last-Modified: Tue, 02 Jul 2024 01:27:51 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FAuY8z2xQXjEP%2FXmOIW%2FSOKvItFRv1%2B7DARTscgIVlH2vq0CSvbIBZcqe8sDyxwOJsmeOkfNzDqDQJJ9OWcCrBz4PCY40%2BsMtVulhEtlShkuHSkBMa6D4i14kZdMVhoQPWwfJXtQ"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89cd3fba9816558f-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-02 08:26:05 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-02 08:26:05 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.549719188.114.96.34436164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            2024-07-02 08:26:07 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-02 08:26:07 UTC706INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:07 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 25096
            Last-Modified: Tue, 02 Jul 2024 01:27:51 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GJ721Rde2%2Fe4z9eneaz0WrT16xmxa%2FZDA0hKyC3stj5EJmzYo9xenpXLRKThX8IjrPlE9M5Q45c7thKT9OfULE%2FbqZUbq1GmPznJhZx2vCoN57Uh8KFYlPYuK6P8wJ3XuJqDNIWu"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89cd3fc2fa21437e-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-02 08:26:07 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-02 08:26:07 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.549721188.114.96.34436164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            2024-07-02 08:26:08 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-02 08:26:08 UTC706INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:08 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 25097
            Last-Modified: Tue, 02 Jul 2024 01:27:51 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QgscBU1Pyr6foZ3vZjZXIWOO%2B5dvNfg7%2B7ESTmJ00BNOJmuMpFgcyqCJIylHOLV0LAth2fUUnAOysyKMHeLW4octIrYtYswc3HLm6OorydGraa%2Bn6yo5DB8YoQ8SqH0vapUSkMX2"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89cd3fcb1af88cbd-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-02 08:26:08 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-02 08:26:08 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.549723188.114.96.34436164C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            TimestampBytes transferredDirectionData
            2024-07-02 08:26:10 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-02 08:26:10 UTC702INHTTP/1.1 200 OK
            Date: Tue, 02 Jul 2024 08:26:10 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 25099
            Last-Modified: Tue, 02 Jul 2024 01:27:51 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w2XMNONLrfiJu3e1gQHgfmW8F7V34XocwOlwJTxSqUF1w4uESai4eJmMKwm2PsYTjfWHimY0W0vn6xhBDFm6T3r9PRX%2BFmRqrIuMVMRLMdkyCQ95L4RqDGZkcHYo2ULrEfksOE6d"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89cd3fd988c10ca8-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-02 08:26:10 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-02 08:26:10 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:04:25:51
            Start date:02/07/2024
            Path:C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe"
            Imagebase:0x320000
            File size:624'640 bytes
            MD5 hash:FE67D87F3EFEFADB38A76ACA77820504
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2034806022.0000000013431000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2034806022.0000000013625000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
            Reputation:low
            Has exited:true

            General

            Target ID:3
            Start time:04:25:54
            Start date:02/07/2024
            Path:C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exe"
            Imagebase:0x5b0000
            File size:624'640 bytes
            MD5 hash:FE67D87F3EFEFADB38A76ACA77820504
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.4460823497.0000000140002000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4458271781.0000000003732000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4458271781.00000000034E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Executed Functions

              Function 00007FF848F2CC87 Relevance: .3, Instructions: 344COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6d2e5be91b932661770803d0756bf16f26f7028a7cda0d5607eab0a12e136ac
              • Instruction ID: 0ba307892954e78c4a03b5e2c03bd1591ae34305fd90893eaa1ff6d0c9bc440e
              • Opcode Fuzzy Hash: e6d2e5be91b932661770803d0756bf16f26f7028a7cda0d5607eab0a12e136ac
              • Instruction Fuzzy Hash: 0CE1FC34A0861E8FDBA8EB54D490BA9B7B2FF58304F5081BDC01EA7785DB35A985CF44
              Function 00007FF848F24EB4 Relevance: 3.3, Strings: 2, Instructions: 842COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: H$~
              • API String ID: 0-3349002487
              • Opcode ID: 17eb9aa432b683e6ee075c6f6c418eeefdd078a3de7279795d26d1991a4f512d
              • Instruction ID: ffba6dc323624bb80fe6fb0ac5b596146b577f3a627353dba1db47907409f095
              • Opcode Fuzzy Hash: 17eb9aa432b683e6ee075c6f6c418eeefdd078a3de7279795d26d1991a4f512d
              • Instruction Fuzzy Hash: EB623D3491991E8FEBA4EB08D894BA8B3B1FFA8301F5041F9D40DD7695CB79AD81CB44
              Function 00007FF848F2EB29 Relevance: 3.0, Strings: 2, Instructions: 491COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: 2!H$2!H
              • API String ID: 0-2218114239
              • Opcode ID: 178cf71c4794af2309fc0417c9da1cabc46d5b474f7f8a273caf9a139023fa51
              • Instruction ID: ff402d731f2014fb90c9866bddd6c208ece2d09d874a37e3b58f5e7f70e6da8d
              • Opcode Fuzzy Hash: 178cf71c4794af2309fc0417c9da1cabc46d5b474f7f8a273caf9a139023fa51
              • Instruction Fuzzy Hash: EEF1E431C0D6C64FE72AE72898116657FB0EF56340F2945BFC489CB1D3EA2E580AC796
              Function 00007FF848F26F52 Relevance: 2.0, Strings: 1, Instructions: 785COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: {z}
              • API String ID: 0-1552007774
              • Opcode ID: 1185f205e455f6006d8c9642e923922c134b5c329640ba14fc75d4bc09fb9aae
              • Instruction ID: 3945af5b352ccd3d37ab088aa96edee944c90b54f0c4085be0e987757735c1e7
              • Opcode Fuzzy Hash: 1185f205e455f6006d8c9642e923922c134b5c329640ba14fc75d4bc09fb9aae
              • Instruction Fuzzy Hash: FA522C70619A8E8FEBB9EF18D898BE937E1FF59350F500169C80DCB291DB356A41CB41
              Function 00007FF848F25B5A Relevance: 1.9, Strings: 1, Instructions: 642COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: [
              • API String ID: 0-784033777
              • Opcode ID: 8a2335e2766a89bc62c673007e73bd115946e8b4e8740cab3ad887fb684be7fa
              • Instruction ID: 3c87ad62178c3d173cc53a67cf97fa4663c439be2e1a7783555b3b21a27e7bb2
              • Opcode Fuzzy Hash: 8a2335e2766a89bc62c673007e73bd115946e8b4e8740cab3ad887fb684be7fa
              • Instruction Fuzzy Hash: 1442D83091992D8FDBA4EB58D894BA8B3B1FF68341F5041F9D00EE7295DB35A981CF00
              Function 00007FF848F224AD Relevance: 1.7, Strings: 1, Instructions: 406COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: !N_I
              • API String ID: 0-1911361314
              • Opcode ID: 8e29eda734aa88491498b1fc021b94eadd75594e3bedc6cad5fa4ce15519a4ff
              • Instruction ID: 760fceac175c6674a2b831309e2a3d6af9c5e1deb8e27b324499fbfbc5f67002
              • Opcode Fuzzy Hash: 8e29eda734aa88491498b1fc021b94eadd75594e3bedc6cad5fa4ce15519a4ff
              • Instruction Fuzzy Hash: 52C10932D0EA828FE355B7BCA8661F6BBD0FF91755F0444BAD0488B1D3DE2E68068355
