Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SOA Payment for June 30th.exe

Overview

General Information

Sample name:SOA Payment for June 30th.exe
Analysis ID:1467838
MD5:63128eeca6e0dabeddfd68c0517d4c91
SHA1:eb43eb41464d255d312b6b2aa14428ccd16156da
SHA256:45d0c2ec2ede02e8b8ef535346a4e7e06fd52ba27995a15a5f1a0b11e305d4f7
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "nffplp.com", "Username": "airlet@nffplp.com", "Password": "$Nke%8XIIDtm"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.4599301189.0000000002E01000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000003.00000002.4599301189.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000003.00000002.4599301189.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.SOA Payment for June 30th.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              3.2.SOA Payment for June 30th.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                3.2.SOA Payment for June 30th.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  3.2.SOA Payment for June 30th.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x340ef:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x34161:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x341eb:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x3427d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x342e7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x34359:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x343ef:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x3447f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  0.2.SOA Payment for June 30th.exe.47c6078.6.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 13 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 163.44.198.71, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\SOA Payment for June 30th.exe, Initiated: true, ProcessId: 6408, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49715

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 3.2.SOA Payment for June 30th.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "nffplp.com", "Username": "airlet@nffplp.com", "Password": "$Nke%8XIIDtm"}
                    Multi AV Scanner detection for submitted file
                    Source: SOA Payment for June 30th.exeReversingLabs: Detection: 31%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: SOA Payment for June 30th.exeJoe Sandbox ML: detected
                    Source: SOA Payment for June 30th.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: SOA Payment for June 30th.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: dhSR.pdbSHA256 source: SOA Payment for June 30th.exe
                    Source: Binary string: dhSR.pdb source: SOA Payment for June 30th.exe

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 3.2.SOA Payment for June 30th.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.4801698.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.5:49715 -> 163.44.198.71:587
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                    Source: Joe Sandbox ViewASN Name: GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSG
                    Source: unknownDNS query: name: ip-api.com
                    Source: global trafficTCP traffic: 192.168.2.5:49715 -> 163.44.198.71:587
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                    Source: global trafficDNS traffic detected: DNS query: nffplp.com
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4597811398.000000000102F000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4597811398.0000000000F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4602655404.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597811398.000000000102F000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4597811398.0000000001021000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597811398.000000000102F000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597811398.0000000001021000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002D81000.00000004.00000800.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nffplp.com
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4602655404.00000000067B2000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597811398.0000000001021000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597811398.000000000102F000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002D81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: SOA Payment for June 30th.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4597811398.0000000001021000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597811398.000000000102F000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, POq2Ux.cs.Net Code: mDt2FXita0Y
                    Source: 0.2.SOA Payment for June 30th.exe.4801698.7.raw.unpack, POq2Ux.cs.Net Code: mDt2FXita0Y
                    Installs a global keyboard hook
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\SOA Payment for June 30th.exeJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 3.2.SOA Payment for June 30th.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SOA Payment for June 30th.exe.4801698.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SOA Payment for June 30th.exe.4801698.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 0.2.SOA Payment for June 30th.exe.6f70000.8.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
                    Source: 0.2.SOA Payment for June 30th.exe.2dcb678.3.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
                    Initial sample is a PE file and has a suspicious name
                    Source: initial sampleStatic PE information: Filename: SOA Payment for June 30th.exe
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_0133DDEC0_2_0133DDEC
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_052F00060_2_052F0006
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_052F00400_2_052F0040
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_052FE8E00_2_052FE8E0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058BD5D00_2_058BD5D0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B6D500_2_058B6D50
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B8B980_2_058B8B98
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058BD5C00_2_058BD5C0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B75F80_2_058B75F8
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B65050_2_058B6505
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B84870_2_058B8487
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B84D30_2_058B84D3
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058BC7B00_2_058BC7B0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B87C30_2_058B87C3
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058BC7C00_2_058BC7C0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B87F90_2_058B87F9
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B87200_2_058B8720
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B87620_2_058B8762
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B869E0_2_058B869E
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B76080_2_058B7608
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B86080_2_058B8608
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B86380_2_058B8638
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B51E40_2_058B51E4
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B81400_2_058B8140
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B81500_2_058B8150
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B8D2B0_2_058B8D2B
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058BCD600_2_058BCD60
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058BCD700_2_058BCD70
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B6CE90_2_058B6CE9
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B5E0A0_2_058B5E0A
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B89940_2_058B8994
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B893F0_2_058B893F
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B59400_2_058B5940
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B59500_2_058B5950
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B48880_2_058B4888
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B88B50_2_058B88B5
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B88590_2_058B8859
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B88500_2_058B8850
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B8A9C0_2_058B8A9C
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B8A080_2_058B8A08
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B8A740_2_058B8A74
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_070744D80_2_070744D8
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_070763F00_2_070763F0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_07075FB80_2_07075FB8
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_0707BDB00_2_0707BDB0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_070749000_2_07074900
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_070749100_2_07074910
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_070768280_2_07076828
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_02BB4AC03_2_02BB4AC0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_02BBB9293_2_02BBB929
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_02BB3EA83_2_02BB3EA8
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_02BBECC83_2_02BBECC8
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_02BB41F03_2_02BB41F0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_02BBAD083_2_02BBAD08
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_069B98843_2_069B9884
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A1C2803_2_06A1C280
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A152683_2_06A15268
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A1B31A3_2_06A1B31A
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A131403_2_06A13140
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A17E683_2_06A17E68
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A177883_2_06A17788
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A1E4A83_2_06A1E4A8
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A100403_2_06A10040
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A159BB3_2_06A159BB
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_070537D83_2_070537D8
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_06A100383_2_06A10038
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2152768594.0000000000F1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename46da3e76-ea11-4ef3-9ed6-348209ad609f.exe4 vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exe, 00000000.00000000.2142054703.000000000096C000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedhSR.exeD vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2154408706.0000000002D61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename46da3e76-ea11-4ef3-9ed6-348209ad609f.exe4 vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2162363719.0000000006F70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2163081890.000000000E820000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2154408706.0000000002D7F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4597741905.0000000000F39000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4597596271.000000000043E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename46da3e76-ea11-4ef3-9ed6-348209ad609f.exe4 vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exeBinary or memory string: OriginalFilenamedhSR.exeD vs SOA Payment for June 30th.exe
                    Source: SOA Payment for June 30th.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 3.2.SOA Payment for June 30th.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SOA Payment for June 30th.exe.4801698.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SOA Payment for June 30th.exe.4801698.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: SOA Payment for June 30th.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, ZTFEpdjP8zw.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, WnRNxU.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, 2njIk.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, I5ElxL.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, QQSiOsa4hPS.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, FdHU4eb83Z7.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, 3VzYbXLJt4.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, 3VzYbXLJt4.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, 3VzYbXLJt4.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, 3VzYbXLJt4.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, PgU4rjWHipooK17TjE.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, PgU4rjWHipooK17TjE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, XNSlb6B08qHNUtpO6P.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, XNSlb6B08qHNUtpO6P.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, XNSlb6B08qHNUtpO6P.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, PgU4rjWHipooK17TjE.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, PgU4rjWHipooK17TjE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, XNSlb6B08qHNUtpO6P.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, XNSlb6B08qHNUtpO6P.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, XNSlb6B08qHNUtpO6P.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.SOA Payment for June 30th.exe.2d7710c.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.SOA Payment for June 30th.exe.2e1496c.4.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: 0.2.SOA Payment for June 30th.exe.6ff0000.10.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@3/2
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SOA Payment for June 30th.exe.logJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMutant created: NULL
                    Source: SOA Payment for June 30th.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: SOA Payment for June 30th.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: SOA Payment for June 30th.exeReversingLabs: Detection: 31%
                    Source: unknownProcess created: C:\Users\user\Desktop\SOA Payment for June 30th.exe "C:\Users\user\Desktop\SOA Payment for June 30th.exe"
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess created: C:\Users\user\Desktop\SOA Payment for June 30th.exe "C:\Users\user\Desktop\SOA Payment for June 30th.exe"
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess created: C:\Users\user\Desktop\SOA Payment for June 30th.exe "C:\Users\user\Desktop\SOA Payment for June 30th.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: SOA Payment for June 30th.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: SOA Payment for June 30th.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: SOA Payment for June 30th.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: dhSR.pdbSHA256 source: SOA Payment for June 30th.exe
                    Source: Binary string: dhSR.pdb source: SOA Payment for June 30th.exe