              Function 00007FF848F23692 Relevance: 1.3, Strings: 1, Instructions: 73COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: o+
              • API String ID: 0-251698391
              • Opcode ID: 00d17aeb47ae844b774988452ba11af66b921aa06e289f8a8121577536d6e47d
              • Instruction ID: fcb180101ee348e34cf8fc6e1f28d61d8539ab7d0a871b4ce935f09fee4e247a
              • Opcode Fuzzy Hash: 00d17aeb47ae844b774988452ba11af66b921aa06e289f8a8121577536d6e47d
              • Instruction Fuzzy Hash: 0D21E0B0D0C91D9FDB94EF18D498AA8BBB5FF29340F1001B9D04ED3291DB39A980CB05
              Function 00007FF848F25AD3 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: 6
              • API String ID: 0-3045116330
              • Opcode ID: 60fd5b9dbc9938866d7f5208de95f7e2506fd73d039a267eae58fff5736239ea
              • Instruction ID: 94140bf92abae10e5d1b19f9e38fa29d621af477e5dafabf64a55d15d3b833e1
              • Opcode Fuzzy Hash: 60fd5b9dbc9938866d7f5208de95f7e2506fd73d039a267eae58fff5736239ea
              • Instruction Fuzzy Hash: DDE0923091C99D8FDBA5EB088C64BE9B7B1EF9D341F1004E9C00DE7291CA366E909F04
              Function 00007FF848F26337 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: 6
              • API String ID: 0-3045116330
              • Opcode ID: f21b953adeca24242d0551a27e4d934186c923cf4c784ca10588257ca3282323
              • Instruction ID: 0328a53d456ea575dc2d486d039d9c5203dc8fd8c580faae50786eb16191d3b0
              • Opcode Fuzzy Hash: f21b953adeca24242d0551a27e4d934186c923cf4c784ca10588257ca3282323
              • Instruction Fuzzy Hash: 16D0C93041E00B8EC610BB54D8056D9B331FF4A770F2013E6893E2B1E6973B7516DB80
              Function 00007FF848F237AC Relevance: .6, Instructions: 554COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 011c6b599119bce6ec1f2d970b5e558d1e221f3644fbf3c69138a25fe96dc807
              • Instruction ID: fdab51d12631b14b618551b50e17974535c9e5a7b22bbbd19d3ea3629a8a08f7
              • Opcode Fuzzy Hash: 011c6b599119bce6ec1f2d970b5e558d1e221f3644fbf3c69138a25fe96dc807
              • Instruction Fuzzy Hash: BC22C67091895D8FDFA8EB18C899BA9B7F1FB68301F1401E9D00DE7291CA35AE81CF45
              Function 00007FF848F2B411 Relevance: .5, Instructions: 540COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 26e4c4a69675615bd0ed61e97f4b96edfc7f7e9c74f7d5e65ed6244753ca947b
              • Instruction ID: 7fdeb403126a9eacdfffff9cabe2e203ca73493072c1d6305f324f8264c0951a
              • Opcode Fuzzy Hash: 26e4c4a69675615bd0ed61e97f4b96edfc7f7e9c74f7d5e65ed6244753ca947b
              • Instruction Fuzzy Hash: 96123C3462494E8FEB69EF08C495BE473A1FB6D304F6404BCD94ECB795CA75A982CB10
              Function 00007FF848F2A419 Relevance: .4, Instructions: 418COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6ffae29ceceeddb7c920a44ffeadeea77fa0ffa5025668f23197eed4740d3b9
              • Instruction ID: 12d535d41779cfa2510361d4587fce6fa3234babef6cab62600ab43b962e1c5e
              • Opcode Fuzzy Hash: a6ffae29ceceeddb7c920a44ffeadeea77fa0ffa5025668f23197eed4740d3b9
              • Instruction Fuzzy Hash: 8B02FB74A1961D8FDB59DB14D894BEAB7B2FF98300F2041E9C40E97396CB35A982CF44
              Function 00007FF848F21586 Relevance: .3, Instructions: 341COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f7f588bb5ecf73813ee8048997bd00f99260233a05d14d38b772a9ad02877835
              • Instruction ID: b37933848ba190199085ed6ee6e3b66a34b4a107729cc97e428a50b3bbd6f7ce
              • Opcode Fuzzy Hash: f7f588bb5ecf73813ee8048997bd00f99260233a05d14d38b772a9ad02877835
              • Instruction Fuzzy Hash: AFC1E33090DB848FE396FB38D4556A67BE1EF96340F5440BAD44AC72E3DE39A842CB45
              Function 00007FF848F23A1F Relevance: .3, Instructions: 339COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93f312f1cb4649731387dcedee0a6a6eb4bed22055e16eb2d18e71f2441bc9dc
              • Instruction ID: 83b6bd6dceec3ef89d18f4b6522e0824e4494432d314fb834aa0b472df81cd4d
              • Opcode Fuzzy Hash: 93f312f1cb4649731387dcedee0a6a6eb4bed22055e16eb2d18e71f2441bc9dc
              • Instruction Fuzzy Hash: 1BD1967091995D9FDFA8EB18C899BA9B7F1FB68301F1401E9D00DE7291CE35AA81CF41
              Function 00007FF848F2136A Relevance: .3, Instructions: 286COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f60ef56093db9b87bcf60ebaf2d5383be3f95c4c353214685f989c933963a948
              • Instruction ID: 9f74980e9a52f368bbc8f69c706e0fe36e676f80162ea23006f2c05648469528
              • Opcode Fuzzy Hash: f60ef56093db9b87bcf60ebaf2d5383be3f95c4c353214685f989c933963a948
              • Instruction Fuzzy Hash: 1F914A31A1DA868FE35AFB7894555B67BE1EF9A300F0441BAC44EC72D3DE2DB8428705
              Function 00007FF848F23E52 Relevance: .3, Instructions: 277COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59815229c17ee2572ade06726e507a6583eb0b294cdb9dc7cd3fa39c95bd86cb
              • Instruction ID: 2430883cb7cfedd34acce304a60e197d92f6e02c8c87d64d6fd503febf8e4c90
              • Opcode Fuzzy Hash: 59815229c17ee2572ade06726e507a6583eb0b294cdb9dc7cd3fa39c95bd86cb
              • Instruction Fuzzy Hash: E2A1B67091995D9FDBA9EB18D899BA9B7F1FB68340F1001E9D00DE3291CF35AA84CF41
              Function 00007FF848F250A9 Relevance: .2, Instructions: 223COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce12e6a0fbf9c7a03e7a91d90a3bfb3c80ade516b5762159f04b193049ef60ee
              • Instruction ID: 736082cc1e05c752ef8a512791204d12769a52b584f4b1b8421c5c842adcb09d
              • Opcode Fuzzy Hash: ce12e6a0fbf9c7a03e7a91d90a3bfb3c80ade516b5762159f04b193049ef60ee
              • Instruction Fuzzy Hash: 16717C30D0DA5E8FEB95EB58A850AF97BB1FF99350F1441BAD00DD71C2DB39A8418B44
              Function 00007FF848F2F190 Relevance: .2, Instructions: 213COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 871612ae9c20e16f06336e95dccde4b182cdda487f333a20122c5638aae8839d
              • Instruction ID: dc7f836df5d9b893db3c82fced448f63bf703d19dc97cb3fda53730ed2171741
              • Opcode Fuzzy Hash: 871612ae9c20e16f06336e95dccde4b182cdda487f333a20122c5638aae8839d
              • Instruction Fuzzy Hash: E061E43191D6C14FE326A734AC55A603FA1EF93350F1982FBC489CB1D7D62DA80AC366
              Function 00007FF848F250DD Relevance: .2, Instructions: 207COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b1d296bbf3ff31dc56527f0b75c008f9138e30002c53ffb613549e462a83f4b9
              • Instruction ID: c8d2b1d78da9693a83a103d730719549cb6f7113262f7fba02c22af458021d2e
              • Opcode Fuzzy Hash: b1d296bbf3ff31dc56527f0b75c008f9138e30002c53ffb613549e462a83f4b9
              • Instruction Fuzzy Hash: EE619F30D0D69A8FEBD5EB68A854AE97BF1FF59310F1440BAD00DD71D2CB296842C714
              Function 00007FF848F220D5 Relevance: .2, Instructions: 162COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e056e0df4c4dd5dd9ee1c444bed07e7d6a3a1cfa79ab41a2dd4156c21b349413
              • Instruction ID: 1a9763b991eb7761b260546b39789d8ac7f1af9ebb3d80a197636edcf0631493
              • Opcode Fuzzy Hash: e056e0df4c4dd5dd9ee1c444bed07e7d6a3a1cfa79ab41a2dd4156c21b349413
              • Instruction Fuzzy Hash: 2641077290D6C58FE34DEB38A8264A2BFD4EF56711B0980BED48DCB1A3DF246406C719
              Function 00007FF848F2D97C Relevance: .2, Instructions: 162COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f9ebf35c6d4e703d5c97546a95e9be304e8f598fe98badc9ad33370dd7b0f54
              • Instruction ID: 1be62df819785e3ffc5b677f86a9aeb9b5a43115af32c096b590f14c535d8d8b
              • Opcode Fuzzy Hash: 7f9ebf35c6d4e703d5c97546a95e9be304e8f598fe98badc9ad33370dd7b0f54
              • Instruction Fuzzy Hash: 88511634A14A1D8FDB58EF48C881BA8B3F1FF59314F1485E9C44AE7295CA34B982CF95
              Function 00007FF848F27EE1 Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 949f914ec4fb36b097b11fb6d29833b85faa24f20520116ce3d248ab3e6bef24
              • Instruction ID: d4edec7719386ef5f6f29b0ea8d17fea4f293ab6be95f7a80aa8a3c14b80286f
              • Opcode Fuzzy Hash: 949f914ec4fb36b097b11fb6d29833b85faa24f20520116ce3d248ab3e6bef24
              • Instruction Fuzzy Hash: F751847091DA2D8FDFA8EF58D890BADB7B1FB58341F5041A9C00EE7290DB35A980DB45
              Function 00007FF848F2295B Relevance: .1, Instructions: 144COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 554613a293a14980657cec53d5b8b5e5e776a89956bfeedb46e56b2467c6d9d6
              • Instruction ID: 1edc0f12be15609e023bf07eb92445c1c7bac8180e94803d9baa2f4b9a60ca8b
              • Opcode Fuzzy Hash: 554613a293a14980657cec53d5b8b5e5e776a89956bfeedb46e56b2467c6d9d6
              • Instruction Fuzzy Hash: A9515F31619A088FD799FB28D445AA673E2FF99340F5044B8D44EC76E2CB3AE841CB45
              Function 00007FF848F21275 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1716aad4662f1d7b449046ca8b78760f5fe53bd7832af9f49c76ebaf5108c73
              • Instruction ID: 0d8e3c5a5e4ca1c2fee8f0495597bb126ee6bcc51104f3fef28dc505435817ae
              • Opcode Fuzzy Hash: c1716aad4662f1d7b449046ca8b78760f5fe53bd7832af9f49c76ebaf5108c73
              • Instruction Fuzzy Hash: B1310872C0D6C65FF356A778282A0B52FA5EF637A0F0900FAD484CB0D3E9097C468329
              Function 00007FF848F26CE4 Relevance: .1, Instructions: 122COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 350f72952702b65f550bd0aea4aedd75c409a33405f8e55dfd97496d18a82f2b
              • Instruction ID: c2b3eba2ff69d4cbdb3475dd4414c10136cd8a51bce3e00e4c6102c7b11df659
              • Opcode Fuzzy Hash: 350f72952702b65f550bd0aea4aedd75c409a33405f8e55dfd97496d18a82f2b
              • Instruction Fuzzy Hash: F941E371E0D11E8FDB58EFA8E4906EDBBB1EB58355F10013AD40AE3281DB39A840CB58
              Function 00007FF848F296D0 Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af0b9be7325c071c8f8b3f6608345a7be7f43d33382c8577d95e9a40ab2c8486
              • Instruction ID: b8bc0fd495dbb7de81f8f0d72adf477ed4cbf6341687d5434bf1c8ce5ae2c711
              • Opcode Fuzzy Hash: af0b9be7325c071c8f8b3f6608345a7be7f43d33382c8577d95e9a40ab2c8486
              • Instruction Fuzzy Hash: 7C51E17460868D8FEBA9EF19D890BE833A1FF58300F10416DD94D8B391CB76AA42CF01
              Function 00007FF848F2E5D5 Relevance: .1, Instructions: 110COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6fea3ac3471e8d722c0c21343e30d98b2fd4496f646bdbfec366b4a89c9337ae
              • Instruction ID: 3684c1cb1ab8ee95d01d35059ae66d3a766698d35b1f5e0e62567d220250f21d
              • Opcode Fuzzy Hash: 6fea3ac3471e8d722c0c21343e30d98b2fd4496f646bdbfec366b4a89c9337ae
              • Instruction Fuzzy Hash: 6731C670D1DA5D9FDF94EB98E454AEDBBB1FB68340F14016AD00DE7292EB39A840CB50
              Function 00007FF848F29572 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 40cd05e3745f89236dd67f110e76ae287d4e8c25efc4de717219fe15d5bb73c3
              • Instruction ID: 494b2d52155e5b8a38929a07033fb8ba6d06208c8751ad064871339f885a6329
              • Opcode Fuzzy Hash: 40cd05e3745f89236dd67f110e76ae287d4e8c25efc4de717219fe15d5bb73c3
              • Instruction Fuzzy Hash: 7B411970A0D6498FDB69DF14E490BE837A1FF58385F50407DD90E8B6D1CB7AA684CB44
              Function 00007FF848F207BA Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94be591c7634e24fd1dea66ba4b0dc3a64f17aa41c4789d10ac5e00fbbe20c54
              • Instruction ID: 590fc018f4a8c672df442b68e2349f46fa602cfdec27355cec3ae37c213d135a
              • Opcode Fuzzy Hash: 94be591c7634e24fd1dea66ba4b0dc3a64f17aa41c4789d10ac5e00fbbe20c54
              • Instruction Fuzzy Hash: 3421D973D0D6C29FE255773878671E63FD0EF91651F0900BBD8558B0D3EB0924068655
              Function 00007FF848F23078 Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c82161eb3b8bd30fa37dc28bbaa04a99b299c118d14f46cd193a5b085add8906
              • Instruction ID: c9ecb2ded1e52a73b685dc2694d94671ece661985acecee12e6de88882dd6016
              • Opcode Fuzzy Hash: c82161eb3b8bd30fa37dc28bbaa04a99b299c118d14f46cd193a5b085add8906
              • Instruction Fuzzy Hash: 5C319770D2C95E9FDF94EB98E454AEDBBB1FB68341F240129D00EE7281EB35A840DB54
              Function 00007FF848F28916 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8e81252eb417f66604a224ae5ea91772f9ae07fc181d73abfb4dd5b22c31d6c3
              • Instruction ID: 30c4fdbe3fd569a5ecb86a0d95d930352eee4cf550f15c967980eb8adc73945f
              • Opcode Fuzzy Hash: 8e81252eb417f66604a224ae5ea91772f9ae07fc181d73abfb4dd5b22c31d6c3
              • Instruction Fuzzy Hash: 44311234A1492ACFDB90EB98D480BECB7F0FF59361F4454A6D108E7291CB34A980CF60
              Function 00007FF848F2785D Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee904501682ccca003e7df52797da954973023aff6674343157d1f8cad3883b6
              • Instruction ID: 70357eec5ab575ec5a2463c9b13f811844ccbc51d61a0058d2d4d0d50b520d96
              • Opcode Fuzzy Hash: ee904501682ccca003e7df52797da954973023aff6674343157d1f8cad3883b6
              • Instruction Fuzzy Hash: 6B31D87091CA898FEBB9EF28DC957E837A1FB59300F504169C80DC7296DF356A46CB44
              Function 00007FF848F29884 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e68afcc47e9d923fc4361310c79410e276069e4a8ce1e1d0cc07f31bf82cc34
              • Instruction ID: a6ae14289c7fd4466cd3326a9b7793d6afabc2f2b5fcf72ec307c5e17d1a4739
              • Opcode Fuzzy Hash: 2e68afcc47e9d923fc4361310c79410e276069e4a8ce1e1d0cc07f31bf82cc34
              • Instruction Fuzzy Hash: B631EA70A1858D8FDFA9EF19D890BE837A1FF58341F50417AE90ECB292CB35A941CB50
              Function 00007FF848F2082D Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9e9f87530acb1343ddaf7023c0ad795da37a61f5de945337e538ea32edd2912b
              • Instruction ID: 2fbce45cbfc69e6c8797e9fa10ace10ffef4bb1ef3401a9e5b284cb5df53bf0c
              • Opcode Fuzzy Hash: 9e9f87530acb1343ddaf7023c0ad795da37a61f5de945337e538ea32edd2912b
              • Instruction Fuzzy Hash: DF11E623D4DAC69FE265772C78661F63BE0EF91651F1900BBC4498B0D3DF0A28468296
              Function 00007FF848F33AF8 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f33457ff8b0a41bf0b512058e71cee0631dd6c0df48ed81e6ad460949716986d
              • Instruction ID: a75de598b9672c72abd486e705ce45f6563e02455be6a2e8335b461d01983cb3
              • Opcode Fuzzy Hash: f33457ff8b0a41bf0b512058e71cee0631dd6c0df48ed81e6ad460949716986d
              • Instruction Fuzzy Hash: AD119D30A2CA4E8FDB45EF18D4455BAB3E0FF19304F008666E41DC7691CF34E9918B84
              Function 00007FF848F235CD Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 62668611c4aedeb21235dba8107ed2bd756d4a4f9dfdfad158c0826f6c40c207
              • Instruction ID: 8ef959e2fe045f3634e6eb05fbe686a2eb2fdf2074e742726bf7472012f90444
              • Opcode Fuzzy Hash: 62668611c4aedeb21235dba8107ed2bd756d4a4f9dfdfad158c0826f6c40c207
              • Instruction Fuzzy Hash: BD11D63080D78D8FD702EF28DC525E67FB0FF5A640F0502AAE448C31A2C66D9555C791
              Function 00007FF848F26C1B Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d895d32fd5fca268959348df3735f02ba3b2936c9fbdf590b40002800ae8cae1
              • Instruction ID: bd4cb9643177abd9eef7519a27af2a8b828107a6068161e63c7a21fb819a2a20