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: SOA Payment for June 30th.exe, MainForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, XNSlb6B08qHNUtpO6P.cs.Net Code: ltg2Lg3a4G System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.SOA Payment for June 30th.exe.6f70000.8.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.SOA Payment for June 30th.exe.6f70000.8.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, XNSlb6B08qHNUtpO6P.cs.Net Code: ltg2Lg3a4G System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.SOA Payment for June 30th.exe.2dcb678.3.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.SOA Payment for June 30th.exe.2dcb678.3.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
                    Source: SOA Payment for June 30th.exeStatic PE information: 0xFDB78393 [Thu Nov 20 22:13:39 2104 UTC]
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_058B8359 push 8BBCEB50h; ret 0_2_058B835F
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_070794DF push ecx; ret 0_2_070794E0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_070704E5 push edi; ret 0_2_070704E6
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_07078F85 push edi; ret 0_2_07078F8D
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_07073EE5 push ds; retn 6BA9h0_2_07073EFF
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 0_2_0707D9DF push dword ptr [edx+ebp*2-75h]; iretd 0_2_0707D9EF
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_070511B0 push es; ret 3_2_070511C0
                    Source: SOA Payment for June 30th.exeStatic PE information: section name: .text entropy: 7.547057220379541
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, YwLWgyXPBAopIKbCrb.csHigh entropy of concatenated method names: 'p1CjymAypU', 'bYSja073cG', 'rMpjtrsjbl', 'Hiht3ElZWG', 'TcGtz5t9ay', 'VW8jQfnytT', 'i4cjVBllS9', 'euRjC28ivK', 'W0Xj6P4hcQ', 'OGbj2txRvM'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, rKRWGqu92A81SjLtMH.csHigh entropy of concatenated method names: 'RbfpWe5iOC', 'Ke1pxb75TH', 'ACspPKllji', 'z3rpZ4Dhhr', 'NWMph6Y45l', 'ljHpEke7xd', 'blYpXdwvn6', 'exHpgbAL5b', 'B9Np1hjEnE', 'jjMp9wSWhY'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, n9wLcrbsxI69ytHYVi.csHigh entropy of concatenated method names: 'sulMYDhb7T', 'YfHM3Krrun', 'imWUQo8kbG', 'mMvUVbp9Us', 'j13M9H22XH', 'YZwMi4udDQ', 'LfAMudMEyZ', 'xmPM8veoMw', 'BGMM7J62D3', 'Gc5Mc5rmVw'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, mrA5CeP2jpv0OMJS3f.csHigh entropy of concatenated method names: 'AAntsEtvlR', 'TwEtO6mL9l', 'QMWtKWj6J5', 'HGTtjJydSw', 'sFetBnb7uS', 'qA2Kv8fuG3', 'JMdKbrKgUQ', 'UV4KrciJ0T', 'JRBKYohqVG', 'FyuKw8VWlE'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, Fsq0g0YA0jMpE3rSut.csHigh entropy of concatenated method names: 'Sf6UyaGKYw', 'iHcUOhXqaI', 'yMKUaKq6kf', 'PV0UK06Ods', 'ISTUtWEEbT', 'iaOUjf4XK8', 'FYiUBsyk1J', 'GNZUShKG6U', 'AOOUI4YESc', 'IOJU0HVtCy'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, SZrbkQzM8muv9CuKi5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ih9Gpml2C0', 'iFyGH2eZp3', 'hUuGD1NNxX', 'ihYGMXklaK', 'q9ZGUrxJgu', 'I7rGGawwAT', 'OZ2G5Hi7KZ'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, W5EcZlacMxmvZdcZ3f.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ytCCwu7XDq', 'giNC3Yfdlm', 'LfvCzBksSY', 'DsU6QgfFIS', 'gZB6VbctNC', 'RDS6CbYpS8', 'vB666iW3po', 'Os9QRft6CJNRVcAQHuk'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, Ewjs7PkGDxP0J1CSi9.csHigh entropy of concatenated method names: 'fPFjdEDI2v', 'ukxjn0XFUY', 'Q4rjLVvN5v', 'KwgjofCs2I', 'X0qjADvVFR', 'q7tjeEnaEb', 'DdHjfoe5iY', 'aPpjWFZNYo', 'M2vjxr4gDa', 'caKjTxbqn0'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, hUssHOchm4P0wyP4QI.csHigh entropy of concatenated method names: 'ToString', 'eyWD9oADua', 'pEODZE3ScG', 'Y3HDNqOrpo', 'S0iDhAI09j', 'kEKDEayftS', 'SvHDms980V', 'jLYDXTJwG7', 'DSNDgW6pnW', 'MxZDk6lYt7'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, CLuLMZxWyEmIQB6fb1.csHigh entropy of concatenated method names: 'N0Rao0AQgv', 'zR7aechmii', 'zkwaWlv784', 'HF1ax7fSw0', 's2ZaHjrVgq', 'QS1aDZxlxS', 'eLKaMnC7ZL', 'REBaUh8Zht', 's0caGaForx', 'wAUa5ITrn3'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, hLLm27O82It5qtK8OH.csHigh entropy of concatenated method names: 'Dispose', 'b0xVw58F8h', 'JAuCZDVFkI', 'MCeFFXJ8pa', 'APsV3q0g0A', 'mjMVzpE3rS', 'ProcessDialogKey', 'QtuCQBqHLW', 'lBQCVbwxrx', 'zU8CCGLPXR'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, G5L0jwCtfUw2t3wt08.csHigh entropy of concatenated method names: 'J0QLCLoBg', 'oVao1ZWsW', 'xggeuS1Jf', 'CD6fjmsGT', 'tLax7IDE0', 'NnRTtcgEy', 'qhsEGDe0dvTJNTM9cE', 'a4sNl04hhx0WHo9Nhn', 'USSUbJh3C', 'V0P5yrXRX'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, KPASsxV6qihCusmusuS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Fnb58I4jRO', 'aIO579Xg9I', 'GO55c6iCN1', 'QPh54aXU1D', 'cd35vj1c6T', 'ey25bDNAKw', 'Ha95rRyYmq'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, PBqHLWwSBQbwxrxnU8.csHigh entropy of concatenated method names: 'Q7jUPQ9wc8', 'IPdUZN2Qh8', 'VPMUNa0I5e', 'SrWUhck10I', 'hnwU8AIATJ', 'opHUEMh12q', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, sLPXRI3dx5rsWTToAw.csHigh entropy of concatenated method names: 'M7VGVmnP3V', 'XslG6lxD2c', 'TG8G2Zr5XC', 'pPqGyV5PLv', 'qXeGOFXtM6', 'AbjGK0BmiI', 'Oi0Gt9dgaR', 'QT2Ur1wgnl', 'WB1UY2wHV7', 'JFgUwkFgtk'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, PP7L6b8iCrLnvpN05v.csHigh entropy of concatenated method names: 'fByH1f65pQ', 'MRUHilct0b', 'cUYH8YpoiV', 'bKTH730pkF', 'oPiHZvhyve', 'eSWHNE0DQm', 'WytHh8rGEK', 'vJjHE3GRnk', 'MvvHmv5GEU', 'qJBHXsFPFF'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, svnjfwTmZsLLWF8IvJ.csHigh entropy of concatenated method names: 'bepKARoegR', 'O1OKfhZU1s', 's3XaNvODs5', 'rleahhdRfp', 'iQ2aEKgI2Q', 'OXZamn94SV', 'a6QaXtsTfn', 'U0Cagu2eh8', 'aAGaks0a2C', 'NCAa1cJ4jY'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, n7hCtg2HEe17oOPfG3.csHigh entropy of concatenated method names: 'JjiVjgU4rj', 'oipVBooK17', 'GWyVIEmIQB', 'dfbV015vnj', 'w8IVHvJIrA', 'sCeVD2jpv0', 'yjDd1fFYxnyWo1yJQp', 'BjqKg5xtEfmy5QFqtl', 'EDmVV8j4vt', 'Y6tV67RR03'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, PgU4rjWHipooK17TjE.csHigh entropy of concatenated method names: 'JGWO862jMV', 'sgxO7pv3uM', 'f2jOcZqFZG', 'nMWO4aTHp5', 'h6NOvHybsn', 'zSKObcPb0u', 'idEOrRWBje', 'tBEOY4Wr6f', 'r6EOwZ8kli', 'fJHO3rQCmp'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, sLnj3yVQYhKYGc6N2e0.csHigh entropy of concatenated method names: 'cCYGdtkgrO', 'DV4GnM1U7X', 'eTiGLmfBPB', 'xM3Go8a2Lk', 'hoJGA0ioX5', 'OTEGenyBcJ', 'iplGfhmSYC', 'zmdGWxQY6h', 'EvCGxxRsfJ', 'JyKGTelYYQ'
                    Source: 0.2.SOA Payment for June 30th.exe.e820000.11.raw.unpack, XNSlb6B08qHNUtpO6P.csHigh entropy of concatenated method names: 'NLe6sdmjod', 'YIg6yG3UhQ', 'kWY6OrG7Xh', 'BQg6aqgegk', 'Aku6Ke4xTJ', 'Jgy6tlPDh5', 'biJ6jw1Jvg', 'gsR6BkYVw7', 'sCV6ShVl9X', 'SbF6I7WyMP'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, YwLWgyXPBAopIKbCrb.csHigh entropy of concatenated method names: 'p1CjymAypU', 'bYSja073cG', 'rMpjtrsjbl', 'Hiht3ElZWG', 'TcGtz5t9ay', 'VW8jQfnytT', 'i4cjVBllS9', 'euRjC28ivK', 'W0Xj6P4hcQ', 'OGbj2txRvM'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, rKRWGqu92A81SjLtMH.csHigh entropy of concatenated method names: 'RbfpWe5iOC', 'Ke1pxb75TH', 'ACspPKllji', 'z3rpZ4Dhhr', 'NWMph6Y45l', 'ljHpEke7xd', 'blYpXdwvn6', 'exHpgbAL5b', 'B9Np1hjEnE', 'jjMp9wSWhY'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, n9wLcrbsxI69ytHYVi.csHigh entropy of concatenated method names: 'sulMYDhb7T', 'YfHM3Krrun', 'imWUQo8kbG', 'mMvUVbp9Us', 'j13M9H22XH', 'YZwMi4udDQ', 'LfAMudMEyZ', 'xmPM8veoMw', 'BGMM7J62D3', 'Gc5Mc5rmVw'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, mrA5CeP2jpv0OMJS3f.csHigh entropy of concatenated method names: 'AAntsEtvlR', 'TwEtO6mL9l', 'QMWtKWj6J5', 'HGTtjJydSw', 'sFetBnb7uS', 'qA2Kv8fuG3', 'JMdKbrKgUQ', 'UV4KrciJ0T', 'JRBKYohqVG', 'FyuKw8VWlE'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, Fsq0g0YA0jMpE3rSut.csHigh entropy of concatenated method names: 'Sf6UyaGKYw', 'iHcUOhXqaI', 'yMKUaKq6kf', 'PV0UK06Ods', 'ISTUtWEEbT', 'iaOUjf4XK8', 'FYiUBsyk1J', 'GNZUShKG6U', 'AOOUI4YESc', 'IOJU0HVtCy'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, SZrbkQzM8muv9CuKi5.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'ih9Gpml2C0', 'iFyGH2eZp3', 'hUuGD1NNxX', 'ihYGMXklaK', 'q9ZGUrxJgu', 'I7rGGawwAT', 'OZ2G5Hi7KZ'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, W5EcZlacMxmvZdcZ3f.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ytCCwu7XDq', 'giNC3Yfdlm', 'LfvCzBksSY', 'DsU6QgfFIS', 'gZB6VbctNC', 'RDS6CbYpS8', 'vB666iW3po', 'Os9QRft6CJNRVcAQHuk'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, Ewjs7PkGDxP0J1CSi9.csHigh entropy of concatenated method names: 'fPFjdEDI2v', 'ukxjn0XFUY', 'Q4rjLVvN5v', 'KwgjofCs2I', 'X0qjADvVFR', 'q7tjeEnaEb', 'DdHjfoe5iY', 'aPpjWFZNYo', 'M2vjxr4gDa', 'caKjTxbqn0'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, hUssHOchm4P0wyP4QI.csHigh entropy of concatenated method names: 'ToString', 'eyWD9oADua', 'pEODZE3ScG', 'Y3HDNqOrpo', 'S0iDhAI09j', 'kEKDEayftS', 'SvHDms980V', 'jLYDXTJwG7', 'DSNDgW6pnW', 'MxZDk6lYt7'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, CLuLMZxWyEmIQB6fb1.csHigh entropy of concatenated method names: 'N0Rao0AQgv', 'zR7aechmii', 'zkwaWlv784', 'HF1ax7fSw0', 's2ZaHjrVgq', 'QS1aDZxlxS', 'eLKaMnC7ZL', 'REBaUh8Zht', 's0caGaForx', 'wAUa5ITrn3'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, hLLm27O82It5qtK8OH.csHigh entropy of concatenated method names: 'Dispose', 'b0xVw58F8h', 'JAuCZDVFkI', 'MCeFFXJ8pa', 'APsV3q0g0A', 'mjMVzpE3rS', 'ProcessDialogKey', 'QtuCQBqHLW', 'lBQCVbwxrx', 'zU8CCGLPXR'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, G5L0jwCtfUw2t3wt08.csHigh entropy of concatenated method names: 'J0QLCLoBg', 'oVao1ZWsW', 'xggeuS1Jf', 'CD6fjmsGT', 'tLax7IDE0', 'NnRTtcgEy', 'qhsEGDe0dvTJNTM9cE', 'a4sNl04hhx0WHo9Nhn', 'USSUbJh3C', 'V0P5yrXRX'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, KPASsxV6qihCusmusuS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Fnb58I4jRO', 'aIO579Xg9I', 'GO55c6iCN1', 'QPh54aXU1D', 'cd35vj1c6T', 'ey25bDNAKw', 'Ha95rRyYmq'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, PBqHLWwSBQbwxrxnU8.csHigh entropy of concatenated method names: 'Q7jUPQ9wc8', 'IPdUZN2Qh8', 'VPMUNa0I5e', 'SrWUhck10I', 'hnwU8AIATJ', 'opHUEMh12q', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, sLPXRI3dx5rsWTToAw.csHigh entropy of concatenated method names: 'M7VGVmnP3V', 'XslG6lxD2c', 'TG8G2Zr5XC', 'pPqGyV5PLv', 'qXeGOFXtM6', 'AbjGK0BmiI', 'Oi0Gt9dgaR', 'QT2Ur1wgnl', 'WB1UY2wHV7', 'JFgUwkFgtk'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, PP7L6b8iCrLnvpN05v.csHigh entropy of concatenated method names: 'fByH1f65pQ', 'MRUHilct0b', 'cUYH8YpoiV', 'bKTH730pkF', 'oPiHZvhyve', 'eSWHNE0DQm', 'WytHh8rGEK', 'vJjHE3GRnk', 'MvvHmv5GEU', 'qJBHXsFPFF'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, svnjfwTmZsLLWF8IvJ.csHigh entropy of concatenated method names: 'bepKARoegR', 'O1OKfhZU1s', 's3XaNvODs5', 'rleahhdRfp', 'iQ2aEKgI2Q', 'OXZamn94SV', 'a6QaXtsTfn', 'U0Cagu2eh8', 'aAGaks0a2C', 'NCAa1cJ4jY'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, n7hCtg2HEe17oOPfG3.csHigh entropy of concatenated method names: 'JjiVjgU4rj', 'oipVBooK17', 'GWyVIEmIQB', 'dfbV015vnj', 'w8IVHvJIrA', 'sCeVD2jpv0', 'yjDd1fFYxnyWo1yJQp', 'BjqKg5xtEfmy5QFqtl', 'EDmVV8j4vt', 'Y6tV67RR03'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, PgU4rjWHipooK17TjE.csHigh entropy of concatenated method names: 'JGWO862jMV', 'sgxO7pv3uM', 'f2jOcZqFZG', 'nMWO4aTHp5', 'h6NOvHybsn', 'zSKObcPb0u', 'idEOrRWBje', 'tBEOY4Wr6f', 'r6EOwZ8kli', 'fJHO3rQCmp'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, sLnj3yVQYhKYGc6N2e0.csHigh entropy of concatenated method names: 'cCYGdtkgrO', 'DV4GnM1U7X', 'eTiGLmfBPB', 'xM3Go8a2Lk', 'hoJGA0ioX5', 'OTEGenyBcJ', 'iplGfhmSYC', 'zmdGWxQY6h', 'EvCGxxRsfJ', 'JyKGTelYYQ'
                    Source: 0.2.SOA Payment for June 30th.exe.49488f0.5.raw.unpack, XNSlb6B08qHNUtpO6P.csHigh entropy of concatenated method names: 'NLe6sdmjod', 'YIg6yG3UhQ', 'kWY6OrG7Xh', 'BQg6aqgegk', 'Aku6Ke4xTJ', 'Jgy6tlPDh5', 'biJ6jw1Jvg', 'gsR6BkYVw7', 'sCV6ShVl9X', 'SbF6I7WyMP'
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: SOA Payment for June 30th.exe PID: 1576, type: MEMORYSTR
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: SOA Payment for June 30th.exe, 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: 1080000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: 2D60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: 2B00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: 9080000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: A080000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: A290000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: B290000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: B6A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: C6A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: D6A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: E8A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: F8A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: 108A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: 118A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: 2B70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: 2D80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWindow / User API: threadDelayed 7157Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWindow / User API: threadDelayed 2667Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 2696Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep count: 31 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -99875s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 4208Thread sleep count: 7157 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 4208Thread sleep count: 2667 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -99766s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep count: 38 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -99641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -99532s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -99407s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -99282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -99172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -99063s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -98938s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -98813s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -98703s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -98588s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -98484s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -98363s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -98235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -98110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -97985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -97860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -97735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -97610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -97485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -97360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -97235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -97110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -96985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -96860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -96735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -96610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -96485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -96360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -96235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -96110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -95985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -95860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -95735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -95610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -95485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -95360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -95235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -95110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -94985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -94860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -94735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -94610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -94485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -94360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -94235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -94110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exe TID: 5528Thread sleep time: -93985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 99875Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 99766Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 99641Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 99532Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 99407Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 99282Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 99172Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 99063Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 98938Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 98813Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 98703Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 98588Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 98484Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 98363Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 98235Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 98110Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 97985Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 97860Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 97735Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 97610Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 97485Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 97360Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 97235Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 97110Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 96985Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 96860Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 96735Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 96610Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 96485Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 96360Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 96235Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 96110Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 95985Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 95860Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 95735Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 95610Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 95485Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 95360Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 95235Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 95110Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 94985Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 94860Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 94735Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 94610Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 94485Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 94360Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 94235Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 94110Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeThread delayed: delay time: 93985Jump to behavior
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBox
                    Source: SOA Payment for June 30th.exe, 00000003.00000002.4597811398.000000000105F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeCode function: 3_2_02BB70B0 CheckRemoteDebuggerPresent,3_2_02BB70B0
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeMemory written: C:\Users\user\Desktop\SOA Payment for June 30th.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeProcess created: C:\Users\user\Desktop\SOA Payment for June 30th.exe "C:\Users\user\Desktop\SOA Payment for June 30th.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Users\user\Desktop\SOA Payment for June 30th.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Users\user\Desktop\SOA Payment for June 30th.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 3.2.SOA Payment for June 30th.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.47c6078.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.4801698.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.4801698.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.4599301189.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.4599301189.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SOA Payment for June 30th.exe PID: 1576, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SOA Payment for June 30th.exe PID: 6408, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\SOA Payment for June 30th.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: Yara matchFile source: 3.2.SOA Payment for June 30th.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.47c6078.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.4801698.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.4801698.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.4599301189.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SOA Payment for June 30th.exe PID: 1576, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SOA Payment for June 30th.exe PID: 6408, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 3.2.SOA Payment for June 30th.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.47c6078.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.4801698.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.4801698.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.SOA Payment for June 30th.exe.47c6078.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000003.00000002.4599301189.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.4599301189.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: SOA Payment for June 30th.exe PID: 1576, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: SOA Payment for June 30th.exe PID: 6408, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts111
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		21
                    Input Capture                    		34
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		1
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		1
                    Query Registry                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                    Software Packing                    		NTDS531
                    Security Software Discovery                    		Distributed Component Object Model21
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Timestomp                    		LSA Secrets1
                    Process Discovery                    		SSHKeylogging12
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain Credentials261
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Masquerading                    		DCSync1
                    Application Window Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job261
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    SOA Payment for June 30th.exe32%ReversingLabsWin32.Trojan.Malgent
                    SOA Payment for June 30th.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://sectigo.com/CPS00%URL Reputationsafe
                    https://account.dyn.com/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                    http://ip-api.com0%URL Reputationsafe
                    http://nffplp.com0%Avira URL Cloudsafe
                    http://tempuri.org/DataSet1.xsd0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ip-api.com
                    		208.95.112.1
                    		truetrue
                      		unknown
                      nffplp.com
                      		163.44.198.71
                      		truetrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://ip-api.com/line/?fields=hostingfalse
                        • URL Reputation: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://nffplp.comSOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sectigo.com/CPS0SOA Payment for June 30th.exe, 00000003.00000002.4597811398.0000000001021000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597811398.000000000102F000.00000004.00000020.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002DE4000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://account.dyn.com/SOA Payment for June 30th.exe, 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmp, SOA Payment for June 30th.exe, 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://tempuri.org/DataSet1.xsdSOA Payment for June 30th.exefalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ip-api.comSOA Payment for June 30th.exe, 00000003.00000002.4599301189.0000000002D81000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        208.95.112.1
                        		ip-api.comUnited States
                        		53334TUT-ASUStrue
                        163.44.198.71
                        		nffplp.comSingapore
                        		135161GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSGtrue

                        General Information

                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1467838
                        Start date and time:2024-07-04 21:37:07 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 8m 46s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:6
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:SOA Payment for June 30th.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@3/1@3/2
                        EGA Information:
                        • Successful, ratio: 100%
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 180
                        • Number of non-executed functions: 29
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                        • VT rate limit hit for: SOA Payment for June 30th.exe

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        15:38:07API Interceptor12645473x Sleep call for process: SOA Payment for June 30th.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        208.95.112.1SecuriteInfo.com.Win32.MalwareX-gen.20684.5190.exeGet hashmaliciousAgentTeslaBrowse
                        • ip-api.com/line/?fields=hosting
                        bL1WCnC18s.exeGet hashmaliciousAgentTeslaBrowse
                        • ip-api.com/line/?fields=hosting
                        A1YOFV1abV.exeGet hashmaliciousAgentTeslaBrowse
                        • ip-api.com/line/?fields=hosting
                        main.ps1Get hashmaliciousUnknownBrowse
                        • ip-api.com/json
                        main.ps1Get hashmaliciousUnknownBrowse
                        • ip-api.com/json
                        Orden.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                        • ip-api.com/line/?fields=hosting
                        20240704-455.exeGet hashmaliciousGuLoaderBrowse
                        • ip-api.com/line/?fields=hosting
                        McrflHf6vg.exeGet hashmaliciousWhiteSnake StealerBrowse
                        • ip-api.com/line?fields=query,country
                        Order List Pdf.exeGet hashmaliciousAgentTeslaBrowse
                        • ip-api.com/line/?fields=hosting
                        datos bancarios y c#U00f3digo swift incorrecto009.pdf.exeGet hashmaliciousAgentTeslaBrowse
                        • ip-api.com/line/?fields=hosting
                        163.44.198.71US00061Q0904081THBKK.exeGet hashmaliciousAgentTeslaBrowse
                          SecuriteInfo.com.Win32.PWSX-gen.17036.7156.exeGet hashmaliciousAgentTeslaBrowse
                            SecuriteInfo.com.Win32.PWSX-gen.25669.202.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                              Commercial_Inv_and_PList.exeGet hashmaliciousAgentTeslaBrowse