              • Opcode Fuzzy Hash: d895d32fd5fca268959348df3735f02ba3b2936c9fbdf590b40002800ae8cae1
              • Instruction Fuzzy Hash: E521B430A1D92E8FDBA4FB18D894BA9B7B1FB59341F5040B9900DE3291DF39A9C0CB45
              Function 00007FF848F2B9E1 Relevance: .1, Instructions: 59COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4c65e9f32499f61583aadc0b372d433a96bc40fa7a215df7c3be83cfbdffc48
              • Instruction ID: 59d0533037e63ec7ad17e994669818f41fbd9013b35bdd6df2bed2b9be2c8c62
              • Opcode Fuzzy Hash: a4c65e9f32499f61583aadc0b372d433a96bc40fa7a215df7c3be83cfbdffc48
              • Instruction Fuzzy Hash: AD11C232C2D68ECFE755EF2498153A97BA0FF45300F0801BAD808D32D2DA396944CB52
              Function 00007FF848F2882A Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 852c2f9e62fc8cc76d791c79fdb2f0e229c5487802f4c4a36e3fe198598ff774
              • Instruction ID: e0c312bc04498e357072b7bfe30fd44bde3bfca19988554c45d163e505697336
              • Opcode Fuzzy Hash: 852c2f9e62fc8cc76d791c79fdb2f0e229c5487802f4c4a36e3fe198598ff774
              • Instruction Fuzzy Hash: 7811B430D1856ACFDBA4EB58E484AECB7F1FF48341F9414B5D009E7281CB35A980DB14
              Function 00007FF848F20858 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: affcf4b1340b8683071b160b55cec881bf2c70c4bc8e94760d54ff0d0624b691
              • Instruction ID: a1b9cc776f9d9bb322c29eec057eca13dce624881b1caac2471f8273df4f3e27
              • Opcode Fuzzy Hash: affcf4b1340b8683071b160b55cec881bf2c70c4bc8e94760d54ff0d0624b691
              • Instruction Fuzzy Hash: AEF02823D0EADA9EE159733C38A72F52B90DF91551F0401F7D448CF1E3DE0D28824296
              Function 00007FF848F240F1 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee560cad28d60cda13c1f5bb6ac846095714e4b8fe604de9937ed64001d86dd1
              • Instruction ID: 51a8efff8e8fdb870f352ca0a1cd5568e428392337025fb8a9856335db571bbc
              • Opcode Fuzzy Hash: ee560cad28d60cda13c1f5bb6ac846095714e4b8fe604de9937ed64001d86dd1
              • Instruction Fuzzy Hash: 6811043088E3C55FD313A7706C124E53F74AF13250F0900E7E0888A4E3CA5E165AC366
              Function 00007FF848F2ADDE Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 10bcdf1fb9b863f91c99b12056fe5a7174531b0e8dd4647ff1689970377c13f4
              • Instruction ID: fca1f4c284fd95bf3c23d756b39457620dfbc84520562abade74c419104bb016
              • Opcode Fuzzy Hash: 10bcdf1fb9b863f91c99b12056fe5a7174531b0e8dd4647ff1689970377c13f4
              • Instruction Fuzzy Hash: 6701A23180DA8E8FD786EF3898552EA7BA0FF59741F0401BAE409C31D2DB2D5996C785
              Function 00007FF848F20868 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 753d47af483596b422abef8acabb8142719e78e48b5c099f869bfced368f4d5b
              • Instruction ID: d8095170f2c406e103707beca7295da335f837423a3b0d1a47b95c54a7773720
              • Opcode Fuzzy Hash: 753d47af483596b422abef8acabb8142719e78e48b5c099f869bfced368f4d5b
              • Instruction Fuzzy Hash: 01F0E913D0E99A5EE599733C38962F52A90DF51150F0411FBD44DCF0E3DE0D28414286
              Function 00007FF848F29686 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6c0dfb3a9fc872fdc316c59374e36ebcc12e7f3ec7e199bd69d89dbbfbe55f8b
              • Instruction ID: 54c7c58d19ec424aad18aa760371a0cca923bbef969748064b53144494f5b021
              • Opcode Fuzzy Hash: 6c0dfb3a9fc872fdc316c59374e36ebcc12e7f3ec7e199bd69d89dbbfbe55f8b
              • Instruction Fuzzy Hash: 16018131A19A8D8FEF95EF18E440AE833A5FF58380F0041B6E80DC7282DB35E944CB50
              Function 00007FF848F2570A Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7379bff1e17e0a4a7c0b83101421e454a37de09948d6980248296b459f371495
              • Instruction ID: 9a59070249e84426260d0ecd006d40a9573641fa96705a6650bc193d506ac29d
              • Opcode Fuzzy Hash: 7379bff1e17e0a4a7c0b83101421e454a37de09948d6980248296b459f371495
              • Instruction Fuzzy Hash: A501F57090891C8FCFE8EF58C894BACB7B1FB69301F508199800EE7251DB71A985DF00
              Function 00007FF848F2BA10 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0d5833e94811c0234a24bc2b340b777514573cbce8ad9269e704e8638e6013e2
              • Instruction ID: f90ac2d9161c9d8d02546ee489a089f3c3a9d13b2da2edddab0d85787deb84f0
              • Opcode Fuzzy Hash: 0d5833e94811c0234a24bc2b340b777514573cbce8ad9269e704e8638e6013e2
              • Instruction Fuzzy Hash: 40F06D30D2D65EDFEBA8EF1894147AA76A1FB84300F00017DD809D32C1CF396944CB55
              Function 00007FF848F2AE00 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2bed51f8025ecf845e58aaa597955227529a727241c7579d17d8ef7ee3866fe9
              • Instruction ID: 84a8345376c4bc2548e87c5da26d8ab978f09c8f2c9f1c2e3f32d8a8cb11f45e
              • Opcode Fuzzy Hash: 2bed51f8025ecf845e58aaa597955227529a727241c7579d17d8ef7ee3866fe9
              • Instruction Fuzzy Hash: 97F0543080994E9FDB95FF1898052FA7690FF54341F040179E40CC31D5DB386A94C795
              Function 00007FF848F2581B Relevance: .0, Instructions: 28COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa4934e6aa31bbaf0ba1703fa86e9358a00486674b60051978b273037049a882
              • Instruction ID: ae04efbc079c3d93e14ff01e2b32d5be3acf943f34982d1d882cf34217e697f7
              • Opcode Fuzzy Hash: aa4934e6aa31bbaf0ba1703fa86e9358a00486674b60051978b273037049a882
              • Instruction Fuzzy Hash: B2F0F47090896D8FCFE4EF18C894BA9B7B1EB69301F1085D9800EE7251DE71A9C5CF40
              Function 00007FF848F208CD Relevance: .0, Instructions: 26COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a9f12da295a455b6ff0e39a722ef086cda30871357ed07ceacfb469a74768cc
              • Instruction ID: f78351859cfbe6754e5cfbca761cfaacbd481587541ce56869d57ebf30b17e01
              • Opcode Fuzzy Hash: 6a9f12da295a455b6ff0e39a722ef086cda30871357ed07ceacfb469a74768cc
              • Instruction Fuzzy Hash: FCE0D833D0EE954FD3A5B73C286A1A53EA0EB49640B1500DBC448CB1D3D6055D0883C6
              Function 00007FF848F2E895 Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 369c31aa6efd46d3a67949f9c519eac3aaa6dcfcbcf86ff75d76a18088f98eab
              • Instruction ID: 8430923765fb7e567160b30f69af57aadbe2da0f0fbda8329cc65870cd8a511b
              • Opcode Fuzzy Hash: 369c31aa6efd46d3a67949f9c519eac3aaa6dcfcbcf86ff75d76a18088f98eab
              • Instruction Fuzzy Hash: 45E0E53284E2C88FD716AB20AC515A5BFA0AF46240F5942E7E08C8A0E3D6595A188392
              Function 00007FF848F294FE Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: df9ecf44d9265bdf37621bbe94bbe88c95e6fb9360d043d5bea720aa88be0333
              • Instruction ID: 612ba8a5ae2827befb5c29692878a1a5c9cfad7cad2d9d07cf3370417831e54e
              • Opcode Fuzzy Hash: df9ecf44d9265bdf37621bbe94bbe88c95e6fb9360d043d5bea720aa88be0333
              • Instruction Fuzzy Hash: B5F0177090828D8FDB64EF08D890BE83BA1FF58380F20812ED84DCB391DB34A544DB44
              Function 00007FF848F2E1B8 Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a3289c10e1be276f6d1730567b6eb2ebdc4547dcdfb0ec7ceb76663e3a9b9830
              • Instruction ID: edf47ff51fb3a046f1e0dd28fb055aeb0a7850764884e7ca137ec5aac76ca9e8
              • Opcode Fuzzy Hash: a3289c10e1be276f6d1730567b6eb2ebdc4547dcdfb0ec7ceb76663e3a9b9830
              • Instruction Fuzzy Hash: 64E08C31D0984E8EE7B4EF28A8057F83381EB46350F10023A840EC22C3CF3424464711
              Function 00007FF848F2E2C4 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8185869d004e5ba354cb1d9765bfb0335b3499518fc9104ea36d1f81e2cfc51a
              • Instruction ID: a3277063b5b0ede909765c3aa9f5621967a7b885b499fbb77067ea62bff4ceb6
              • Opcode Fuzzy Hash: 8185869d004e5ba354cb1d9765bfb0335b3499518fc9104ea36d1f81e2cfc51a
              • Instruction Fuzzy Hash: 4FE046B090E58DAECBB0DB28885ABF83B91EF52240F0042BEC40D8A697DE38154B8700
              Function 00007FF848F21318 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 966f266c13adf785f3f401623f648054fd2a5d7c5485b61525b3627a33ddffa8
              • Instruction ID: 210d1527bf203a650bdcb22d3808e101716d383b994e3c3db87fbbe52f97c97e
              • Opcode Fuzzy Hash: 966f266c13adf785f3f401623f648054fd2a5d7c5485b61525b3627a33ddffa8
              • Instruction Fuzzy Hash: 6DD0A933D298C61BE984B768A0432FA22A0FB50380F000038C80F831C2CE1CB8854608
              Function 00007FF848F2F178 Relevance: .0, Instructions: 13COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 124f17ba225cd0025273a98f1c69b39149c2d1957821f3f35f4482a6e365f101
              • Instruction ID: ac222b100f51ac3050b46c5af5cb47ae095c98206c86191089a0a66d0dc798a9
              • Opcode Fuzzy Hash: 124f17ba225cd0025273a98f1c69b39149c2d1957821f3f35f4482a6e365f101
              • Instruction Fuzzy Hash: 3CC09B2278D51D0ED694AA5D7C411A4B340D745171B4015B7D909C564AD95B48414781
              Function 00007FF848F23725 Relevance: .0, Instructions: 9COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.2037134178.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff848f20000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 947bbc08eda65120d4494cae859f6571e00bddc196d657d73212172a18321100
              • Instruction ID: 07e798fcc12e59a805d47fbf07bd8f5ac6b1bd2c1753f896262b83621764ba67
              • Opcode Fuzzy Hash: 947bbc08eda65120d4494cae859f6571e00bddc196d657d73212172a18321100
              • Instruction Fuzzy Hash: C4C012B0D0C62A9EEFA4FB18A4007B9B6B0AF04380F1000B9C00DD22D0EF3629808B06

              Executed Functions

              Function 00007FF848F08AFA Relevance: 1.6, Strings: 1, Instructions: 375COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: O_^
              • API String ID: 0-897003143
              • Opcode ID: 8880823998c915d631bded265495c28f31e361e404ab0f086bd5ceb1fdb9eebd
              • Instruction ID: 0507719f993b95c526e85707cf2b2ebaf1cdf5d6f59cdce88c3e4bc96e18297d
              • Opcode Fuzzy Hash: 8880823998c915d631bded265495c28f31e361e404ab0f086bd5ceb1fdb9eebd
              • Instruction Fuzzy Hash: 6FE10430D29A1D8FDB94EB68C895BADB7F1FB59301F5041A9D00DE3292DB38A980CF00
              Function 00007FF848F07393 Relevance: .4, Instructions: 408COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8b8811a72527fffacba7722264c6199409855e62c787797bead5c0d4dc97db4
              • Instruction ID: bb7d27c4a4e58b3153beae5330d996e17663b853d495f79ae5485911166d5518
              • Opcode Fuzzy Hash: a8b8811a72527fffacba7722264c6199409855e62c787797bead5c0d4dc97db4
              • Instruction Fuzzy Hash: ACF1A470D1992D8FDBA8EB28C899BA9B7B1FF59341F5041E9D00DE3291DB35A981CF04
              Function 00007FF848F07962 Relevance: .4, Instructions: 392COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2feacb232e9fad092f0e6996c6dbbffd09caca05800a7134ab207f53fb9634dc
              • Instruction ID: 3ab4fe601f65e73b0c5971b8237b5d55357126e27252babc544ae804edd1fd41
              • Opcode Fuzzy Hash: 2feacb232e9fad092f0e6996c6dbbffd09caca05800a7134ab207f53fb9634dc
              • Instruction Fuzzy Hash: 2EE1D670909A1D8FDBA5EB18C894BE9B7B1FF59305F1041E9D04DE3291DB39AA81CF14
              Function 00007FF848F09EA2 Relevance: .4, Instructions: 392COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e2cc91369efbbaae50f351cee5646aaf22acc9641088b1e6d088efbb943efa2
              • Instruction ID: 6cb199035d74f8a56fe9eb88c06c8071dba0e0513d24da551a1719e43402bd11
              • Opcode Fuzzy Hash: 4e2cc91369efbbaae50f351cee5646aaf22acc9641088b1e6d088efbb943efa2
              • Instruction Fuzzy Hash: 39E1D130D19A298FDB94EB68C895BADB7F1FF59301F5041A9D00DE3292DB38A985CF50
              Function 00007FF848F0A3CD Relevance: .3, Instructions: 282COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: add1dcf821f1e3c353c9fa3eb47f8b7453364732873fdf95da5efc249fa03b3f
              • Instruction ID: 795cdc668d913cf3df6062642bc59cf13317ce332bec02c09d90262f4f4429e0
              • Opcode Fuzzy Hash: add1dcf821f1e3c353c9fa3eb47f8b7453364732873fdf95da5efc249fa03b3f
              • Instruction Fuzzy Hash: 41A15870D19A0A8FEB84EF68C858BEDB7B1FF59340F0042A9D01DE3296DB385985CB55
              Function 00007FF848F0A6CC Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 599b96d6078e5076b5f6fc6c929e96ba5e9f5dc52d5945f129415bcbeee908c7
              • Instruction ID: d128f16132d9050c30b2fd30cd72a8df975634a966cb4e8fceb9e627fd7fc519
              • Opcode Fuzzy Hash: 599b96d6078e5076b5f6fc6c929e96ba5e9f5dc52d5945f129415bcbeee908c7
              • Instruction Fuzzy Hash: 4C012831C1861E8EEB50EFA5C4407FEB2B1EF85340F008139D118A71DADB796589CF84
              Function 00007FF848F008D3 Relevance: 2.8, Strings: 2, Instructions: 324COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: ;P_^$K;P
              • API String ID: 0-3202807064
              • Opcode ID: 56be7360d9c38096ea493f0be26565e66c2985716abd8f0440991a923ac50119
              • Instruction ID: dc28e9b97b10d6642807cda7a9a3083e20238c01e9792fb2dab86434222c0a73
              • Opcode Fuzzy Hash: 56be7360d9c38096ea493f0be26565e66c2985716abd8f0440991a923ac50119
              • Instruction Fuzzy Hash: B6A10875A0892C9FDB94EB6CD884BEDB7B1FF99351F0041BAD04DE7252DA34A881CB50
              Function 00007FF848F008D8 Relevance: 2.8, Strings: 2, Instructions: 318COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: ;P_^$K;P
              • API String ID: 0-3202807064
              • Opcode ID: a60ccdb043f3b30bab3d45fe3dd319876bb9f29503d963b6b9136be2c352d721
              • Instruction ID: 38afc2689550f94bb9ca99c27055997c144a75b0d94e43b7565c7f4a4915e117
              • Opcode Fuzzy Hash: a60ccdb043f3b30bab3d45fe3dd319876bb9f29503d963b6b9136be2c352d721
              • Instruction Fuzzy Hash: 95A11971A0992C9FDB94EB6CD884BEDB7B1FF59351F0041AAD04DE7252DB34A881CB50
              Function 00007FF848F008E8 Relevance: 2.8, Strings: 2, Instructions: 309COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: ;P_^$K;P
              • API String ID: 0-3202807064
              • Opcode ID: 4417ad2b9ed02022919cd6c4e5f391ddd45465355d5bcb852b5c7b9e6c4ff379
              • Instruction ID: 26cadf8163f89224b1a21d895dfd97c345e244f39de41f8dde33034a36fcc170
              • Opcode Fuzzy Hash: 4417ad2b9ed02022919cd6c4e5f391ddd45465355d5bcb852b5c7b9e6c4ff379
              • Instruction Fuzzy Hash: 84A11871A0992C9FDB94EB6CD884BEDB7B1FF59351F0041AAE00DE7252DB34A881CB50
              Function 00007FF848F008F8 Relevance: 2.8, Strings: 2, Instructions: 302COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: ;P_^$K;P
              • API String ID: 0-3202807064
              • Opcode ID: f777b165d9ea156ff1544473119f70fe2b01c3498571020c00a6f743ff26f742
              • Instruction ID: e909f44cbcb9878bc78f26a1bb889ee5bec8f7fbde62c211a2e46cf9aa005e1b
              • Opcode Fuzzy Hash: f777b165d9ea156ff1544473119f70fe2b01c3498571020c00a6f743ff26f742
              • Instruction Fuzzy Hash: FEA10671A0992C9FDB94EB68D885BEDB7B1FF59351F0041AAE00DE7252DA34A881CB50
              Function 00007FF848F00898 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: K;P
              • API String ID: 0-4840859