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                nffplp.comUS00061Q0904081THBKK.exeGet hashmaliciousAgentTeslaBrowse
                                • 163.44.198.71
                                SecuriteInfo.com.Win32.PWSX-gen.17036.7156.exeGet hashmaliciousAgentTeslaBrowse
                                • 163.44.198.71
                                SecuriteInfo.com.Win32.PWSX-gen.25669.202.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 163.44.198.71
                                Commercial_Inv_and_PList.exeGet hashmaliciousAgentTeslaBrowse
                                • 163.44.198.71
                                ip-api.comSecuriteInfo.com.Win32.MalwareX-gen.20684.5190.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                bL1WCnC18s.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                A1YOFV1abV.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                main.ps1Get hashmaliciousUnknownBrowse
                                • 208.95.112.1
                                main.ps1Get hashmaliciousUnknownBrowse
                                • 208.95.112.1
                                Orden.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                20240704-455.exeGet hashmaliciousGuLoaderBrowse
                                • 208.95.112.1
                                McrflHf6vg.exeGet hashmaliciousWhiteSnake StealerBrowse
                                • 208.95.112.1
                                Order List Pdf.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                datos bancarios y c#U00f3digo swift incorrecto009.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                GMO-Z-COM-THGMO-ZcomNetDesignHoldingsCoLtdSGUS00061Q0904081THBKK.exeGet hashmaliciousAgentTeslaBrowse
                                • 163.44.198.71
                                http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/securityauthentication.html?onlinebanking.mtb.com/Login/MTBSignOn?security+authenticationGet hashmaliciousUnknownBrowse
                                • 163.44.198.51
                                http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/secq.html?onlinebanking.mtb.com/Login/MTBSignOnGet hashmaliciousUnknownBrowse
                                • 163.44.198.51
                                http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/authenticate.html?onlinebanking.mtb.com/Login/MTBSignOnGet hashmaliciousUnknownBrowse
                                • 163.44.198.51
                                http://46814880-10-20181030130048.webstarterz.com/tedsplay.com/onlinebankingmtb/Get hashmaliciousUnknownBrowse
                                • 163.44.198.51
                                https://cpanel12wh.bkk1.cloud.z.com/~cp318430/app/browser/account.phpGet hashmaliciousHTMLPhisherBrowse
                                • 163.44.198.61
                                Facture_160087511.htmlGet hashmaliciousScreenConnect ToolBrowse
                                • 163.44.198.43
                                SecuriteInfo.com.Win32.PWSX-gen.17036.7156.exeGet hashmaliciousAgentTeslaBrowse
                                • 163.44.198.71
                                SecuriteInfo.com.Win32.PWSX-gen.25669.202.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                • 163.44.198.71
                                Commercial_Inv_and_PList.exeGet hashmaliciousAgentTeslaBrowse
                                • 163.44.198.71
                                TUT-ASUSSecuriteInfo.com.Win32.MalwareX-gen.20684.5190.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                bL1WCnC18s.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                A1YOFV1abV.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                main.ps1Get hashmaliciousUnknownBrowse
                                • 208.95.112.1
                                main.ps1Get hashmaliciousUnknownBrowse
                                • 208.95.112.1
                                Orden.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                20240704-455.exeGet hashmaliciousGuLoaderBrowse
                                • 208.95.112.1
                                McrflHf6vg.exeGet hashmaliciousWhiteSnake StealerBrowse
                                • 208.95.112.1
                                Order List Pdf.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1
                                datos bancarios y c#U00f3digo swift incorrecto009.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                • 208.95.112.1

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SOA Payment for June 30th.exe.log

                                Download File
                                Process:C:\Users\user\Desktop\SOA Payment for June 30th.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1216
                                Entropy (8bit):5.34331486778365
                                Encrypted:false
                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                Malicious:true
                                Reputation:high, very likely benign file
                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):7.539501455291849
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                • DOS Executable Generic (2002/1) 0.01%
                                File name:SOA Payment for June 30th.exe
                                File size:825'344 bytes
                                MD5:63128eeca6e0dabeddfd68c0517d4c91
                                SHA1:eb43eb41464d255d312b6b2aa14428ccd16156da
                                SHA256:45d0c2ec2ede02e8b8ef535346a4e7e06fd52ba27995a15a5f1a0b11e305d4f7
                                SHA512:73fabc52ee53b8ab3e70006c058ad6718b00cdc8259eccb7e545e7223d1cff7f84d670788484b6fdb59ef4930162d0ccbe83f2af4f1ab9fdc3d0577e9a767547
                                SSDEEP:12288:dLYjofC1PHG1ub2dwZEWBMlQrpNO4904kZwB2JYoUev4y1VJznHhtbKOVDyTVoy:+1m1utZqi9gI0qB2JYofQOznHhhKGy
                                TLSH:8C05F08532A88BC5EC694BF9F824D1F40360AC5A5C20D37B2DC1FECB3AB17615635A5B
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................................@................................

                                File Icon

                                Icon Hash:00928e8e8686b000

                                Static PE Info

                                General

                                Entrypoint:0x4cadd2
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0xFDB78393 [Thu Nov 20 22:13:39 2104 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                Entrypoint Preview

                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0xcad7f0x4f.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xcc0000x5bc.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xce0000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0xc83480x70.text
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000xc8dd80xc8e00cbce5f7c1d4b8cfcb4aca8145cb4a3a0False0.8521069928438083data7.547057220379541IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rsrc0xcc0000x5bc0x600ee48b54efa6d37dd8787e6899992e0c0False0.4212239583333333data4.109832418641144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .reloc0xce0000xc0x200c3cda794d8cef9429caa754c2f79663aFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_VERSION0xcc0900x32cdata0.42610837438423643
                                RT_MANIFEST0xcc3cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                Imports

                                DLLImport
                                mscoree.dll_CorExeMain

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jul 4, 2024 21:38:09.778100967 CEST4971380192.168.2.5208.95.112.1
                                Jul 4, 2024 21:38:09.786899090 CEST8049713208.95.112.1192.168.2.5
                                Jul 4, 2024 21:38:09.786956072 CEST4971380192.168.2.5208.95.112.1
                                Jul 4, 2024 21:38:09.787770033 CEST4971380192.168.2.5208.95.112.1
                                Jul 4, 2024 21:38:09.792618036 CEST8049713208.95.112.1192.168.2.5
                                Jul 4, 2024 21:38:10.282705069 CEST8049713208.95.112.1192.168.2.5
                                Jul 4, 2024 21:38:10.328507900 CEST4971380192.168.2.5208.95.112.1
                                Jul 4, 2024 21:38:12.241674900 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:12.246500969 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:12.249209881 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:13.947277069 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:13.947480917 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:13.952320099 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:14.291934967 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:14.292078018 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:14.296916008 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:14.638628006 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:14.643465996 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:14.648288965 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.002295017 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.002311945 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.002325058 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.002337933 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.002365112 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:15.002404928 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:15.096198082 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.140971899 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:15.141799927 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:15.146723032 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.487900972 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.501025915 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:15.506740093 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.845267057 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:15.847604990 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:15.852473021 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:16.192298889 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:16.192709923 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:16.197534084 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:16.562305927 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:16.563093901 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:16.567975044 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:16.907412052 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:16.907711983 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:16.912652016 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:17.330837965 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:17.331338882 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:17.336636066 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:17.676101923 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:17.677531004 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:17.677756071 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:17.677793026 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:17.677833080 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:17.682410955 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:17.682642937 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:17.682696104 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:17.682704926 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:18.272160053 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:38:18.312864065 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:38:59.777565002 CEST8049713208.95.112.1192.168.2.5
                                Jul 4, 2024 21:38:59.777698040 CEST4971380192.168.2.5208.95.112.1
                                Jul 4, 2024 21:39:01.094407082 CEST4971380192.168.2.5208.95.112.1
                                Jul 4, 2024 21:39:01.099343061 CEST8049713208.95.112.1192.168.2.5
                                Jul 4, 2024 21:39:51.110049009 CEST49715587192.168.2.5163.44.198.71
                                Jul 4, 2024 21:39:51.115127087 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:39:51.455573082 CEST58749715163.44.198.71192.168.2.5
                                Jul 4, 2024 21:39:51.460787058 CEST49715587192.168.2.5163.44.198.71

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jul 4, 2024 21:38:09.762804985 CEST6224153192.168.2.51.1.1.1
                                Jul 4, 2024 21:38:09.772793055 CEST53622411.1.1.1192.168.2.5
                                Jul 4, 2024 21:38:11.093286037 CEST6500153192.168.2.51.1.1.1
                                Jul 4, 2024 21:38:12.094188929 CEST6500153192.168.2.51.1.1.1
                                Jul 4, 2024 21:38:12.239953041 CEST53650011.1.1.1192.168.2.5
                                Jul 4, 2024 21:38:12.243968964 CEST53650011.1.1.1192.168.2.5

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Jul 4, 2024 21:38:09.762804985 CEST192.168.2.51.1.1.10xe583Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                Jul 4, 2024 21:38:11.093286037 CEST192.168.2.51.1.1.10x209aStandard query (0)nffplp.comA (IP address)IN (0x0001)false
                                Jul 4, 2024 21:38:12.094188929 CEST192.168.2.51.1.1.10x209aStandard query (0)nffplp.comA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Jul 4, 2024 21:38:09.772793055 CEST1.1.1.1192.168.2.50xe583No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                Jul 4, 2024 21:38:12.239953041 CEST1.1.1.1192.168.2.50x209aNo error (0)nffplp.com163.44.198.71A (IP address)IN (0x0001)false
                                Jul 4, 2024 21:38:12.243968964 CEST1.1.1.1192.168.2.50x209aNo error (0)nffplp.com163.44.198.71A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • ip-api.com

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.549713208.95.112.1806408C:\Users\user\Desktop\SOA Payment for June 30th.exe
                                TimestampBytes transferredDirectionData
                                Jul 4, 2024 21:38:09.787770033 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                Host: ip-api.com
                                Connection: Keep-Alive
                                Jul 4, 2024 21:38:10.282705069 CEST175INHTTP/1.1 200 OK
                                Date: Thu, 04 Jul 2024 19:38:09 GMT
                                Content-Type: text/plain; charset=utf-8
                                Content-Length: 6
                                Access-Control-Allow-Origin: *
                                X-Ttl: 60
                                X-Rl: 44
                                Data Raw: 66 61 6c 73 65 0a
                                Data Ascii: false


                                SMTP Packets

                                TimestampSource PortDest PortSource IPDest IPCommands
                                Jul 4, 2024 21:38:13.947277069 CEST58749715163.44.198.71192.168.2.5220-cpanel16wh.bkk1.cloud.z.com ESMTP Exim 4.96.2 #2 Fri, 05 Jul 2024 02:38:13 +0700
                                220-We do not authorize the use of this system to transport unsolicited,
                                220 and/or bulk e-mail.
                                Jul 4, 2024 21:38:13.947480917 CEST49715587192.168.2.5163.44.198.71EHLO 414408
                                Jul 4, 2024 21:38:14.291934967 CEST58749715163.44.198.71192.168.2.5250-cpanel16wh.bkk1.cloud.z.com Hello 414408 [8.46.123.33]
                                250-SIZE 52428800
                                250-8BITMIME
                                250-PIPELINING
                                250-PIPECONNECT
                                250-STARTTLS
                                250 HELP
                                Jul 4, 2024 21:38:14.292078018 CEST49715587192.168.2.5163.44.198.71STARTTLS
                                Jul 4, 2024 21:38:14.638628006 CEST58749715163.44.198.71192.168.2.5220 TLS go ahead

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:15:38:07
                                Start date:04/07/2024
                                Path:C:\Users\user\Desktop\SOA Payment for June 30th.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\SOA Payment for June 30th.exe"
                                Imagebase:0x8a0000
                                File size:825'344 bytes
                                MD5 hash:63128EECA6E0DABEDDFD68C0517D4C91
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2155363540.000000000473E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:3
                                Start time:15:38:08
                                Start date:04/07/2024
                                Path:C:\Users\user\Desktop\SOA Payment for June 30th.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\SOA Payment for June 30th.exe"
                                Imagebase:0xab0000
                                File size:825'344 bytes
                                MD5 hash:63128EECA6E0DABEDDFD68C0517D4C91
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.4599301189.0000000002E01000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4599301189.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.4599301189.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.4597596271.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:false