              • Opcode ID: b227ce4f8277329848248688cec1d1457cca0b0a791c6b43fcf0430265b7586f
              • Instruction ID: a4be5ee5fee204f85290b4dcddcae5a8e1a8e0decab8d4046c6abe6da902ba38
              • Opcode Fuzzy Hash: b227ce4f8277329848248688cec1d1457cca0b0a791c6b43fcf0430265b7586f
              • Instruction Fuzzy Hash: 62A11871A0992C9FDB94EB6CD885AEDB7B1FF99351F0041BAD00DE7252DB34A881CB50
              Function 00007FF848F008A8 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: K;P
              • API String ID: 0-4840859
              • Opcode ID: e6be8393352e3e081ad0fa0ae193faf61c3655c7ce23472ff31c7110b79fd152
              • Instruction ID: 532e4782f5d0612b462493bd3254bb0f25dca1f5826df435c44bd9115a1ab7bb
              • Opcode Fuzzy Hash: e6be8393352e3e081ad0fa0ae193faf61c3655c7ce23472ff31c7110b79fd152
              • Instruction Fuzzy Hash: F7A13831A0992C9FDB94EB6CD885BEDB7B1FF59351F0041AAE00DE7252DB34A881CB50
              Function 00007FF848F008B8 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: K;P
              • API String ID: 0-4840859
              • Opcode ID: 80565faa7065aee41426f4033e6bb4f2e1182e9a9f129a91fe2e76c16cfe6a47
              • Instruction ID: 904cda600ff37c43e957ee41ff26d3dae86d52b885207cef9b409f7e7f9fddcf
              • Opcode Fuzzy Hash: 80565faa7065aee41426f4033e6bb4f2e1182e9a9f129a91fe2e76c16cfe6a47
              • Instruction Fuzzy Hash: 52A11771A0992C9FDB94EB6CD884BEDB7B1FF59351F0045AAE00DE7252DB34A881CB50
              Function 00007FF848F008C8 Relevance: 1.5, Strings: 1, Instructions: 298COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: K;P
              • API String ID: 0-4840859
              • Opcode ID: 6d83069256ae6dc37a99a6dd88dd7a4c5fd096fb834f2165976d8a3d18176d14
              • Instruction ID: deb45c494858b079d679f7c5f37774109e0f60b9682e05d1d47f86e8c48e3eae
              • Opcode Fuzzy Hash: 6d83069256ae6dc37a99a6dd88dd7a4c5fd096fb834f2165976d8a3d18176d14
              • Instruction Fuzzy Hash: 00A10771A0992C9FDB94EB68D884BEDB7F1FF59351F0045AAE00DE7252DB34A881CB50
              Function 00007FF848F00908 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: K;P
              • API String ID: 0-4840859
              • Opcode ID: 937c81af06a396c9e062d8b9a96f28008b392ced669c955138e3281c1f489062
              • Instruction ID: e0431a9695df0d454a2008cb9349f42a8af0eb9c1b78d18f1286a21c71ca1d25
              • Opcode Fuzzy Hash: 937c81af06a396c9e062d8b9a96f28008b392ced669c955138e3281c1f489062
              • Instruction Fuzzy Hash: 8AA10771A0992C9FDB94EB68D884BEDB7F1FF59351F0041AAE00DE7252DB34A881CB50
              Function 00007FF848F05AF0 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: O_^
              • API String ID: 0-3781818083
              • Opcode ID: 47bd828c1871da83e1e34675eaac27c60c81eb5799573d112a037f68c56e701d
              • Instruction ID: 35386437d2d851a9a7183872d16b4c21375586ac3db036573c1a620d3cfb8c2e
              • Opcode Fuzzy Hash: 47bd828c1871da83e1e34675eaac27c60c81eb5799573d112a037f68c56e701d
              • Instruction Fuzzy Hash: F951EA319BF24B4EE65073A815EE4FA6580EF8B3A9F943D31F84DA51C3AE8C31048658
              Function 00007FF848F05AF7 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID: O_^
              • API String ID: 0-3781818083
              • Opcode ID: 5f38dde7d3e6ed3ccffa5e5425a64ce1741caf6dcba1b29ef97a94b8af843f84
              • Instruction ID: 2fd234d19c6f0f80064eb6e41d5ebe506ea20deb9e6cd0fcd9d82bfeb683f476
              • Opcode Fuzzy Hash: 5f38dde7d3e6ed3ccffa5e5425a64ce1741caf6dcba1b29ef97a94b8af843f84
              • Instruction Fuzzy Hash: C151EA319BF24B4EE65073A815EE4FB6580EF8B3A8F843C31F84DA51C3AE8C31048658
              Function 00007FF848F00C80 Relevance: .6, Instructions: 574COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d8e4b688f9eb288005602f50ddaf777f969eacc9e11e7765b7f76f7ae1e317f
              • Instruction ID: adc86558848c5e93778fb2c333513f1ccd6e005608ff3e19a72b4037d51d7f69
              • Opcode Fuzzy Hash: 1d8e4b688f9eb288005602f50ddaf777f969eacc9e11e7765b7f76f7ae1e317f
              • Instruction Fuzzy Hash: BE32C430A1992D9FDB94FB28C898BA9B7B1FB98305F5041F5D40DE3256DF38A9818F44
              Function 00007FF848F06D0D Relevance: .6, Instructions: 570COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a22049391ecdf3f139abee9e71a01131157896532727c9abb918e449a3d0f0b1
              • Instruction ID: 33dfb10c1ba851a39fb725c119bacdf384ed0a26fbb93063c33231ee899f1caf
              • Opcode Fuzzy Hash: a22049391ecdf3f139abee9e71a01131157896532727c9abb918e449a3d0f0b1
              • Instruction Fuzzy Hash: 1A32D470D09A2D8FDBA9EB18C894BE9B7F1FB59345F1041A9D00DE3281DB39A981CF54
              Function 00007FF848F0EFC5 Relevance: .5, Instructions: 466COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f9fb8214bb16817cce164956969b73fd47096f9d1823aea4d12580d62334011
              • Instruction ID: 4cc84aef681d164b46474c2562e328d7235d763dd21a8f8616273f49bbbb01a0
              • Opcode Fuzzy Hash: 8f9fb8214bb16817cce164956969b73fd47096f9d1823aea4d12580d62334011
              • Instruction Fuzzy Hash: 0C023530D096198FDB58EF68C494BEDB7B1FF59301F2081A9D40EA72C6DB38A885CB54
              Function 00007FF848F03A68 Relevance: .3, Instructions: 316COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57235c858e129b885443f9f2a2e36c1df55d5646adb58c1092b883c4cd3353ed
              • Instruction ID: 865f36e9fce3187bae9697739b9baa0d406a2e7b90ac7eba3eda5d74c79494ee
              • Opcode Fuzzy Hash: 57235c858e129b885443f9f2a2e36c1df55d5646adb58c1092b883c4cd3353ed
              • Instruction Fuzzy Hash: 5EB12A70E0CA1D8FDB94EB58D895BA9B7F1FF69341F1040AAD00DE7292DB35A884CB15
              Function 00007FF848F0327D Relevance: .3, Instructions: 309COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 36a65cfb6261d20998b4913df6967a804d17b875d37d84b774a32a12d7187cc3
              • Instruction ID: 6a0e276c8fbc83bfcf478b4e0742670cc9b8b87ea5c34a4709e269a539adfad1
              • Opcode Fuzzy Hash: 36a65cfb6261d20998b4913df6967a804d17b875d37d84b774a32a12d7187cc3
              • Instruction Fuzzy Hash: C0B12B70D08A5D8FDB94EB6CD495BA8BBF1FF69340F1040AAD00DE7292DB34A985CB15
              Function 00007FF848F04256 Relevance: .3, Instructions: 308COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 81bc13d6b615a50091c928145feef049d1b35a798b2be58d6483a8887f4a73e1
              • Instruction ID: 4c3a6954833035f08841bf92f159d994d4dff32fc7fd41c69f8ad9206e26d228
              • Opcode Fuzzy Hash: 81bc13d6b615a50091c928145feef049d1b35a798b2be58d6483a8887f4a73e1
              • Instruction Fuzzy Hash: A2B11F70D08A5D8FDB94EF58C855BA8B7F1FF69304F1041AAD00DE7292DB34A985CB15
              Function 00007FF848F04E26 Relevance: .3, Instructions: 308COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e329dee796f1da279d7cf8e058419a79396f27ed86c06b59975c9035cc404cf
              • Instruction ID: 88ccdc917421869272b4b2cf8c7a1876c70d0607fe356d9e10d148f565c9315d
              • Opcode Fuzzy Hash: 6e329dee796f1da279d7cf8e058419a79396f27ed86c06b59975c9035cc404cf
              • Instruction Fuzzy Hash: 61B12E70D08A5D8FDB95EB68C854BACBBF1FF69301F1041AAD00DE7292DB74A985CB11
              Function 00007FF848F04646 Relevance: .3, Instructions: 304COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56869b3d8e86b9db34afb266c2f22b690ffd0c6805d185c9045295fb00807a2c
              • Instruction ID: 180509351e841e11fd17718884e85d931e91a8dc9e1c0e59ed7f41f36a7d5892
              • Opcode Fuzzy Hash: 56869b3d8e86b9db34afb266c2f22b690ffd0c6805d185c9045295fb00807a2c