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:8.9%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:361
                                  Total number of Limit Nodes:27
                                  execution_graph 48271 133aef0 48275 133afd7 48271->48275 48283 133afe8 48271->48283 48272 133aeff 48276 133aff9 48275->48276 48278 133b01c 48275->48278 48276->48278 48291 133b271 48276->48291 48295 133b280 48276->48295 48277 133b014 48277->48278 48279 133b220 GetModuleHandleW 48277->48279 48278->48272 48280 133b24d 48279->48280 48280->48272 48284 133aff9 48283->48284 48285 133b01c 48283->48285 48284->48285 48289 133b271 LoadLibraryExW 48284->48289 48290 133b280 LoadLibraryExW 48284->48290 48285->48272 48286 133b220 GetModuleHandleW 48288 133b24d 48286->48288 48287 133b014 48287->48285 48287->48286 48288->48272 48289->48287 48290->48287 48292 133b280 48291->48292 48293 133b2b9 48292->48293 48299 133ad08 48292->48299 48293->48277 48296 133b294 48295->48296 48297 133ad08 LoadLibraryExW 48296->48297 48298 133b2b9 48296->48298 48297->48298 48298->48277 48300 133b460 LoadLibraryExW 48299->48300 48302 133b4d9 48300->48302 48302->48293 48697 133d280 48698 133d2c6 GetCurrentProcess 48697->48698 48700 133d311 48698->48700 48701 133d318 GetCurrentThread 48698->48701 48700->48701 48702 133d355 GetCurrentProcess 48701->48702 48703 133d34e 48701->48703 48704 133d38b 48702->48704 48703->48702 48705 133d3b3 GetCurrentThreadId 48704->48705 48706 133d3e4 48705->48706 48303 707d040 48304 707d05e 48303->48304 48305 707d068 48303->48305 48307 707d093 48304->48307 48308 707d0b6 48307->48308 48311 707d0d4 48307->48311 48312 707bc64 48308->48312 48311->48305 48313 707ca60 FindCloseChangeNotification 48312->48313 48314 707cac7 48313->48314 48314->48305 48315 707808e 48316 707809b 48315->48316 48320 7078779 48316->48320 48325 7078788 48316->48325 48317 70780a6 48321 7078788 48320->48321 48330 7078826 48321->48330 48352 70787b9 48321->48352 48322 70787af 48322->48317 48326 707879d 48325->48326 48328 7078826 12 API calls 48326->48328 48329 70787b9 12 API calls 48326->48329 48327 70787af 48327->48317 48328->48327 48329->48327 48331 70787b4 48330->48331 48333 7078829 48330->48333 48373 7078e07 48331->48373 48378 70793d8 48331->48378 48393 7078d99 48331->48393 48405 70790ba 48331->48405 48412 7078c5f 48331->48412 48416 7078f93 48331->48416 48428 7078d55 48331->48428 48435 7079115 48331->48435 48439 7078eb5 48331->48439 48455 7078d36 48331->48455 48460 7078f17 48331->48460 48467 707950a 48331->48467 48479 7078fac 48331->48479 48484 707916c 48331->48484 48491 707906e 48331->48491 48509 7078cae 48331->48509 48521 7078ccf 48331->48521 48533 7078e2f 48331->48533 48332 7078806 48332->48322 48333->48322 48353 70787e2 48352->48353 48355 7078e07 2 API calls 48353->48355 48356 7078e2f 6 API calls 48353->48356 48357 7078ccf 6 API calls 48353->48357 48358 7078cae 6 API calls 48353->48358 48359 707906e 10 API calls 48353->48359 48360 707916c 4 API calls 48353->48360 48361 7078fac 2 API calls 48353->48361 48362 707950a 6 API calls 48353->48362 48363 7078f17 4 API calls 48353->48363 48364 7078d36 2 API calls 48353->48364 48365 7078eb5 8 API calls 48353->48365 48366 7079115 2 API calls 48353->48366 48367 7078d55 4 API calls 48353->48367 48368 7078f93 6 API calls 48353->48368 48369 7078c5f 2 API calls 48353->48369 48370 70790ba 4 API calls 48353->48370 48371 7078d99 6 API calls 48353->48371 48372 70793d8 8 API calls 48353->48372 48354 7078806 48354->48322 48355->48354 48356->48354 48357->48354 48358->48354 48359->48354 48360->48354 48361->48354 48362->48354 48363->48354 48364->48354 48365->48354 48366->48354 48367->48354 48368->48354 48369->48354 48370->48354 48371->48354 48372->48354 48374 7078e0d 48373->48374 48545 7077290 48374->48545 48549 7077298 48374->48549 48375 70795bd 48382 7079209 48378->48382 48379 7078f32 48381 7079587 48379->48381 48387 7077290 WriteProcessMemory 48379->48387 48388 7077298 WriteProcessMemory 48379->48388 48561 7079881 48379->48561 48566 7079890 48379->48566 48380 7078cb7 48380->48379 48383 7079054 48380->48383 48381->48332 48382->48380 48553 7077388 48382->48553 48557 7077381 48382->48557 48571 707704a 48383->48571 48575 7077050 48383->48575 48384 707946c 48387->48379 48388->48379 48394 7078d9d 48393->48394 48395 7078d35 48393->48395 48394->48395 48398 7078f32 48394->48398 48401 7077050 ResumeThread 48395->48401 48402 707704a ResumeThread 48395->48402 48396 707946c 48397 7079587 48397->48332 48398->48397 48399 7077290 WriteProcessMemory 48398->48399 48400 7077298 WriteProcessMemory 48398->48400 48403 7079881 2 API calls 48398->48403 48404 7079890 2 API calls 48398->48404 48399->48398 48400->48398 48401->48396 48402->48396 48403->48398 48404->48398 48406 70790c0 48405->48406 48407 7079587 48406->48407 48408 7077290 WriteProcessMemory 48406->48408 48409 7077298 WriteProcessMemory 48406->48409 48410 7079881 2 API calls 48406->48410 48411 7079890 2 API calls 48406->48411 48407->48332 48408->48406 48409->48406 48410->48406 48411->48406 48587 7077920 48412->48587 48591 70778df 48412->48591 48417 7078cb7 48416->48417 48418 7079054 48417->48418 48421 7078f32 48417->48421 48424 7077050 ResumeThread 48418->48424 48425 707704a ResumeThread 48418->48425 48419 707946c 48420 7079587 48420->48332 48421->48420 48422 7079881 2 API calls 48421->48422 48423 7079890 2 API calls 48421->48423 48426 7077290 WriteProcessMemory 48421->48426 48427 7077298 WriteProcessMemory 48421->48427 48422->48421 48423->48421 48424->48419 48425->48419 48426->48421 48427->48421 48595 7077100 48428->48595 48599 70770f8 48428->48599 48429 7078d4d 48431 7077050 ResumeThread 48429->48431 48432 707704a ResumeThread 48429->48432 48430 707946c 48431->48430 48432->48430 48437 7077290 WriteProcessMemory 48435->48437 48438 7077298 WriteProcessMemory 48435->48438 48436 7079143 48437->48436 48438->48436 48443 7078ec1 48439->48443 48440 7079673 48440->48332 48441 7078cb7 48442 7078f32 48441->48442 48445 7079054 48441->48445 48444 7079587 48442->48444 48447 7079881 2 API calls 48442->48447 48448 7079890 2 API calls 48442->48448 48449 7077290 WriteProcessMemory 48442->48449 48450 7077298 WriteProcessMemory 48442->48450 48443->48440 48443->48441 48453 7077381 ReadProcessMemory 48443->48453 48454 7077388 ReadProcessMemory 48443->48454 48444->48332 48451 7077050 ResumeThread 48445->48451 48452 707704a ResumeThread 48445->48452 48446 707946c 48447->48442 48448->48442 48449->48442 48450->48442 48451->48446 48452->48446 48453->48443 48454->48443 48456 7078d3c 48455->48456 48458 7077050 ResumeThread 48456->48458 48459 707704a ResumeThread 48456->48459 48457 707946c 48458->48457 48459->48457 48461 7078f1d 48460->48461 48462 7079587 48461->48462 48463 7079881 2 API calls 48461->48463 48464 7079890 2 API calls 48461->48464 48465 7077290 WriteProcessMemory 48461->48465 48466 7077298 WriteProcessMemory 48461->48466 48462->48332 48463->48461 48464->48461 48465->48461 48466->48461 48470 7078cb7 48467->48470 48468 7078f32 48469 7079587 48468->48469 48473 7079881 2 API calls 48468->48473 48474 7079890 2 API calls 48468->48474 48475 7077290 WriteProcessMemory 48468->48475 48476 7077298 WriteProcessMemory 48468->48476 48469->48332 48470->48468 48471 7079054 48470->48471 48477 7077050 ResumeThread 48471->48477 48478 707704a ResumeThread 48471->48478 48472 707946c 48473->48468 48474->48468 48475->48468 48476->48468 48477->48472 48478->48472 48480 7078fb9 48479->48480 48482 7077050 ResumeThread 48480->48482 48483 707704a ResumeThread 48480->48483 48481 707946c 48482->48481 48483->48481 48486 70790d1 48484->48486 48485 7079587 48485->48332 48486->48485 48487 7077290 WriteProcessMemory 48486->48487 48488 7077298 WriteProcessMemory 48486->48488 48489 7079881 2 API calls 48486->48489 48490 7079890 2 API calls 48486->48490 48487->48486 48488->48486 48489->48486 48490->48486 48503 7077100 Wow64SetThreadContext 48491->48503 48504 70770f8 Wow64SetThreadContext 48491->48504 48492 7078cb7 48494 7078f32 48492->48494 48497 7079054 48492->48497 48493 7079626 48496 7079587 48494->48496 48499 7079881 2 API calls 48494->48499 48500 7079890 2 API calls 48494->48500 48507 7077290 WriteProcessMemory 48494->48507 48508 7077298 WriteProcessMemory 48494->48508 48495 7079088 48495->48492 48495->48493 48505 7077381 ReadProcessMemory 48495->48505 48506 7077388 ReadProcessMemory 48495->48506 48496->48332 48501 7077050 ResumeThread 48497->48501 48502 707704a ResumeThread 48497->48502 48498 707946c 48499->48494 48500->48494 48501->48498 48502->48498 48503->48495 48504->48495 48505->48495 48506->48495 48507->48494 48508->48494 48510 7078cb7 48509->48510 48511 7079054 48510->48511 48514 7078f32 48510->48514 48517 7077050 ResumeThread 48511->48517 48518 707704a ResumeThread 48511->48518 48512 707946c 48513 7079587 48513->48332 48514->48513 48515 7079881 2 API calls 48514->48515 48516 7079890 2 API calls 48514->48516 48519 7077290 WriteProcessMemory 48514->48519 48520 7077298 WriteProcessMemory 48514->48520 48515->48514 48516->48514 48517->48512 48518->48512 48519->48514 48520->48514 48522 7078cb7 48521->48522 48523 7079054 48522->48523 48526 7078f32 48522->48526 48529 7077050 ResumeThread 48523->48529 48530 707704a ResumeThread 48523->48530 48524 707946c 48525 7079587 48525->48332 48526->48525 48527 7079881 2 API calls 48526->48527 48528 7079890 2 API calls 48526->48528 48531 7077290 WriteProcessMemory 48526->48531 48532 7077298 WriteProcessMemory 48526->48532 48527->48526 48528->48526 48529->48524 48530->48524 48531->48526 48532->48526 48535 7078cb7 48533->48535 48534 7078f32 48536 7079587 48534->48536 48539 7077290 WriteProcessMemory 48534->48539 48540 7077298 WriteProcessMemory 48534->48540 48543 7079881 2 API calls 48534->48543 48544 7079890 2 API calls 48534->48544 48535->48534 48537 7079054 48535->48537 48536->48332 48541 7077050 ResumeThread 48537->48541 48542 707704a ResumeThread 48537->48542 48538 707946c 48539->48534 48540->48534 48541->48538 48542->48538 48543->48534 48544->48534 48546 7077298 WriteProcessMemory 48545->48546 48548 7077337 48546->48548 48548->48375 48550 70772e0 WriteProcessMemory 48549->48550 48552 7077337 48550->48552 48552->48375 48554 70773d3 ReadProcessMemory 48553->48554 48556 7077417 48554->48556 48556->48382 48558 7077388 ReadProcessMemory 48557->48558 48560 7077417 48558->48560 48560->48382 48562 7079890 48561->48562 48579 70771d0 48562->48579 48583 70771d8 48562->48583 48563 70798c4 48563->48379 48567 70798a5 48566->48567 48569 70771d0 VirtualAllocEx 48567->48569 48570 70771d8 VirtualAllocEx 48567->48570 48568 70798c4 48568->48379 48569->48568 48570->48568 48572 7077050 ResumeThread 48571->48572 48574 70770c1 48572->48574 48574->48384 48576 7077090 ResumeThread 48575->48576 48578 70770c1 48576->48578 48578->48384 48580 70771d8 VirtualAllocEx 48579->48580 48582 7077255 48580->48582 48582->48563 48584 7077218 VirtualAllocEx 48583->48584 48586 7077255 48584->48586 48586->48563 48588 70779a9 CreateProcessA 48587->48588 48590 7077b6b 48588->48590 48592 70778f5 CreateProcessA 48591->48592 48594 7077b6b 48592->48594 48596 7077145 Wow64SetThreadContext 48595->48596 48598 707718d 48596->48598 48598->48429 48600 7077100 Wow64SetThreadContext 48599->48600 48602 707718d 48600->48602 48602->48429 48603 1334668 48604 133467a 48603->48604 48605 1334686 48604->48605 48607 1334779 48604->48607 48608 133479d 48607->48608 48612 1334877 48608->48612 48616 1334888 48608->48616 48609 13347a7 48609->48605 48614 1334888 48612->48614 48613 133498c 48613->48609 48614->48613 48620 1334514 48614->48620 48617 13348af 48616->48617 48618 133498c 48617->48618 48619 1334514 CreateActCtxA 48617->48619 48618->48609 48619->48618 48621 1335918 CreateActCtxA 48620->48621 48623 13359db 48621->48623 48707 133d4c8 DuplicateHandle 48708 133d55e 48707->48708 48624 103d01c 48625 103d034 48624->48625 48626 103d08e 48625->48626 48631 52f115c 48625->48631 48640 52f2c08 48625->48640 48649 52f1e98 48625->48649 48653 52f1ea8 48625->48653 48634 52f1167 48631->48634 48632 52f2c79 48673 52f1284 48632->48673 48634->48632 48635 52f2c69 48634->48635 48657 52f2e6c 48635->48657 48663 52f2d90 48635->48663 48668 52f2da0 48635->48668 48636 52f2c77 48643 52f2c45 48640->48643 48641 52f2c79 48642 52f1284 CallWindowProcW 48641->48642 48645 52f2c77 48642->48645 48643->48641 48644 52f2c69 48643->48644 48646 52f2e6c CallWindowProcW 48644->48646 48647 52f2da0 CallWindowProcW 48644->48647 48648 52f2d90 CallWindowProcW 48644->48648 48646->48645 48647->48645 48648->48645 48650 52f1ea8 48649->48650 48651 52f115c CallWindowProcW 48650->48651 48652 52f1eef 48651->48652 48652->48626 48654 52f1ece 48653->48654 48655 52f115c CallWindowProcW 48654->48655 48656 52f1eef 48655->48656 48656->48626 48658 52f2e2a 48657->48658 48659 52f2e7a 48657->48659 48677 52f2e48 48658->48677 48680 52f2e58 48658->48680 48660 52f2e40 48660->48636 48665 52f2da0 48663->48665 48664 52f2e40 48664->48636 48666 52f2e48 CallWindowProcW 48665->48666 48667 52f2e58 CallWindowProcW 48665->48667 48666->48664 48667->48664 48670 52f2db4 48668->48670 48669 52f2e40 48669->48636 48671 52f2e48 CallWindowProcW 48670->48671 48672 52f2e58 CallWindowProcW 48670->48672 48671->48669 48672->48669 48674 52f128f 48673->48674 48675 52f4309 48674->48675 48676 52f435a CallWindowProcW 48674->48676 48675->48636 48676->48675 48678 52f2e69 48677->48678 48683 52f4292 48677->48683 48678->48660 48681 52f2e69 48680->48681 48682 52f4292 CallWindowProcW 48680->48682 48681->48660 48682->48681 48684 52f1284 CallWindowProcW 48683->48684 48685 52f42aa 48684->48685 48685->48678 48686 52f1cf0 48687 52f1d58 CreateWindowExW 48686->48687 48689 52f1e14 48687->48689 48689->48689 48690 7079ba8 48691 7079d33 48690->48691 48693 7079bce 48690->48693 48693->48691 48694 7077534 48693->48694 48695 7079e28 PostMessageW 48694->48695 48696 7079e94 48695->48696 48696->48693

                                  Executed Functions

                                  Function 058B8B98 Relevance: 9.0, Strings: 7, Instructions: 280COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 294 58b8b98-58b8bc1 374 58b8bc1 call 58b8fc8 294->374 375 58b8bc1 call 58b8fd8 294->375 296 58b8bc7-58b8c22 call 58b4fec 305 58b8c25-58b8c3a 296->305 307 58b8c3c 305->307 308 58b8c41-58b8c56 307->308 309 58b8c58 308->309 310 58b8ca1-58b8ced 308->310 309->307 309->310 311 58b8c6a-58b8c74 309->311 312 58b8eaa-58b8ead 309->312 313 58b8d28 309->313 314 58b8cef 309->314 315 58b8d4d 309->315 316 58b8ee3-58b8f59 309->316 317 58b8c87-58b8c89 309->317 318 58b8d86 309->318 319 58b8dc4-58b8e0d 309->319 320 58b8f78-58b8f7f 309->320 321 58b8c5f-58b8c61 309->321 322 58b8d12-58b8d26 309->322 323 58b8d70-58b8d84 309->323 324 58b8d94 309->324 310->313 310->314 336 58b8c7a-58b8c85 311->336 383 58b8eb0 call 58bb281 312->383 384 58b8eb0 call 58bb290 312->384 313->315 331 58b8cf4-58b8d09 314->331 325 58b8d52-58b8d67 315->325 385 58b8f5b call 58bdaa9 316->385 386 58b8f5b call 58bdac0 316->386 328 58b8c8b-58b8c90 317->328 329 58b8c92 317->329 318->324 354 58b8e13-58b8e15 319->354 321->305 326 58b8c63-58b8c68 321->326 322->331 323->325 327 58b8d99-58b8dae 324->327 325->318 333 58b8d69 325->333 326->308 327->320 337 58b8db4 327->337 338 58b8c97-58b8c9f 328->338 329->338 331->313 341 58b8d0b 331->341 333->312 333->315 333->316 333->318 333->319 333->320 333->323 333->324 335 58b8eb6-58b8ebd 376 58b8ec2 call 58bcf2e 335->376 377 58b8ec2 call 58bbaac 335->377 378 58b8ec2 call 58bbacc 335->378 379 58b8ec2 call 58bbaec 335->379 380 58b8ec2 call 58bcfb0 335->380 336->308 337->312 337->316 337->319 337->320 337->324 338->308 341->312 341->313 341->314 341->315 341->316 341->318 341->319 341->320 341->322 341->323 341->324 343 58b8ec8 381 58b8eca call 58bd5c0 343->381 382 58b8eca call 58bd5d0 343->382 347 58b8ed0-58b8ede 347->327 356 58b8e2d-58b8e7f 354->356 357 58b8e17-58b8e1d 354->357 370 58b8e81-58b8e87 356->370 371 58b8e97-58b8ea5 356->371 358 58b8e1f 357->358 359 58b8e21-58b8e23 357->359 358->356 359->356 366 58b8f61 368 58b8f68-58b8f73 366->368 368->327 372 58b8e8b-58b8e8d 370->372 373 58b8e89 370->373 371->327 372->371 373->371 374->296 375->296 376->343 377->343 378->343 379->343 380->343 381->347 382->347 383->335 384->335 385->366 386->366
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: !Y3E$Tecq$Tecq$$cq$$cq$$cq$$cq
                                  • API String ID: 0-815790169
                                  • Opcode ID: f132a1c53dc34de5e53fe65234ecbbe07d40fb1de7d301241ca5174a2cd3d991
                                  • Instruction ID: 2c90a47b2712f992ec220eb870f62870ea0d108dd87ed70b0c9aaf257ab9c9ed
                                  • Opcode Fuzzy Hash: f132a1c53dc34de5e53fe65234ecbbe07d40fb1de7d301241ca5174a2cd3d991
                                  • Instruction Fuzzy Hash: FDA19374B102098FDB54DF78D954BAE7BEBBB88301F25842AE906DB394DEB4DC418B41
                                  Function 058B869E Relevance: 5.4, Strings: 4, Instructions: 350COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 432 58b869e-58b86a5 433 58b86ab-58b86b5 432->433 434 58b8ad7-58b8add 432->434 433->434 435 58b86bb-58b86cb 433->435 439 58b8adf-58b8b54 434->439 435->434 436 58b86d1-58b86db 435->436 436->434 438 58b86e1-58b86f1 436->438 438->434 440 58b86f7-58b8701 438->440 439->439 441 58b8b56-58b8b96 439->441 440->434 442 58b8707-58b8716 440->442 444 58b8b98-58b8bc1 441->444 442->434 524 58b8bc1 call 58b8fc8 444->524 525 58b8bc1 call 58b8fd8 444->525 446 58b8bc7-58b8c22 call 58b4fec 455 58b8c25-58b8c34 446->455 456 58b8c3a 455->456 457 58b8c3c 456->457 458 58b8c41-58b8c56 457->458 459 58b8c58 458->459 460 58b8ca1-58b8ced 458->460 459->457 459->460 461 58b8c6a-58b8c74 459->461 462 58b8eaa-58b8ead 459->462 463 58b8d28 459->463 464 58b8cef 459->464 465 58b8d4d 459->465 466 58b8ee3-58b8f23 459->466 467 58b8c87-58b8c89 459->467 468 58b8d86 459->468 469 58b8dc4-58b8df8 459->469 470 58b8f78-58b8f7f 459->470 471 58b8c5f-58b8c61 459->471 472 58b8d12-58b8d26 459->472 473 58b8d70-58b8d84 459->473 474 58b8d94 459->474 460->463 460->464 486 58b8c7a-58b8c85 461->486 533 58b8eb0 call 58bb281 462->533 534 58b8eb0 call 58bb290 462->534 463->465 481 58b8cf4-58b8d09 464->481 475 58b8d52-58b8d67 465->475 505 58b8f2d-58b8f3b 466->505 478 58b8c8b-58b8c90 467->478 479 58b8c92 467->479 468->474 501 58b8dff-58b8e0d 469->501 471->455 476 58b8c63-58b8c68 471->476 472->481 473->475 477 58b8d99-58b8dae 474->477 475->468 483 58b8d69 475->483 476->458 477->470 487 58b8db4 477->487 488 58b8c97-58b8c9f 478->488 479->488 481->463 491 58b8d0b 481->491 483->462 483->465 483->466 483->468 483->469 483->470 483->473 483->474 485 58b8eb6-58b8ebd 526 58b8ec2 call 58bcf2e 485->526 527 58b8ec2 call 58bbaac 485->527 528 58b8ec2 call 58bbacc 485->528 529 58b8ec2 call 58bbaec 485->529 530 58b8ec2 call 58bcfb0 485->530 486->458 487->462 487->466 487->469 487->470 487->474 488->458 491->462 491->463 491->464 491->465 491->466 491->468 491->469 491->470 491->472 491->473 491->474 493 58b8ec8 531 58b8eca call 58bd5c0 493->531 532 58b8eca call 58bd5d0 493->532 497 58b8ed0-58b8ede 497->477 504 58b8e13-58b8e15 501->504 506 58b8e2d-58b8e7f 504->506 507 58b8e17-58b8e1d 504->507 510 58b8f41-58b8f50 505->510 520 58b8e81-58b8e87 506->520 521 58b8e97-58b8ea5 506->521 508 58b8e1f 507->508 509 58b8e21-58b8e23 507->509 508->506 509->506 514 58b8f59 510->514 535 58b8f5b call 58bdaa9 514->535 536 58b8f5b call 58bdac0 514->536 516 58b8f61 518 58b8f68-58b8f73 516->518 518->477 522 58b8e8b-58b8e8d 520->522 523 58b8e89 520->523 521->477 522->521 523->521 524->446 525->446 526->493 527->493 528->493 529->493 530->493 531->497 532->497 533->485 534->485 535->516 536->516
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 565058accfbe76148a242a4b2bbe7f29fedf3b7c6157e7d6c100257f1ce5706c
                                  • Instruction ID: 487c815ac7d5400dff085e74cbacd4241b5ef1d3c550605e9d8b5c457eb5a7c6
                                  • Opcode Fuzzy Hash: 565058accfbe76148a242a4b2bbe7f29fedf3b7c6157e7d6c100257f1ce5706c
                                  • Instruction Fuzzy Hash: 59D18175B00205CFE754CF68C895A9ABBFABB88301F15846AE905EB395CEB4DC41CF51
                                  Function 058B84D3 Relevance: 5.3, Strings: 4, Instructions: 349COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 537 58b84d3-58b84da 538 58b84e0-58b84ea 537->538 539 58b8ad7-58b8add 537->539 538->539 540 58b84f0-58b8500 538->540 544 58b8adf-58b8b54 539->544 540->539 541 58b8506-58b8510 540->541 541->539 543 58b8516-58b852a 541->543 543->539 545 58b8465-58b847a 543->545 544->544 546 58b8b56-58b8b96 544->546 547 58b8ad0-58b8ad6 545->547 548 58b8480-58b848e 545->548 550 58b8b98-58b8bc1 546->550 548->539 552 58b8494-58b849e 548->552 637 58b8bc1 call 58b8fc8 550->637 638 58b8bc1 call 58b8fd8 550->638 552->539 554 58b84a4-58b84b8 552->554 554->545 555 58b8bc7-58b8c22 call 58b4fec 564 58b8c25-58b8c34 555->564 565 58b8c3a 564->565 566 58b8c3c 565->566 567 58b8c41-58b8c56 566->567 568 58b8c58 567->568 569 58b8ca1-58b8ced 567->569 568->566 568->569 570 58b8c6a-58b8c74 568->570 571 58b8eaa-58b8ead 568->571 572 58b8d28 568->572 573 58b8cef 568->573 574 58b8d4d 568->574 575 58b8ee3-58b8f23 568->575 576 58b8c87-58b8c89 568->576 577 58b8d86 568->577 578 58b8dc4-58b8df8 568->578 579 58b8f78-58b8f7f 568->579 580 58b8c5f-58b8c61 568->580 581 58b8d12-58b8d26 568->581 582 58b8d70-58b8d84 568->582 583 58b8d94 568->583 569->572 569->573 595 58b8c7a-58b8c85 570->595 633 58b8eb0 call 58bb281 571->633 634 58b8eb0 call 58bb290 571->634 572->574 590 58b8cf4-58b8d09 573->590 584 58b8d52-58b8d67 574->584 614 58b8f2d-58b8f3b 575->614 587 58b8c8b-58b8c90 576->587 588 58b8c92 576->588 577->583 610 58b8dff-58b8e0d 578->610 580->564 585 58b8c63-58b8c68 580->585 581->590 582->584 586 58b8d99-58b8dae 583->586 584->577 592 58b8d69 584->592 585->567 586->579 596 58b8db4 586->596 597 58b8c97-58b8c9f 587->597 588->597 590->572 600 58b8d0b 590->600 592->571 592->574 592->575 592->577 592->578 592->579 592->582 592->583 594 58b8eb6-58b8ebd 639 58b8ec2 call 58bcf2e 594->639 640 58b8ec2 call 58bbaac 594->640 641 58b8ec2 call 58bbacc 594->641 642 58b8ec2 call 58bbaec 594->642 643 58b8ec2 call 58bcfb0 594->643 595->567 596->571 596->575 596->578 596->579 596->583 597->567 600->571 600->572 600->573 600->574 600->575 600->577 600->578 600->579 600->581 600->582 600->583 602 58b8ec8 644 58b8eca call 58bd5c0 602->644 645 58b8eca call 58bd5d0 602->645 606 58b8ed0-58b8ede 606->586 613 58b8e13-58b8e15 610->613 615 58b8e2d-58b8e7f 613->615 616 58b8e17-58b8e1d 613->616 619 58b8f41-58b8f50 614->619 629 58b8e81-58b8e87 615->629 630 58b8e97-58b8ea5 615->630 617 58b8e1f 616->617 618 58b8e21-58b8e23 616->618 617->615 618->615 623 58b8f59 619->623 635 58b8f5b call 58bdaa9 623->635 636 58b8f5b call 58bdac0 623->636 625 58b8f61 627 58b8f68-58b8f73 625->627 627->586 631 58b8e8b-58b8e8d 629->631 632 58b8e89 629->632 630->586 631->630 632->630 633->594 634->594 635->625 636->625 637->555 638->555 639->602 640->602 641->602 642->602 643->602 644->606 645->606
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 664263b4dd25f004e43720ae66d47245eff63f2f63f181b00e324a1f463aec21
                                  • Instruction ID: a344bf1ceb0ef3c42ad1d9137105247011662326cd2afc6630be336097b82d6a
                                  • Opcode Fuzzy Hash: 664263b4dd25f004e43720ae66d47245eff63f2f63f181b00e324a1f463aec21
                                  • Instruction Fuzzy Hash: 93D1A175B102048FE744CF68C895BAA7BFBBB88300F15846AE906EB395CEB4DC018F41
                                  Function 058B8A08 Relevance: 5.3, Strings: 4, Instructions: 344COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 646 58b8a08-58b8a0f 647 58b8ad7-58b8add 646->647 648 58b8a15-58b8a1f 646->648 653 58b8adf-58b8b54 647->653 648->647 649 58b8a25-58b8a2f 648->649 649->647 650 58b8a35-58b8a3f 649->650 650->647 652 58b8a45-58b8a4f 650->652 652->647 654 58b8a55-58b8a5f 652->654 653->653 655 58b8b56-58b8b96 653->655 654->647 656 58b8a61-58b8a6a 654->656 658 58b8b98-58b8bc1 655->658 656->647 738 58b8bc1 call 58b8fc8 658->738 739 58b8bc1 call 58b8fd8 658->739 660 58b8bc7-58b8c22 call 58b4fec 669 58b8c25-58b8c34 660->669 670 58b8c3a 669->670 671 58b8c3c 670->671 672 58b8c41-58b8c56 671->672 673 58b8c58 672->673 674 58b8ca1-58b8ced 672->674 673->671 673->674 675 58b8c6a-58b8c74 673->675 676 58b8eaa-58b8ead 673->676 677 58b8d28 673->677 678 58b8cef 673->678 679 58b8d4d 673->679 680 58b8ee3-58b8f23 673->680 681 58b8c87-58b8c89 673->681 682 58b8d86 673->682 683 58b8dc4-58b8df8 673->683 684 58b8f78-58b8f7f 673->684 685 58b8c5f-58b8c61 673->685 686 58b8d12-58b8d26 673->686 687 58b8d70-58b8d84 673->687 688 58b8d94 673->688 674->677 674->678 700 58b8c7a-58b8c85 675->700 747 58b8eb0 call 58bb281 676->747 748 58b8eb0 call 58bb290 676->748 677->679 695 58b8cf4-58b8d09 678->695 689 58b8d52-58b8d67 679->689 719 58b8f2d-58b8f3b 680->719 692 58b8c8b-58b8c90 681->692 693 58b8c92 681->693 682->688 715 58b8dff-58b8e0d 683->715 685->669 690 58b8c63-58b8c68 685->690 686->695 687->689 691 58b8d99-58b8dae 688->691 689->682 697 58b8d69 689->697 690->672 691->684 701 58b8db4 691->701 702 58b8c97-58b8c9f 692->702 693->702 695->677 705 58b8d0b 695->705 697->676 697->679 697->680 697->682 697->683 697->684 697->687 697->688 699 58b8eb6-58b8ebd 740 58b8ec2 call 58bcf2e 699->740 741 58b8ec2 call 58bbaac 699->741 742 58b8ec2 call 58bbacc 699->742 743 58b8ec2 call 58bbaec 699->743 744 58b8ec2 call 58bcfb0 699->744 700->672 701->676 701->680 701->683 701->684 701->688 702->672 705->676 705->677 705->678 705->679 705->680 705->682 705->683 705->684 705->686 705->687 705->688 707 58b8ec8 745 58b8eca call 58bd5c0 707->745 746 58b8eca call 58bd5d0 707->746 711 58b8ed0-58b8ede 711->691 718 58b8e13-58b8e15 715->718 720 58b8e2d-58b8e7f 718->720 721 58b8e17-58b8e1d 718->721 724 58b8f41-58b8f50 719->724 734 58b8e81-58b8e87 720->734 735 58b8e97-58b8ea5 720->735 722 58b8e1f 721->722 723 58b8e21-58b8e23 721->723 722->720 723->720 728 58b8f59 724->728 749 58b8f5b call 58bdaa9 728->749 750 58b8f5b call 58bdac0 728->750 730 58b8f61 732 58b8f68-58b8f73 730->732 732->691 736 58b8e8b-58b8e8d 734->736 737 58b8e89 734->737 735->691 736->735 737->735 738->660 739->660 740->707 741->707 742->707 743->707 744->707 745->711 746->711 747->699 748->699 749->730 750->730
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 5b9873ca1f950704d1a92099fb0fa6b79b52d5d326a23a7a82e4a2d82714070f
                                  • Instruction ID: 26c25759c02efadd497b1ce38cf0c1746838f4016a9ccf042d41d714686ac4ef
                                  • Opcode Fuzzy Hash: 5b9873ca1f950704d1a92099fb0fa6b79b52d5d326a23a7a82e4a2d82714070f
                                  • Instruction Fuzzy Hash: 6DD19075B00205CFEB54CF68C895BAA7BFABB88301F15846AE905EB395DEB5DC018F41