              • Instruction Fuzzy Hash: A7B13F70D08A5D8FDB95EF68C854BA8BBF1FF69304F1041AAD00DE7292DB35A985CB01
              Function 00007FF848F04A36 Relevance: .3, Instructions: 303COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a4091834b4424ffff2619b3095260c0a3b32ac8f5f6b088d657023d28beb9ccb
              • Instruction ID: c3ff59a63b1a42c3af934dd7cb4c28f13757dddd7c13c7f7d2a685084d27e555
              • Opcode Fuzzy Hash: a4091834b4424ffff2619b3095260c0a3b32ac8f5f6b088d657023d28beb9ccb
              • Instruction Fuzzy Hash: FFB11C70D0CA5D8FDB95EB68C854BA8BBF1FF69304F1441AAD00DE7292DB34A985CB05
              Function 00007FF848F0523A Relevance: .3, Instructions: 286COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e6d71082707f66438b21ec230c5b6eacd36613885f794d3cbc278870efbed90
              • Instruction ID: c4e363cc6fef22f47dca617e755f6066cc8acdf1ff99991637f27c17cc22cf30
              • Opcode Fuzzy Hash: 6e6d71082707f66438b21ec230c5b6eacd36613885f794d3cbc278870efbed90
              • Instruction Fuzzy Hash: 0EA11C70D08A5D8FDB94EB58C895BACBBF1FF69301F5040AAD00DE7292DB74A985CB11
              Function 00007FF848F03E66 Relevance: .3, Instructions: 285COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a5e0bd7d8257705303e08affdf10bc2b8611c723b649afde0ebb7f48a688ca1
              • Instruction ID: 49c80c68b912719949b940874e37664d616405b5d06a17b88ecf9f1ab70709af
              • Opcode Fuzzy Hash: 1a5e0bd7d8257705303e08affdf10bc2b8611c723b649afde0ebb7f48a688ca1
              • Instruction Fuzzy Hash: 5DA14D70D0CA5D8FDB95EB68C854BA8BBF1FF69305F1441AAD00DE3292DB34A984CB01
              Function 00007FF848F03A60 Relevance: .3, Instructions: 253COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 273fc9f563bf4069a298f43a966951ec5f6f904a87777d079e42225724035601
              • Instruction ID: 3123a0e5dcc4dc18eec4561d59d4d61f77b2d7a1241be29e1b3cb9f50303940d
              • Opcode Fuzzy Hash: 273fc9f563bf4069a298f43a966951ec5f6f904a87777d079e42225724035601
              • Instruction Fuzzy Hash: 77912970E1CA1D8FDB98EB58D895BA9B7F1FF59301F1040AAD00DE3292DB34A880CB15
              Function 00007FF848F03A78 Relevance: .2, Instructions: 243COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 955ec3d17c668418efe77a5dc799d68e8682eef77c9db8fd391982dcad4840d5
              • Instruction ID: 3734ebaebe80b5ec8f529ed799b6252690144ab277d19e86771858ffeeaeef81
              • Opcode Fuzzy Hash: 955ec3d17c668418efe77a5dc799d68e8682eef77c9db8fd391982dcad4840d5
              • Instruction Fuzzy Hash: F2910970E1CA1D8FDB98EB58C895BA9BBF1FF59341F1040AAD00DE3291DB35A984CB15
              Function 00007FF848F05606 Relevance: .2, Instructions: 241COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2724549d0fe20dc97fe88f89e31e008864251be3939fd95c75bff6e6892c8ff0
              • Instruction ID: ab9b417dfb59d14364d2103d0ec91d6309a144b1e3223ca2f9b64c9fdd54c501
              • Opcode Fuzzy Hash: 2724549d0fe20dc97fe88f89e31e008864251be3939fd95c75bff6e6892c8ff0
              • Instruction Fuzzy Hash: 5A81D970D08A5C9FDB94EF68C855BA8BBF1FF5A301F0441AAD00DE7292DB74A885CB41
              Function 00007FF848F0AF60 Relevance: .2, Instructions: 226COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fc6bf70e1c940182e1611984097c36b35493f670496b935735b9cb546b4b66df
              • Instruction ID: ba5adb8b2467ce79a7642c72c085cf36f67d77fce108d7e05488e3a5030e3afb
              • Opcode Fuzzy Hash: fc6bf70e1c940182e1611984097c36b35493f670496b935735b9cb546b4b66df
              • Instruction Fuzzy Hash: B3918B70C1D61E8FEB6AEB14C855AE9B7B0FF16340F1002B9D41DA71D1EB346A89CB94
              Function 00007FF848F069C9 Relevance: .2, Instructions: 216COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7694bba9d8971b11ee70c5d0ed7e249bdcdad707b6b81a2492c570a10c7a7dea
              • Instruction ID: c7a115775a4c4946e88dfc2a5e8448161827869a14bf523e83a1105f516397b8
              • Opcode Fuzzy Hash: 7694bba9d8971b11ee70c5d0ed7e249bdcdad707b6b81a2492c570a10c7a7dea
              • Instruction Fuzzy Hash: A5815530D1961D8FEB94EBA8C855BE9BBB1FF49344F5041B9D00DE7282DB38A984CB41
              Function 00007FF848F009A0 Relevance: .2, Instructions: 213COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c664a41767a9a4437ac6f62c73e66159567cf076d5ef1671d5b03c9807a9e92f
              • Instruction ID: d8282079d7bc4e6587864d41edf68407441f47a7367637afc866855b8a763dc5
              • Opcode Fuzzy Hash: c664a41767a9a4437ac6f62c73e66159567cf076d5ef1671d5b03c9807a9e92f
              • Instruction Fuzzy Hash: 7B71A570A0891C9FDF94EF68D895BACB7F1FB69301F1001A9E00DE7251DB74A881CB40
              Function 00007FF848F02049 Relevance: .2, Instructions: 180COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 395e641aabe5793c25a58a173ea27517e21181a6ae0c90a8313c6c9322fdaa36
              • Instruction ID: 32b8e39359bb02703d387cb4e66350221565a36818e983e800d827582385ebd9
              • Opcode Fuzzy Hash: 395e641aabe5793c25a58a173ea27517e21181a6ae0c90a8313c6c9322fdaa36
              • Instruction Fuzzy Hash: 7D619770A19A1C9FDF95EF68C495AADB7F1FF59305F5001A9D00DE7251DB35A881CB00
              Function 00007FF848F00B0D Relevance: .1, Instructions: 121COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 373cb1508e3779dd2bc3e9167ec1caef43bf45983898caedd1c2a694dad769b8
              • Instruction ID: 9a067afe8f80b360bfc6130879b63d31516fb10e777c4dc2431deaa26fa53e75
              • Opcode Fuzzy Hash: 373cb1508e3779dd2bc3e9167ec1caef43bf45983898caedd1c2a694dad769b8
              • Instruction Fuzzy Hash: 5B312A3291D58D8FE745F768A8555F87BB0FF86258F0401B6C448E71E3EF2818068769
              Function 00007FF848F00B30 Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e54ff20ca16ae032de15e9b920aad195f43fb1cc84b92ddc5d7b6b670621f524
              • Instruction ID: 6f01f9ecbf7beec5c230fd7f210d4fa9ee4215fd9ff96ded26a8e3bea48ec733
              • Opcode Fuzzy Hash: e54ff20ca16ae032de15e9b920aad195f43fb1cc84b92ddc5d7b6b670621f524
              • Instruction Fuzzy Hash: AD31D431E1E58E8EE781B72898556F87BB0FFC6259F0401B5D449E71E3EF2C18068765
              Function 00007FF848F00B38 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a83ef2bea6eb04ddfcbab13ecd3edcc91365ee66562fa18a4939008915e38ad
              • Instruction ID: 6d2d88e1cd103b4ca77c38bc53ccc6799f912c5fc07b4f5f52043ae88b8b6277
              • Opcode Fuzzy Hash: 4a83ef2bea6eb04ddfcbab13ecd3edcc91365ee66562fa18a4939008915e38ad
              • Instruction Fuzzy Hash: 0131B332E1E58E8EE781B728D8566F97BB0FF86259F0400B5D449E71D3EF2C18068B65
              Function 00007FF848F068B1 Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: dbf71e73ed57027ac18fc990bea6211c3d138e7affd7b307000a298b2003c9c8
              • Instruction ID: 23e3434fcf36ae228b14bdb224c5f72f29cbadf826bb6b7401cf8e33b2fea3c7
              • Opcode Fuzzy Hash: dbf71e73ed57027ac18fc990bea6211c3d138e7affd7b307000a298b2003c9c8
              • Instruction Fuzzy Hash: B131B030D1964A8FE785EB6888653EEBBB1FF49350F4001B5D008E72C2EF3C694587A5
              Function 00007FF848F00B40 Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 45a01e1bbc922b187089804154f3eab78d32000b60f6f46adde2702f6b653e1f
              • Instruction ID: b914a30f371ea6b931d3239c92c7fab278560f4ba4a22c0d5ab38b478e6c7c0c
              • Opcode Fuzzy Hash: 45a01e1bbc922b187089804154f3eab78d32000b60f6f46adde2702f6b653e1f
              • Instruction Fuzzy Hash: F731C231E1E58A8EE781B728D8556F87BB0FF86255F0400B5D449E71D3EF2C18068B65