                                  Function 058B8859 Relevance: 5.3, Strings: 4, Instructions: 340COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 751 58b8859-58b8860 752 58b8ad7-58b8add 751->752 753 58b8866-58b8870 751->753 758 58b8adf-58b8b54 752->758 753->752 754 58b8876-58b8886 753->754 754->752 755 58b888c-58b8896 754->755 755->752 757 58b889c-58b88ab 755->757 757->752 758->758 759 58b8b56-58b8b96 758->759 761 58b8b98-58b8bc1 759->761 841 58b8bc1 call 58b8fc8 761->841 842 58b8bc1 call 58b8fd8 761->842 763 58b8bc7-58b8c22 call 58b4fec 772 58b8c25-58b8c34 763->772 773 58b8c3a 772->773 774 58b8c3c 773->774 775 58b8c41-58b8c56 774->775 776 58b8c58 775->776 777 58b8ca1-58b8ced 775->777 776->774 776->777 778 58b8c6a-58b8c74 776->778 779 58b8eaa-58b8ead 776->779 780 58b8d28 776->780 781 58b8cef 776->781 782 58b8d4d 776->782 783 58b8ee3-58b8f23 776->783 784 58b8c87-58b8c89 776->784 785 58b8d86 776->785 786 58b8dc4-58b8df8 776->786 787 58b8f78-58b8f7f 776->787 788 58b8c5f-58b8c61 776->788 789 58b8d12-58b8d26 776->789 790 58b8d70-58b8d84 776->790 791 58b8d94 776->791 777->780 777->781 803 58b8c7a-58b8c85 778->803 850 58b8eb0 call 58bb281 779->850 851 58b8eb0 call 58bb290 779->851 780->782 798 58b8cf4-58b8d09 781->798 792 58b8d52-58b8d67 782->792 822 58b8f2d-58b8f3b 783->822 795 58b8c8b-58b8c90 784->795 796 58b8c92 784->796 785->791 818 58b8dff-58b8e0d 786->818 788->772 793 58b8c63-58b8c68 788->793 789->798 790->792 794 58b8d99-58b8dae 791->794 792->785 800 58b8d69 792->800 793->775 794->787 804 58b8db4 794->804 805 58b8c97-58b8c9f 795->805 796->805 798->780 808 58b8d0b 798->808 800->779 800->782 800->783 800->785 800->786 800->787 800->790 800->791 802 58b8eb6-58b8ebd 843 58b8ec2 call 58bcf2e 802->843 844 58b8ec2 call 58bbaac 802->844 845 58b8ec2 call 58bbacc 802->845 846 58b8ec2 call 58bbaec 802->846 847 58b8ec2 call 58bcfb0 802->847 803->775 804->779 804->783 804->786 804->787 804->791 805->775 808->779 808->780 808->781 808->782 808->783 808->785 808->786 808->787 808->789 808->790 808->791 810 58b8ec8 848 58b8eca call 58bd5c0 810->848 849 58b8eca call 58bd5d0 810->849 814 58b8ed0-58b8ede 814->794 821 58b8e13-58b8e15 818->821 823 58b8e2d-58b8e7f 821->823 824 58b8e17-58b8e1d 821->824 827 58b8f41-58b8f50 822->827 837 58b8e81-58b8e87 823->837 838 58b8e97-58b8ea5 823->838 825 58b8e1f 824->825 826 58b8e21-58b8e23 824->826 825->823 826->823 831 58b8f59 827->831 852 58b8f5b call 58bdaa9 831->852 853 58b8f5b call 58bdac0 831->853 833 58b8f61 835 58b8f68-58b8f73 833->835 835->794 839 58b8e8b-58b8e8d 837->839 840 58b8e89 837->840 838->794 839->838 840->838 841->763 842->763 843->810 844->810 845->810 846->810 847->810 848->814 849->814 850->802 851->802 852->833 853->833
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 5b71832835c04e96898bebf742c79511bd57f7e93fa381c0f7da454a407d55f3
                                  • Instruction ID: 2f378b0bbed70f09c6b519605d965828cf7d727cb9edfd578ba4344c4edc2944
                                  • Opcode Fuzzy Hash: 5b71832835c04e96898bebf742c79511bd57f7e93fa381c0f7da454a407d55f3
                                  • Instruction Fuzzy Hash: F2D1A175B00205CFE744CF68C895BAA7BFABB88311F15846AE905EB395CEB49C41CF41
                                  Function 058B8487 Relevance: 5.3, Strings: 4, Instructions: 339COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 854 58b8487-58b848e 855 58b8ad7-58b8add 854->855 856 58b8494-58b849e 854->856 862 58b8adf-58b8b54 855->862 856->855 857 58b84a4-58b84b8 856->857 860 58b8ad0-58b8ad6 857->860 861 58b8480 857->861 861->854 862->862 863 58b8b56-58b8b96 862->863 865 58b8b98-58b8bc1 863->865 945 58b8bc1 call 58b8fc8 865->945 946 58b8bc1 call 58b8fd8 865->946 867 58b8bc7-58b8c22 call 58b4fec 876 58b8c25-58b8c34 867->876 877 58b8c3a 876->877 878 58b8c3c 877->878 879 58b8c41-58b8c56 878->879 880 58b8c58 879->880 881 58b8ca1-58b8ced 879->881 880->878 880->881 882 58b8c6a-58b8c74 880->882 883 58b8eaa-58b8ead 880->883 884 58b8d28 880->884 885 58b8cef 880->885 886 58b8d4d 880->886 887 58b8ee3-58b8f23 880->887 888 58b8c87-58b8c89 880->888 889 58b8d86 880->889 890 58b8dc4-58b8df8 880->890 891 58b8f78-58b8f7f 880->891 892 58b8c5f-58b8c61 880->892 893 58b8d12-58b8d26 880->893 894 58b8d70-58b8d84 880->894 895 58b8d94 880->895 881->884 881->885 907 58b8c7a-58b8c85 882->907 954 58b8eb0 call 58bb281 883->954 955 58b8eb0 call 58bb290 883->955 884->886 902 58b8cf4-58b8d09 885->902 896 58b8d52-58b8d67 886->896 926 58b8f2d-58b8f3b 887->926 899 58b8c8b-58b8c90 888->899 900 58b8c92 888->900 889->895 922 58b8dff-58b8e0d 890->922 892->876 897 58b8c63-58b8c68 892->897 893->902 894->896 898 58b8d99-58b8dae 895->898 896->889 904 58b8d69 896->904 897->879 898->891 908 58b8db4 898->908 909 58b8c97-58b8c9f 899->909 900->909 902->884 912 58b8d0b 902->912 904->883 904->886 904->887 904->889 904->890 904->891 904->894 904->895 906 58b8eb6-58b8ebd 947 58b8ec2 call 58bcf2e 906->947 948 58b8ec2 call 58bbaac 906->948 949 58b8ec2 call 58bbacc 906->949 950 58b8ec2 call 58bbaec 906->950 951 58b8ec2 call 58bcfb0 906->951 907->879 908->883 908->887 908->890 908->891 908->895 909->879 912->883 912->884 912->885 912->886 912->887 912->889 912->890 912->891 912->893 912->894 912->895 914 58b8ec8 952 58b8eca call 58bd5c0 914->952 953 58b8eca call 58bd5d0 914->953 918 58b8ed0-58b8ede 918->898 925 58b8e13-58b8e15 922->925 927 58b8e2d-58b8e7f 925->927 928 58b8e17-58b8e1d 925->928 931 58b8f41-58b8f50 926->931 941 58b8e81-58b8e87 927->941 942 58b8e97-58b8ea5 927->942 929 58b8e1f 928->929 930 58b8e21-58b8e23 928->930 929->927 930->927 935 58b8f59 931->935 956 58b8f5b call 58bdaa9 935->956 957 58b8f5b call 58bdac0 935->957 937 58b8f61 939 58b8f68-58b8f73 937->939 939->898 943 58b8e8b-58b8e8d 941->943 944 58b8e89 941->944 942->898 943->942 944->942 945->867 946->867 947->914 948->914 949->914 950->914 951->914 952->918 953->918 954->906 955->906 956->937 957->937
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 34fde868f049e21501669d12c1c50683810c4fc5f7559aac045a4cdcba1c0a18
                                  • Instruction ID: 5a78dd113349a8683158ed2086481bf04e9639176dfade341fb2bc63b022881c
                                  • Opcode Fuzzy Hash: 34fde868f049e21501669d12c1c50683810c4fc5f7559aac045a4cdcba1c0a18
                                  • Instruction Fuzzy Hash: 34D1B375B101059FEB44CF68C895BAA7BFBBB88300F15846AE906EB395DEB4DC018F41
                                  Function 058B87F9 Relevance: 5.3, Strings: 4, Instructions: 336COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 958 58b87f9-58b880b 959 58b8811-58b881e 958->959 960 58b8ad7-58b8add 958->960 959->960 961 58b8824-58b8836 959->961 963 58b8adf-58b8b54 960->963 961->960 963->963 964 58b8b56-58b8b96 963->964 966 58b8b98-58b8bc1 964->966 1046 58b8bc1 call 58b8fc8 966->1046 1047 58b8bc1 call 58b8fd8 966->1047 968 58b8bc7-58b8c22 call 58b4fec 977 58b8c25-58b8c34 968->977 978 58b8c3a 977->978 979 58b8c3c 978->979 980 58b8c41-58b8c56 979->980 981 58b8c58 980->981 982 58b8ca1-58b8ced 980->982 981->979 981->982 983 58b8c6a-58b8c74 981->983 984 58b8eaa-58b8ead 981->984 985 58b8d28 981->985 986 58b8cef 981->986 987 58b8d4d 981->987 988 58b8ee3-58b8f23 981->988 989 58b8c87-58b8c89 981->989 990 58b8d86 981->990 991 58b8dc4-58b8df8 981->991 992 58b8f78-58b8f7f 981->992 993 58b8c5f-58b8c61 981->993 994 58b8d12-58b8d26 981->994 995 58b8d70-58b8d84 981->995 996 58b8d94 981->996 982->985 982->986 1008 58b8c7a-58b8c85 983->1008 1055 58b8eb0 call 58bb281 984->1055 1056 58b8eb0 call 58bb290 984->1056 985->987 1003 58b8cf4-58b8d09 986->1003 997 58b8d52-58b8d67 987->997 1027 58b8f2d-58b8f3b 988->1027 1000 58b8c8b-58b8c90 989->1000 1001 58b8c92 989->1001 990->996 1023 58b8dff-58b8e0d 991->1023 993->977 998 58b8c63-58b8c68 993->998 994->1003 995->997 999 58b8d99-58b8dae 996->999 997->990 1005 58b8d69 997->1005 998->980 999->992 1009 58b8db4 999->1009 1010 58b8c97-58b8c9f 1000->1010 1001->1010 1003->985 1013 58b8d0b 1003->1013 1005->984 1005->987 1005->988 1005->990 1005->991 1005->992 1005->995 1005->996 1007 58b8eb6-58b8ebd 1048 58b8ec2 call 58bcf2e 1007->1048 1049 58b8ec2 call 58bbaac 1007->1049 1050 58b8ec2 call 58bbacc 1007->1050 1051 58b8ec2 call 58bbaec 1007->1051 1052 58b8ec2 call 58bcfb0 1007->1052 1008->980 1009->984 1009->988 1009->991 1009->992 1009->996 1010->980 1013->984 1013->985 1013->986 1013->987 1013->988 1013->990 1013->991 1013->992 1013->994 1013->995 1013->996 1015 58b8ec8 1053 58b8eca call 58bd5c0 1015->1053 1054 58b8eca call 58bd5d0 1015->1054 1019 58b8ed0-58b8ede 1019->999 1026 58b8e13-58b8e15 1023->1026 1028 58b8e2d-58b8e7f 1026->1028 1029 58b8e17-58b8e1d 1026->1029 1032 58b8f41-58b8f50 1027->1032 1042 58b8e81-58b8e87 1028->1042 1043 58b8e97-58b8ea5 1028->1043 1030 58b8e1f 1029->1030 1031 58b8e21-58b8e23 1029->1031 1030->1028 1031->1028 1036 58b8f59 1032->1036 1057 58b8f5b call 58bdaa9 1036->1057 1058 58b8f5b call 58bdac0 1036->1058 1038 58b8f61 1040 58b8f68-58b8f73 1038->1040 1040->999 1044 58b8e8b-58b8e8d 1042->1044 1045 58b8e89 1042->1045 1043->999 1044->1043 1045->1043 1046->968 1047->968 1048->1015 1049->1015 1050->1015 1051->1015 1052->1015 1053->1019 1054->1019 1055->1007 1056->1007 1057->1038 1058->1038
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 5949dd1e91c955307260d742c378daede7357a4c425fc3b03607737b7a9685b6
                                  • Instruction ID: c1e459bb4caa04050b9e3a2ddda61398f79f69e0a72f6ea57ae8576f6fd6c79a
                                  • Opcode Fuzzy Hash: 5949dd1e91c955307260d742c378daede7357a4c425fc3b03607737b7a9685b6
                                  • Instruction Fuzzy Hash: CCD1A275B002059FDB44CF68C895BAEBBBBBB88300F15446AE906EB395DEB49D41CF41
                                  Function 058B8720 Relevance: 5.3, Strings: 4, Instructions: 334COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1059 58b8720-58b872c 1060 58b8732-58b8748 1059->1060 1061 58b8ad7-58b8add 1059->1061 1060->1061 1062 58b874e-58b8758 1060->1062 1064 58b8adf-58b8b54 1061->1064 1062->1061 1064->1064 1065 58b8b56-58b8b96 1064->1065 1067 58b8b98-58b8bc1 1065->1067 1147 58b8bc1 call 58b8fc8 1067->1147 1148 58b8bc1 call 58b8fd8 1067->1148 1069 58b8bc7-58b8c22 call 58b4fec 1078 58b8c25-58b8c34 1069->1078 1079 58b8c3a 1078->1079 1080 58b8c3c 1079->1080 1081 58b8c41-58b8c56 1080->1081 1082 58b8c58 1081->1082 1083 58b8ca1-58b8ced 1081->1083 1082->1080 1082->1083 1084 58b8c6a-58b8c74 1082->1084 1085 58b8eaa-58b8ead 1082->1085 1086 58b8d28 1082->1086 1087 58b8cef 1082->1087 1088 58b8d4d 1082->1088 1089 58b8ee3-58b8f23 1082->1089 1090 58b8c87-58b8c89 1082->1090 1091 58b8d86 1082->1091 1092 58b8dc4-58b8df8 1082->1092 1093 58b8f78-58b8f7f 1082->1093 1094 58b8c5f-58b8c61 1082->1094 1095 58b8d12-58b8d26 1082->1095 1096 58b8d70-58b8d84 1082->1096 1097 58b8d94 1082->1097 1083->1086 1083->1087 1109 58b8c7a-58b8c85 1084->1109 1156 58b8eb0 call 58bb281 1085->1156 1157 58b8eb0 call 58bb290 1085->1157 1086->1088 1104 58b8cf4-58b8d09 1087->1104 1098 58b8d52-58b8d67 1088->1098 1128 58b8f2d-58b8f3b 1089->1128 1101 58b8c8b-58b8c90 1090->1101 1102 58b8c92 1090->1102 1091->1097 1124 58b8dff-58b8e0d 1092->1124 1094->1078 1099 58b8c63-58b8c68 1094->1099 1095->1104 1096->1098 1100 58b8d99-58b8dae 1097->1100 1098->1091 1106 58b8d69 1098->1106 1099->1081 1100->1093 1110 58b8db4 1100->1110 1111 58b8c97-58b8c9f 1101->1111 1102->1111 1104->1086 1114 58b8d0b 1104->1114 1106->1085 1106->1088 1106->1089 1106->1091 1106->1092 1106->1093 1106->1096 1106->1097 1108 58b8eb6-58b8ebd 1149 58b8ec2 call 58bcf2e 1108->1149 1150 58b8ec2 call 58bbaac 1108->1150 1151 58b8ec2 call 58bbacc 1108->1151 1152 58b8ec2 call 58bbaec 1108->1152 1153 58b8ec2 call 58bcfb0 1108->1153 1109->1081 1110->1085 1110->1089 1110->1092 1110->1093 1110->1097 1111->1081 1114->1085 1114->1086 1114->1087 1114->1088 1114->1089 1114->1091 1114->1092 1114->1093 1114->1095 1114->1096 1114->1097 1116 58b8ec8 1154 58b8eca call 58bd5c0 1116->1154 1155 58b8eca call 58bd5d0 1116->1155 1120 58b8ed0-58b8ede 1120->1100 1127 58b8e13-58b8e15 1124->1127 1129 58b8e2d-58b8e7f 1127->1129 1130 58b8e17-58b8e1d 1127->1130 1133 58b8f41-58b8f50 1128->1133 1143 58b8e81-58b8e87 1129->1143 1144 58b8e97-58b8ea5 1129->1144 1131 58b8e1f 1130->1131 1132 58b8e21-58b8e23 1130->1132 1131->1129 1132->1129 1137 58b8f59 1133->1137 1158 58b8f5b call 58bdaa9 1137->1158 1159 58b8f5b call 58bdac0 1137->1159 1139 58b8f61 1141 58b8f68-58b8f73 1139->1141 1141->1100 1145 58b8e8b-58b8e8d 1143->1145 1146 58b8e89 1143->1146 1144->1100 1145->1144 1146->1144 1147->1069 1148->1069 1149->1116 1150->1116 1151->1116 1152->1116 1153->1116 1154->1120 1155->1120 1156->1108 1157->1108 1158->1139 1159->1139
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 1fb7c5dac06a5c8728b6e6536a6052b298371fdda56a8791d5ee66abf09721c0
                                  • Instruction ID: 44252f4d27d4a0ea729998fff220bfb1e26c9433b1a098e46b2ec44ff161d2f0
                                  • Opcode Fuzzy Hash: 1fb7c5dac06a5c8728b6e6536a6052b298371fdda56a8791d5ee66abf09721c0
                                  • Instruction Fuzzy Hash: 56C1A274B002059FEB44DF68C895BAE7BBBBB88300F15446AE906EB395CEB49D01CF41
                                  Function 058B8A9C Relevance: 5.3, Strings: 4, Instructions: 332COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1160 58b8a9c-58b8aa3 1161 58b8ad7-58b8add 1160->1161 1162 58b8aa5-58b8aaf 1160->1162 1166 58b8adf-58b8b54 1161->1166 1162->1161 1163 58b8ab1-58b8abb 1162->1163 1163->1161 1164 58b8abd-58b8ac6 1163->1164 1164->1161 1166->1166 1167 58b8b56-58b8b96 1166->1167 1169 58b8b98-58b8bc1 1167->1169 1249 58b8bc1 call 58b8fc8 1169->1249 1250 58b8bc1 call 58b8fd8 1169->1250 1171 58b8bc7-58b8c22 call 58b4fec 1180 58b8c25-58b8c34 1171->1180 1181 58b8c3a 1180->1181 1182 58b8c3c 1181->1182 1183 58b8c41-58b8c56 1182->1183 1184 58b8c58 1183->1184 1185 58b8ca1-58b8ced 1183->1185 1184->1182 1184->1185 1186 58b8c6a-58b8c74 1184->1186 1187 58b8eaa-58b8ead 1184->1187 1188 58b8d28 1184->1188 1189 58b8cef 1184->1189 1190 58b8d4d 1184->1190 1191 58b8ee3-58b8f23 1184->1191 1192 58b8c87-58b8c89 1184->1192 1193 58b8d86 1184->1193 1194 58b8dc4-58b8df8 1184->1194 1195 58b8f78-58b8f7f 1184->1195 1196 58b8c5f-58b8c61 1184->1196 1197 58b8d12-58b8d26 1184->1197 1198 58b8d70-58b8d84 1184->1198 1199 58b8d94 1184->1199 1185->1188 1185->1189 1211 58b8c7a-58b8c85 1186->1211 1258 58b8eb0 call 58bb281 1187->1258 1259 58b8eb0 call 58bb290 1187->1259 1188->1190 1206 58b8cf4-58b8d09 1189->1206 1200 58b8d52-58b8d67 1190->1200 1230 58b8f2d-58b8f3b 1191->1230 1203 58b8c8b-58b8c90 1192->1203 1204 58b8c92 1192->1204 1193->1199 1226 58b8dff-58b8e0d 1194->1226 1196->1180 1201 58b8c63-58b8c68 1196->1201 1197->1206 1198->1200 1202 58b8d99-58b8dae 1199->1202 1200->1193 1208 58b8d69 1200->1208 1201->1183 1202->1195 1212 58b8db4 1202->1212 1213 58b8c97-58b8c9f 1203->1213 1204->1213 1206->1188 1216 58b8d0b 1206->1216 1208->1187 1208->1190 1208->1191 1208->1193 1208->1194 1208->1195 1208->1198 1208->1199 1210 58b8eb6-58b8ebd 1251 58b8ec2 call 58bcf2e 1210->1251 1252 58b8ec2 call 58bbaac 1210->1252 1253 58b8ec2 call 58bbacc 1210->1253 1254 58b8ec2 call 58bbaec 1210->1254 1255 58b8ec2 call 58bcfb0 1210->1255 1211->1183 1212->1187 1212->1191 1212->1194 1212->1195 1212->1199 1213->1183 1216->1187 1216->1188 1216->1189 1216->1190 1216->1191 1216->1193 1216->1194 1216->1195 1216->1197 1216->1198 1216->1199 1218 58b8ec8 1256 58b8eca call 58bd5c0 1218->1256 1257 58b8eca call 58bd5d0 1218->1257 1222 58b8ed0-58b8ede 1222->1202 1229 58b8e13-58b8e15 1226->1229 1231 58b8e2d-58b8e7f 1229->1231 1232 58b8e17-58b8e1d 1229->1232 1235 58b8f41-58b8f50 1230->1235 1245 58b8e81-58b8e87 1231->1245 1246 58b8e97-58b8ea5 1231->1246 1233 58b8e1f 1232->1233 1234 58b8e21-58b8e23 1232->1234 1233->1231 1234->1231 1239 58b8f59 1235->1239 1260 58b8f5b call 58bdaa9 1239->1260 1261 58b8f5b call 58bdac0 1239->1261 1241 58b8f61 1243 58b8f68-58b8f73 1241->1243 1243->1202 1247 58b8e8b-58b8e8d 1245->1247 1248 58b8e89 1245->1248 1246->1202 1247->1246 1248->1246 1249->1171 1250->1171 1251->1218 1252->1218 1253->1218 1254->1218 1255->1218 1256->1222 1257->1222 1258->1210 1259->1210 1260->1241 1261->1241