              Function 00007FF848F00B48 Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 912c52f40241e709fb7caa12f1588a702ab5876b35e0d42ee79bb46773cb91bc
              • Instruction ID: 20b621970186923822a09e9063af2db88b19451f3f281ca6245d1fe58dab9a9d
              • Opcode Fuzzy Hash: 912c52f40241e709fb7caa12f1588a702ab5876b35e0d42ee79bb46773cb91bc
              • Instruction Fuzzy Hash: 7F21B131E1E58A8EE785B728D8552F87BB1FF86245F0400B5D449E71D2EF2C18468755
              Function 00007FF848F00B50 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b3f9c0dab6fe4f132fe11d5d10759a2c98671b3ad174a658c4f78ac2c20472d2
              • Instruction ID: 74d39fce420fed6dd070f00c0d0e6e7746f73c2fa81593a8b59c6b9bbe28a9f9
              • Opcode Fuzzy Hash: b3f9c0dab6fe4f132fe11d5d10759a2c98671b3ad174a658c4f78ac2c20472d2
              • Instruction Fuzzy Hash: 9A21B131D1E58A8FEB81B72898556F8BBB1FF86345F0400B5D449E32D3EF2C18468765
              Function 00007FF848F01F25 Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b55d44345d113909dc8298864c40eed8e9feb672809bf1f38a7d60a2f3330a5
              • Instruction ID: 5ca200f7c4b6d3a5e89fb29fcc84e51a4da5bbdfbf2ab0008d24e138bc988faa
              • Opcode Fuzzy Hash: 2b55d44345d113909dc8298864c40eed8e9feb672809bf1f38a7d60a2f3330a5
              • Instruction Fuzzy Hash: C321F870D19A4C9FDB41EFA8C859AECBBF1FF59312F040566D008E3292DB38A491CB41
              Function 00007FF848F0F3A7 Relevance: .1, Instructions: 69COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b27b4c446eea66bfe8a58b6b4a4eff85c5bb12b74516edd0c6595983a8f3ebaf
              • Instruction ID: 2ba8e01d0de81a921345d7b2b50416bf9faa505e0cd085f9c44c857abf23d525
              • Opcode Fuzzy Hash: b27b4c446eea66bfe8a58b6b4a4eff85c5bb12b74516edd0c6595983a8f3ebaf
              • Instruction Fuzzy Hash: 90215C34E0950A8FEB48EF94C050AFDB2A1FF59351F609039D80EA71C6EF38A850CB64
              Function 00007FF848F0B11F Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e054f43a17a363c32e351bb12285edccfafc966f41ef4afdc2259c617b6ea69d
              • Instruction ID: 07af0d10c0bb03ec7aed506c5e584195a9fb550d58fe72cc5d8d39cf007c1a93
              • Opcode Fuzzy Hash: e054f43a17a363c32e351bb12285edccfafc966f41ef4afdc2259c617b6ea69d
              • Instruction Fuzzy Hash: D2211630C2861E8FEB55EF54C844BEEB7B1FF45344F4041A9D009A3295EB386A86CF90
              Function 00007FF848F0B103 Relevance: .0, Instructions: 39COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f0d25fc581c2f983e5dc3db03a46ecc5c399d31a9989821a2bf3d23fb7edf535
              • Instruction ID: 92f06bb03687bc8b5a1fd7d283b481b6b0280c568cafaea1428c7cdfc28cc215
              • Opcode Fuzzy Hash: f0d25fc581c2f983e5dc3db03a46ecc5c399d31a9989821a2bf3d23fb7edf535
              • Instruction Fuzzy Hash: 58010030D2861A8FDB96EF58C845BEDB7B5FF49344F500178D409A31D5DB346A468B44
              Function 00007FF848F061C1 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cddff80c770c88cf6b7d022612f99a7c1cdeac1b92069ed78bf7e6be64a19eb0
              • Instruction ID: cc2b465f6aa0821158987337d966f7a1504caeba55cfa7fafbf707c10ab58f69
              • Opcode Fuzzy Hash: cddff80c770c88cf6b7d022612f99a7c1cdeac1b92069ed78bf7e6be64a19eb0
              • Instruction Fuzzy Hash: 16F0B870C4E7888EEB11AB6089192F8BBB0EF17200F0614A6D408EA092EB6895648719
              Function 00007FF848F0B10C Relevance: .0, Instructions: 35COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b25ecad0cb8e9a80231f514e59b95677eef876051fbd61146035f7040c75d26
              • Instruction ID: 2d8b22531d20560e54b05136e5d3dc9aab8a729190101ddf65a94a13e72259b6
              • Opcode Fuzzy Hash: 7b25ecad0cb8e9a80231f514e59b95677eef876051fbd61146035f7040c75d26
              • Instruction Fuzzy Hash: E201EC70C186198FDB9AEF48C854BDDB7B5FF49304F5041A9D40993294DB346A85CF54
              Function 00007FF848F0B116 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8ad90733ac866c6bdb0c3956962272468978ada3cb6d6afe27bd131d484271a5
              • Instruction ID: f9616791ee31dfd54013404e06c8ac4c10aaf2fb9df2d41990df6be00488ae29
              • Opcode Fuzzy Hash: 8ad90733ac866c6bdb0c3956962272468978ada3cb6d6afe27bd131d484271a5
              • Instruction Fuzzy Hash: C2F0EC70C2861A8FEB9AEB54C845BEDB7B1FF45744F5001A8D41993290DB346986CB54
              Function 00007FF848F0D9D7 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72bdd3a8be4972df6d2eea7f37f693f5ee6aa2b6ecc95111a8348777e8557cab
              • Instruction ID: 439676dc82936e5396a1ee35e394c7ede8afdee6d4253a27ffc34a8e8c176a2f
              • Opcode Fuzzy Hash: 72bdd3a8be4972df6d2eea7f37f693f5ee6aa2b6ecc95111a8348777e8557cab
              • Instruction Fuzzy Hash: BFF01D71D0C61A8FE758FB24C8546E872B0EF52350F0402BD901EA72E1EB342A8ACA54
              Function 00007FF848F0DA5B Relevance: .0, Instructions: 20COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f35842a5448489997ec39835df8faab2457e9c2a9b4bf574e359908d41ad8bb8
              • Instruction ID: 514a6b08d4f246402f01aa353ba2d2ee3e135fe19cab6924839473a9fe1ff914
              • Opcode Fuzzy Hash: f35842a5448489997ec39835df8faab2457e9c2a9b4bf574e359908d41ad8bb8
              • Instruction Fuzzy Hash: 5CE0C071D0852A8FE758EB24C8956E972B0EB51340F0042FA941ED61D1EE342A86CE54

              Non-executed Functions

              Function 00007FF848F07DEF Relevance: .6, Instructions: 624COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 933b9ae0b467f1b211eb6cd11de115aaab2c43ed7c984fbaca8e5b45930785fa
              • Instruction ID: 6328e9fd4fdb8a5e31d16f220878c1e9e0d5e4f2fe6c4eba9c13d97d67b01f8d
              • Opcode Fuzzy Hash: 933b9ae0b467f1b211eb6cd11de115aaab2c43ed7c984fbaca8e5b45930785fa
              • Instruction Fuzzy Hash: 0542E470D1962C8FDBA8EB54C894BB9B7B1FF59341F5041A9D00EA3291DB39AA81CF14
              Function 00007FF848F08FD2 Relevance: .4, Instructions: 393COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 033381f93e0db1ae9e1a6bb9d5a4c7fddf6c8bc32124a7ba274b85eabb5557fc
              • Instruction ID: 3bdabc5557097691553c5346d898b748ad8c01814734f5c9ff7f04f59f007ce5
              • Opcode Fuzzy Hash: 033381f93e0db1ae9e1a6bb9d5a4c7fddf6c8bc32124a7ba274b85eabb5557fc
              • Instruction Fuzzy Hash: 49E1E430E19A198FDB94EB68C895BADB7F1FF59301F5041A9D00DE3292DB38A985CF50
              Function 00007FF848F099B2 Relevance: .4, Instructions: 392COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b47afb9a22be6d894c4e834c7d6b6dcfd77dc366e0893719f24418d0d15129c6
              • Instruction ID: 059f7d397f6b8576236fef0bedebc8f85658ab9dce08051219cdc675ab341991
              • Opcode Fuzzy Hash: b47afb9a22be6d894c4e834c7d6b6dcfd77dc366e0893719f24418d0d15129c6
              • Instruction Fuzzy Hash: 91E1F230E19A198FDB94EB68C895BADB7F1FF59301F5041A9D00DE3292DB38A985CF50
              Function 00007FF848F094E8 Relevance: .4, Instructions: 371COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000003.00000002.4461249886.00007FF848F00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F00000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_3_2_7ff848f00000_PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9db83eb29fdbecd1abccb63cac5d598807075dda0284e3ec0bff4ae918ac4688
              • Instruction ID: c82088bf00903cbbc81ccacb3c082e6a30b843c6a0e07aaba4f34cdf8946fe06
              • Opcode Fuzzy Hash: 9db83eb29fdbecd1abccb63cac5d598807075dda0284e3ec0bff4ae918ac4688
              • Instruction Fuzzy Hash: 34E1D530D19A1D8FDB94EB68C895BADB7F1FB59301F5041A9D00DE3292DB38A985CF50