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 6e706f40d6066619d7ff7cf9bb567a176b0f4e97071ddf66b73802a993dfd76e
                                  • Instruction ID: 800f5651d82819651a703b3dcc9f2ac273ffb8362fcdb893253ac84fecdcacdb
                                  • Opcode Fuzzy Hash: 6e706f40d6066619d7ff7cf9bb567a176b0f4e97071ddf66b73802a993dfd76e
                                  • Instruction Fuzzy Hash: FEC1A375B102058FEB54CF68C855BAA7BFBBB88301F15846AE906EB395DEB4DC018F41
                                  Function 058B8850 Relevance: 5.3, Strings: 4, Instructions: 331COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1262 58b8850-58b8886 1264 58b888c-58b8896 1262->1264 1265 58b8ad7-58b8add 1262->1265 1264->1265 1266 58b889c-58b88ab 1264->1266 1268 58b8adf-58b8b54 1265->1268 1266->1265 1268->1268 1269 58b8b56-58b8b96 1268->1269 1271 58b8b98-58b8bc1 1269->1271 1357 58b8bc1 call 58b8fc8 1271->1357 1358 58b8bc1 call 58b8fd8 1271->1358 1273 58b8bc7-58b8c22 call 58b4fec 1282 58b8c25-58b8c34 1273->1282 1283 58b8c3a 1282->1283 1284 58b8c3c 1283->1284 1285 58b8c41-58b8c56 1284->1285 1286 58b8c58 1285->1286 1287 58b8ca1-58b8ced 1285->1287 1286->1284 1286->1287 1288 58b8c6a-58b8c74 1286->1288 1289 58b8eaa-58b8ead 1286->1289 1290 58b8d28 1286->1290 1291 58b8cef 1286->1291 1292 58b8d4d 1286->1292 1293 58b8ee3-58b8f23 1286->1293 1294 58b8c87-58b8c89 1286->1294 1295 58b8d86 1286->1295 1296 58b8dc4-58b8df8 1286->1296 1297 58b8f78-58b8f7f 1286->1297 1298 58b8c5f-58b8c61 1286->1298 1299 58b8d12-58b8d26 1286->1299 1300 58b8d70-58b8d84 1286->1300 1301 58b8d94 1286->1301 1287->1290 1287->1291 1313 58b8c7a-58b8c85 1288->1313 1353 58b8eb0 call 58bb281 1289->1353 1354 58b8eb0 call 58bb290 1289->1354 1290->1292 1308 58b8cf4-58b8d09 1291->1308 1302 58b8d52-58b8d67 1292->1302 1332 58b8f2d-58b8f3b 1293->1332 1305 58b8c8b-58b8c90 1294->1305 1306 58b8c92 1294->1306 1295->1301 1328 58b8dff-58b8e0d 1296->1328 1298->1282 1303 58b8c63-58b8c68 1298->1303 1299->1308 1300->1302 1304 58b8d99-58b8dae 1301->1304 1302->1295 1310 58b8d69 1302->1310 1303->1285 1304->1297 1314 58b8db4 1304->1314 1315 58b8c97-58b8c9f 1305->1315 1306->1315 1308->1290 1318 58b8d0b 1308->1318 1310->1289 1310->1292 1310->1293 1310->1295 1310->1296 1310->1297 1310->1300 1310->1301 1312 58b8eb6-58b8ebd 1359 58b8ec2 call 58bcf2e 1312->1359 1360 58b8ec2 call 58bbaac 1312->1360 1361 58b8ec2 call 58bbacc 1312->1361 1362 58b8ec2 call 58bbaec 1312->1362 1363 58b8ec2 call 58bcfb0 1312->1363 1313->1285 1314->1289 1314->1293 1314->1296 1314->1297 1314->1301 1315->1285 1318->1289 1318->1290 1318->1291 1318->1292 1318->1293 1318->1295 1318->1296 1318->1297 1318->1299 1318->1300 1318->1301 1320 58b8ec8 1351 58b8eca call 58bd5c0 1320->1351 1352 58b8eca call 58bd5d0 1320->1352 1324 58b8ed0-58b8ede 1324->1304 1331 58b8e13-58b8e15 1328->1331 1333 58b8e2d-58b8e7f 1331->1333 1334 58b8e17-58b8e1d 1331->1334 1337 58b8f41-58b8f50 1332->1337 1347 58b8e81-58b8e87 1333->1347 1348 58b8e97-58b8ea5 1333->1348 1335 58b8e1f 1334->1335 1336 58b8e21-58b8e23 1334->1336 1335->1333 1336->1333 1341 58b8f59 1337->1341 1355 58b8f5b call 58bdaa9 1341->1355 1356 58b8f5b call 58bdac0 1341->1356 1343 58b8f61 1345 58b8f68-58b8f73 1343->1345 1345->1304 1349 58b8e8b-58b8e8d 1347->1349 1350 58b8e89 1347->1350 1348->1304 1349->1348 1350->1348 1351->1324 1352->1324 1353->1312 1354->1312 1355->1343 1356->1343 1357->1273 1358->1273 1359->1320 1360->1320 1361->1320 1362->1320 1363->1320
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 2d9fc8192cb6774506095ccb0d5d8b36ffd1089495014030c69e741e99cbb511
                                  • Instruction ID: 456137025e8998a48b70725acc6fe37d85d4183360bedf61028219aed03d039f
                                  • Opcode Fuzzy Hash: 2d9fc8192cb6774506095ccb0d5d8b36ffd1089495014030c69e741e99cbb511
                                  • Instruction Fuzzy Hash: 4FC1B275B102059FEB44CF78C895BAA7BFBBB88300F15446AE906EB395DEB49C018F41
                                  Function 058B87C3 Relevance: 5.3, Strings: 4, Instructions: 330COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 926b005958bd3e452ebc2adf7b3b6a72a2787bd39b66c2af544049d9e4d17f1a
                                  • Instruction ID: 996d7aec2c9072e76143ede17a1bc150aaa2099a11ef3460625edf11f6123cd5
                                  • Opcode Fuzzy Hash: 926b005958bd3e452ebc2adf7b3b6a72a2787bd39b66c2af544049d9e4d17f1a
                                  • Instruction Fuzzy Hash: 40C1B375B002059FEB54DF68C895BAA7BFBBB88300F15446AE906EB395CEB4DC018F41
                                  Function 058B8762 Relevance: 5.3, Strings: 4, Instructions: 330COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1465 58b8762-58b8769 1466 58b876f-58b8779 1465->1466 1467 58b8ad7-58b8add 1465->1467 1466->1467 1468 58b877f-58b8793 1466->1468 1470 58b8adf-58b8b54 1467->1470 1468->1467 1470->1470 1471 58b8b56-58b8b96 1470->1471 1473 58b8b98-58b8bc1 1471->1473 1553 58b8bc1 call 58b8fc8 1473->1553 1554 58b8bc1 call 58b8fd8 1473->1554 1475 58b8bc7-58b8c22 call 58b4fec 1484 58b8c25-58b8c34 1475->1484 1485 58b8c3a 1484->1485 1486 58b8c3c 1485->1486 1487 58b8c41-58b8c56 1486->1487 1488 58b8c58 1487->1488 1489 58b8ca1-58b8ced 1487->1489 1488->1486 1488->1489 1490 58b8c6a-58b8c74 1488->1490 1491 58b8eaa-58b8ead 1488->1491 1492 58b8d28 1488->1492 1493 58b8cef 1488->1493 1494 58b8d4d 1488->1494 1495 58b8ee3-58b8f23 1488->1495 1496 58b8c87-58b8c89 1488->1496 1497 58b8d86 1488->1497 1498 58b8dc4-58b8df8 1488->1498 1499 58b8f78-58b8f7f 1488->1499 1500 58b8c5f-58b8c61 1488->1500 1501 58b8d12-58b8d26 1488->1501 1502 58b8d70-58b8d84 1488->1502 1503 58b8d94 1488->1503 1489->1492 1489->1493 1515 58b8c7a-58b8c85 1490->1515 1562 58b8eb0 call 58bb281 1491->1562 1563 58b8eb0 call 58bb290 1491->1563 1492->1494 1510 58b8cf4-58b8d09 1493->1510 1504 58b8d52-58b8d67 1494->1504 1534 58b8f2d-58b8f3b 1495->1534 1507 58b8c8b-58b8c90 1496->1507 1508 58b8c92 1496->1508 1497->1503 1530 58b8dff-58b8e0d 1498->1530 1500->1484 1505 58b8c63-58b8c68 1500->1505 1501->1510 1502->1504 1506 58b8d99-58b8dae 1503->1506 1504->1497 1512 58b8d69 1504->1512 1505->1487 1506->1499 1516 58b8db4 1506->1516 1517 58b8c97-58b8c9f 1507->1517 1508->1517 1510->1492 1520 58b8d0b 1510->1520 1512->1491 1512->1494 1512->1495 1512->1497 1512->1498 1512->1499 1512->1502 1512->1503 1514 58b8eb6-58b8ebd 1555 58b8ec2 call 58bcf2e 1514->1555 1556 58b8ec2 call 58bbaac 1514->1556 1557 58b8ec2 call 58bbacc 1514->1557 1558 58b8ec2 call 58bbaec 1514->1558 1559 58b8ec2 call 58bcfb0 1514->1559 1515->1487 1516->1491 1516->1495 1516->1498 1516->1499 1516->1503 1517->1487 1520->1491 1520->1492 1520->1493 1520->1494 1520->1495 1520->1497 1520->1498 1520->1499 1520->1501 1520->1502 1520->1503 1522 58b8ec8 1560 58b8eca call 58bd5c0 1522->1560 1561 58b8eca call 58bd5d0 1522->1561 1526 58b8ed0-58b8ede 1526->1506 1533 58b8e13-58b8e15 1530->1533 1535 58b8e2d-58b8e7f 1533->1535 1536 58b8e17-58b8e1d 1533->1536 1539 58b8f41-58b8f50 1534->1539 1549 58b8e81-58b8e87 1535->1549 1550 58b8e97-58b8ea5 1535->1550 1537 58b8e1f 1536->1537 1538 58b8e21-58b8e23 1536->1538 1537->1535 1538->1535 1543 58b8f59 1539->1543 1564 58b8f5b call 58bdaa9 1543->1564 1565 58b8f5b call 58bdac0 1543->1565 1545 58b8f61 1547 58b8f68-58b8f73 1545->1547 1547->1506 1551 58b8e8b-58b8e8d 1549->1551 1552 58b8e89 1549->1552 1550->1506 1551->1550 1552->1550 1553->1475 1554->1475 1555->1522 1556->1522 1557->1522 1558->1522 1559->1522 1560->1526 1561->1526 1562->1514 1563->1514 1564->1545 1565->1545
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 4b3ee3388478f948fc0dcf1fb580b165c9d534548c07b45770e52ac3994b67c6
                                  • Instruction ID: 2523cb7e47feb66b816f23051d6fd6bb5433c822065ec65c2034f7f8abf3aa93
                                  • Opcode Fuzzy Hash: 4b3ee3388478f948fc0dcf1fb580b165c9d534548c07b45770e52ac3994b67c6
                                  • Instruction Fuzzy Hash: A2C1B475B002059FE744CF68C895BAA7BFBBB88300F15846AE906DB395DEB49C418F41
                                  Function 058B8638 Relevance: 5.3, Strings: 4, Instructions: 330COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1364 58b8638-58b863f 1365 58b8ad7-58b8add 1364->1365 1366 58b8645-58b864f 1364->1366 1369 58b8adf-58b8b54 1365->1369 1366->1365 1367 58b8655-58b8664 1366->1367 1367->1365 1369->1369 1370 58b8b56-58b8b96 1369->1370 1372 58b8b98-58b8bc1 1370->1372 1452 58b8bc1 call 58b8fc8 1372->1452 1453 58b8bc1 call 58b8fd8 1372->1453 1374 58b8bc7-58b8c22 call 58b4fec 1383 58b8c25-58b8c34 1374->1383 1384 58b8c3a 1383->1384 1385 58b8c3c 1384->1385 1386 58b8c41-58b8c56 1385->1386 1387 58b8c58 1386->1387 1388 58b8ca1-58b8ced 1386->1388 1387->1385 1387->1388 1389 58b8c6a-58b8c74 1387->1389 1390 58b8eaa-58b8ead 1387->1390 1391 58b8d28 1387->1391 1392 58b8cef 1387->1392 1393 58b8d4d 1387->1393 1394 58b8ee3-58b8f23 1387->1394 1395 58b8c87-58b8c89 1387->1395 1396 58b8d86 1387->1396 1397 58b8dc4-58b8df8 1387->1397 1398 58b8f78-58b8f7f 1387->1398 1399 58b8c5f-58b8c61 1387->1399 1400 58b8d12-58b8d26 1387->1400 1401 58b8d70-58b8d84 1387->1401 1402 58b8d94 1387->1402 1388->1391 1388->1392 1414 58b8c7a-58b8c85 1389->1414 1461 58b8eb0 call 58bb281 1390->1461 1462 58b8eb0 call 58bb290 1390->1462 1391->1393 1409 58b8cf4-58b8d09 1392->1409 1403 58b8d52-58b8d67 1393->1403 1433 58b8f2d-58b8f3b 1394->1433 1406 58b8c8b-58b8c90 1395->1406 1407 58b8c92 1395->1407 1396->1402 1429 58b8dff-58b8e0d 1397->1429 1399->1383 1404 58b8c63-58b8c68 1399->1404 1400->1409 1401->1403 1405 58b8d99-58b8dae 1402->1405 1403->1396 1411 58b8d69 1403->1411 1404->1386 1405->1398 1415 58b8db4 1405->1415 1416 58b8c97-58b8c9f 1406->1416 1407->1416 1409->1391 1419 58b8d0b 1409->1419 1411->1390 1411->1393 1411->1394 1411->1396 1411->1397 1411->1398 1411->1401 1411->1402 1413 58b8eb6-58b8ebd 1454 58b8ec2 call 58bcf2e 1413->1454 1455 58b8ec2 call 58bbaac 1413->1455 1456 58b8ec2 call 58bbacc 1413->1456 1457 58b8ec2 call 58bbaec 1413->1457 1458 58b8ec2 call 58bcfb0 1413->1458 1414->1386 1415->1390 1415->1394 1415->1397 1415->1398 1415->1402 1416->1386 1419->1390 1419->1391 1419->1392 1419->1393 1419->1394 1419->1396 1419->1397 1419->1398 1419->1400 1419->1401 1419->1402 1421 58b8ec8 1459 58b8eca call 58bd5c0 1421->1459 1460 58b8eca call 58bd5d0 1421->1460 1425 58b8ed0-58b8ede 1425->1405 1432 58b8e13-58b8e15 1429->1432 1434 58b8e2d-58b8e7f 1432->1434 1435 58b8e17-58b8e1d 1432->1435 1438 58b8f41-58b8f50 1433->1438 1448 58b8e81-58b8e87 1434->1448 1449 58b8e97-58b8ea5 1434->1449 1436 58b8e1f 1435->1436 1437 58b8e21-58b8e23 1435->1437 1436->1434 1437->1434 1442 58b8f59 1438->1442 1463 58b8f5b call 58bdaa9 1442->1463 1464 58b8f5b call 58bdac0 1442->1464 1444 58b8f61 1446 58b8f68-58b8f73 1444->1446 1446->1405 1450 58b8e8b-58b8e8d 1448->1450 1451 58b8e89 1448->1451 1449->1405 1450->1449 1451->1449 1452->1374 1453->1374 1454->1421 1455->1421 1456->1421 1457->1421 1458->1421 1459->1425 1460->1425 1461->1413 1462->1413 1463->1444 1464->1444
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: e858f6b4557d263260ea5e9e578dd26ee80435b3b1faad8153b6f8f9ae8390c7
                                  • Instruction ID: 7426f12414ef1a960cfe941119269b256febec6409b9aebc19e8a35d7f81a63f
                                  • Opcode Fuzzy Hash: e858f6b4557d263260ea5e9e578dd26ee80435b3b1faad8153b6f8f9ae8390c7
                                  • Instruction Fuzzy Hash: 28C1B375B00205DFEB44CF68C895BAA7BFBBB88300F15446AE906EB395CEB49C418F41
                                  Function 058B893F Relevance: 5.3, Strings: 4, Instructions: 330COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: a517d16bbaa58e1a2963ea14e92e876b91024c0784fc2114a07cc256bab4fb85
                                  • Instruction ID: 905b31e720e92fa52ee908a2af25c54f878dd335c419863f1dcb50bca2d16380
                                  • Opcode Fuzzy Hash: a517d16bbaa58e1a2963ea14e92e876b91024c0784fc2114a07cc256bab4fb85
                                  • Instruction Fuzzy Hash: F8C1A375B002059FEB44DF68C895BAEBBBBBB88300F15446AE906DB395DEB49C418F41
                                  Function 058B88B5 Relevance: 5.3, Strings: 4, Instructions: 330COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 3feb3a1bb36c071f04486cecaea354599a5b2006989fa084d40ca7f995ffa149
                                  • Instruction ID: aca8a63e530104ca3fc1650239deeba92af9be520e183215aa8e46192f6f8abe
                                  • Opcode Fuzzy Hash: 3feb3a1bb36c071f04486cecaea354599a5b2006989fa084d40ca7f995ffa149
                                  • Instruction Fuzzy Hash: B4C1B375B10205CFEB54CF68C895BAA7BFBBB88300F15446AE906EB395DEB49C418F41
                                  Function 058B8A74 Relevance: 5.3, Strings: 4, Instructions: 328COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 9b0943944bb5e5f39185b094c38aedb780cbc1f9da92f3cecdd228bc65379dac
                                  • Instruction ID: 6451c39e379c010af241e544f40737915d37dfabb3fae7cce6a11a74e22f3837
                                  • Opcode Fuzzy Hash: 9b0943944bb5e5f39185b094c38aedb780cbc1f9da92f3cecdd228bc65379dac
                                  • Instruction Fuzzy Hash: A1C1B374B002059FEB44CF68C895BAE7BFBBB88300F15446AE906EB395DEB49D418F41
                                  Function 058B8994 Relevance: 5.3, Strings: 4, Instructions: 326COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: c89a3c38032a46e31b2ea9fc02f3df90d98bccaaea08ab7cf67fa5e8bd91e156
                                  • Instruction ID: fa58722d0af37358b4efc9267a6cc8d3b9b24e38a8486f44dbc287d1e5aaa28c
                                  • Opcode Fuzzy Hash: c89a3c38032a46e31b2ea9fc02f3df90d98bccaaea08ab7cf67fa5e8bd91e156
                                  • Instruction Fuzzy Hash: 58C1C175B002059FEB44CF68C895BAE7BBBBB88300F15446AE906EB395DEB49C418F41
                                  Function 058B8608 Relevance: 5.3, Strings: 4, Instructions: 325COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq$$cq$$cq
                                  • API String ID: 0-3466483747
                                  • Opcode ID: 837e285bc2ed3cf7f391fd5ecc3fbde83112158d4c75667111f64b70826b7bcf
                                  • Instruction ID: 93f097389b19c4582d63db6eff56f695e33dbb85cfe79dfeb5dcfc55df9f8f4d
                                  • Opcode Fuzzy Hash: 837e285bc2ed3cf7f391fd5ecc3fbde83112158d4c75667111f64b70826b7bcf
                                  • Instruction Fuzzy Hash: C2C1A275B002059FEB44DF68C895BAE7BFBBB88300F15446AE906EB395DEB49C418F41
                                  Function 058B8D2B Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq
                                  • API String ID: 0-2695052418
                                  • Opcode ID: e5dda49c1bb16c446335eaa9903cf0c35c6aaf3707091d71abdbbc439f0b90e0
                                  • Instruction ID: 4c7d12fb5a90c9404f7fdb0679485eaef67ff002be08b07e2addf8cc5240ab4d
                                  • Opcode Fuzzy Hash: e5dda49c1bb16c446335eaa9903cf0c35c6aaf3707091d71abdbbc439f0b90e0
                                  • Instruction Fuzzy Hash: 5551A474B002099FEB14DF74D955BAE7BBBBB88300F248426E902EB390DEB59C418F41
                                  Function 058BD5C0 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: T(z
                                  • API String ID: 0-3184255237
                                  • Opcode ID: 3824661026ca81bcd0a5a6e77a26e676128b37b19181b5d91882365694643754
                                  • Instruction ID: e3fec7ac4497e5dd53b3413f5f138eafe690ef29416fe4d25ab9151a774e24b2
                                  • Opcode Fuzzy Hash: 3824661026ca81bcd0a5a6e77a26e676128b37b19181b5d91882365694643754
                                  • Instruction Fuzzy Hash: 56413171F052099BE718CAB589117EFB7BBABC9604F10C526D912EF394DAB08D018792
                                  Function 058BD5D0 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: T(z
                                  • API String ID: 0-3184255237
                                  • Opcode ID: 67c4205188a6e26538a0ad86ecc72db2e0a6d143e4fd10eda6e438ad1e93a76c
                                  • Instruction ID: 5765bf57d7fd88d17a14e8b39f24d7435987bf91a246d668568abf85c5618578
                                  • Opcode Fuzzy Hash: 67c4205188a6e26538a0ad86ecc72db2e0a6d143e4fd10eda6e438ad1e93a76c
                                  • Instruction Fuzzy Hash: 7D412D31F052099BE708CAB989517EFB7BBABC8604F10C526D912EF384DAB08D018796
                                  Function 058B6505 Relevance: .2, Instructions: 242COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2d88227a62e8dd1e0d9c8418ee28e2438dfb6a46eabea8307793dab4294edbee
                                  • Instruction ID: decb514b3fbfa9cee9982b4558f83aa868a7d0fe03480cd5cc0dcba9a778c149
                                  • Opcode Fuzzy Hash: 2d88227a62e8dd1e0d9c8418ee28e2438dfb6a46eabea8307793dab4294edbee
                                  • Instruction Fuzzy Hash: 49A1EC716142158FE704CF2AC9859A9BBBAFF81344B4A8496EC06DF392F7B1ED05CB41
                                  Function 058B6CE9 Relevance: .2, Instructions: 186COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 793e635eb6ed0e5553533efff85e2a37bb54c19f99718665b681f1bd6c203c24
                                  • Instruction ID: e0ab8f32990c3c0ed4bd377bef35658bb6b3624155257e9815dbd9ff95a31d41
                                  • Opcode Fuzzy Hash: 793e635eb6ed0e5553533efff85e2a37bb54c19f99718665b681f1bd6c203c24
                                  • Instruction Fuzzy Hash: EC71EC716241148FE704CF1AC9849B9BBBAFF81344B4684A6DC06EF3A2E7B1ED45CB41
                                  Function 058B6D50 Relevance: .2, Instructions: 174COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 69f1ef981e114b6bbf36866a489e0eadf3c6e8d69c80e37389903ce410fc482d
                                  • Instruction ID: 6f502301eb40254cd3e2cb9b4b1e85e3e1368fbd18d6205b766649537ceaf00f
                                  • Opcode Fuzzy Hash: 69f1ef981e114b6bbf36866a489e0eadf3c6e8d69c80e37389903ce410fc482d
                                  • Instruction Fuzzy Hash: 3C61D171224115CFE704CF1AC9848B9BBBABF85344B568462EC06DF392E7B1ED45CB91
                                  Function 0133D271 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 387 133d271-133d30f GetCurrentProcess 392 133d311-133d317 387->392 393 133d318-133d34c GetCurrentThread 387->393 392->393 394 133d355-133d389 GetCurrentProcess 393->394 395 133d34e-133d354 393->395 396 133d392-133d3ad call 133d450 394->396 397 133d38b-133d391 394->397 395->394 401 133d3b3-133d3e2 GetCurrentThreadId 396->401 397->396 402 133d3e4-133d3ea 401->402 403 133d3eb-133d44d 401->403 402->403
                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 0133D2FE
                                  • GetCurrentThread.KERNEL32 ref: 0133D33B
                                  • GetCurrentProcess.KERNEL32 ref: 0133D378
                                  • GetCurrentThreadId.KERNEL32 ref: 0133D3D1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: a7a33d946d825db3e20cd0b50639c4dd8729966d46e74bcdd647075c52496da7
                                  • Instruction ID: a6b2987ee4a0facf2d5daf5744282f47e9d002c82efb4b6c07a1b980fc7b7d02
                                  • Opcode Fuzzy Hash: a7a33d946d825db3e20cd0b50639c4dd8729966d46e74bcdd647075c52496da7
                                  • Instruction Fuzzy Hash: CE5134B0D0134A8FDB14DFAAD548BDEBBF5EB88314F208459E409A7360D7345988CB65
                                  Function 0133D280 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 410 133d280-133d30f GetCurrentProcess 414 133d311-133d317 410->414 415 133d318-133d34c GetCurrentThread 410->415 414->415 416 133d355-133d389 GetCurrentProcess 415->416 417 133d34e-133d354 415->417 418 133d392-133d3ad call 133d450 416->418 419 133d38b-133d391 416->419 417->416 423 133d3b3-133d3e2 GetCurrentThreadId 418->423 419->418 424 133d3e4-133d3ea 423->424 425 133d3eb-133d44d 423->425 424->425
                                  APIs
                                  • GetCurrentProcess.KERNEL32 ref: 0133D2FE
                                  • GetCurrentThread.KERNEL32 ref: 0133D33B
                                  • GetCurrentProcess.KERNEL32 ref: 0133D378
                                  • GetCurrentThreadId.KERNEL32 ref: 0133D3D1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: Current$ProcessThread
                                  • String ID:
                                  • API String ID: 2063062207-0
                                  • Opcode ID: d89448ef71747a82b5a0f8c76297cf3e59d0adcfe1b0ed8a275edf0e145a60be
                                  • Instruction ID: ed0e8292d547a89f04d5bdd03a4620696ef9926abd7de2e54a11feafc96fd628
                                  • Opcode Fuzzy Hash: d89448ef71747a82b5a0f8c76297cf3e59d0adcfe1b0ed8a275edf0e145a60be
                                  • Instruction Fuzzy Hash: AC5135B0D0120A8FDB14DFAAD548BDEBBF5EF88314F208459E419A7360D7345988CB65
                                  Function 058B8D89 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq
                                  • API String ID: 0-2695052418
                                  • Opcode ID: 5ce6d4c0a009c06b238fa156acc79da5077451c2da8c8e16f514532ef1e4b282
                                  • Instruction ID: 1178e80da7977bb084231c4edfe10fc209e160741552fcc72d8e956ee5981e78
                                  • Opcode Fuzzy Hash: 5ce6d4c0a009c06b238fa156acc79da5077451c2da8c8e16f514532ef1e4b282
                                  • Instruction Fuzzy Hash: 9A517278B002089FDB04DF75D955BAE7BB7BBC8701F248429E902EB394DEB59C018B51
                                  Function 058B8DC3 Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq
                                  • API String ID: 0-2695052418
                                  • Opcode ID: 8ff3b75705f962f9532bfa368a19ed20852dfc091a5f81e8af905792ff0d5d2f
                                  • Instruction ID: b8e1879dc77ad73f5316aa6634f2983afba3badc743b76d9fa8a4e1b11e85630
                                  • Opcode Fuzzy Hash: 8ff3b75705f962f9532bfa368a19ed20852dfc091a5f81e8af905792ff0d5d2f
                                  • Instruction Fuzzy Hash: 7F419238B002089FD7049F74D955BAE7BA7BBC8700F248429E902EB390DEB59C018F51
                                  Function 070778DF Relevance: 1.8, APIs: 1, Instructions: 266processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07077B56
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: c1fd2e570ed2e5d74f674e9ee50f871f1d7fb4979a0339e381e8534034e3a7cd
                                  • Instruction ID: ea5cf51bba58117a4bd46482a50560a9c7b352a5642ad4543382b3e9c8aa8f1b
                                  • Opcode Fuzzy Hash: c1fd2e570ed2e5d74f674e9ee50f871f1d7fb4979a0339e381e8534034e3a7cd
                                  • Instruction Fuzzy Hash: A4A18EB1D0025A9FDB20CF68C8417DDBBF2BF49354F1482AAD848A7240DB749A85CF96
                                  Function 07077920 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07077B56
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: CreateProcess
                                  • String ID:
                                  • API String ID: 963392458-0
                                  • Opcode ID: e2f19af95c1d45debf9efe463f18ae1d39ecb6d3b6c7fe82d95bbee6f27f24c6
                                  • Instruction ID: 086e04dcb9893a8faf2ed0f2b94a9110fd8c3759d7db9063084c0091cee1f561
                                  • Opcode Fuzzy Hash: e2f19af95c1d45debf9efe463f18ae1d39ecb6d3b6c7fe82d95bbee6f27f24c6
                                  • Instruction Fuzzy Hash: 309150B1D0025ADFEB24CF68C841BDDBBF2BF48354F1486A9D808A7240DB749985CF96
                                  Function 0133AFE8 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0133B23E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 9f700b8c575779ac4461fa4c82591c82629a9a4bdff8895ea3f63cc22396cd48
                                  • Instruction ID: 393d9e1da8e9331bc961e1ace6aa326e950414c0271f80988584f89c7026bcd0
                                  • Opcode Fuzzy Hash: 9f700b8c575779ac4461fa4c82591c82629a9a4bdff8895ea3f63cc22396cd48
                                  • Instruction Fuzzy Hash: 1A712170A00B058FDB24DF29D44475AFBF1BF88208F108A2AD49ADBA44D775E949CB94
                                  Function 052F1CE4 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 052F1E02
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2161036198.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_52f0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: CreateWindow
                                  • String ID:
                                  • API String ID: 716092398-0
                                  • Opcode ID: 790943df293893bd43e813e9d533ebfa2fed2962a8ad4d062a74b17d4c4c0db1
                                  • Instruction ID: 5732bb462ea7c7c1e77b63f693925a19482af30c376098624e012dbc73614cd7
                                  • Opcode Fuzzy Hash: 790943df293893bd43e813e9d533ebfa2fed2962a8ad4d062a74b17d4c4c0db1
                                  • Instruction Fuzzy Hash: D751DFB1D10249DFDB14CFA9D884ADEFBB5BF88310F64822AE919AB210D7709845CF90
                                  Function 052F1CF0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 052F1E02
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2161036198.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_52f0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: CreateWindow
                                  • String ID:
                                  • API String ID: 716092398-0
                                  • Opcode ID: a2293e0c2f8a4925914fcc1e2de16591a71727866701e23b87d2edc93fc1806b
                                  • Instruction ID: fb7ef97615d753cb85f04b367b9a601ef74bbfac6e92a141654ba6ab07d33daa
                                  • Opcode Fuzzy Hash: a2293e0c2f8a4925914fcc1e2de16591a71727866701e23b87d2edc93fc1806b
                                  • Instruction Fuzzy Hash: 7841BDB1D10309DFDB14CF99D984ADEFBB6BF48310F64812AE919AB210D7719945CF90
                                  Function 052F1284 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                  Download Yara Rule
                                  APIs
                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 052F4381
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2161036198.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_52f0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: CallProcWindow
                                  • String ID:
                                  • API String ID: 2714655100-0
                                  • Opcode ID: 71b2b8b66fcb7c4e2a50f7d8504775f39b3077728e607955fbe6432ab8d3556f
                                  • Instruction ID: 95c8dd9af1a48f87cd4838e98bb2153ad60b1716abc0b0e5487b016bdcee6720
                                  • Opcode Fuzzy Hash: 71b2b8b66fcb7c4e2a50f7d8504775f39b3077728e607955fbe6432ab8d3556f
                                  • Instruction Fuzzy Hash: 2E4128B59102058FCB18DF99D448AABFBF5FF88314F258859D519AB321D374A845CBA0
                                  Function 01334514 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 013359C9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: 575352928f47dafa39efca824b220a8b53b7bb1271892786f9ba6d2b2abe1cb3
                                  • Instruction ID: 9a4e1f34f9c338173bf35cf16bb5b68aa6601903982829df81b93648608c2406
                                  • Opcode Fuzzy Hash: 575352928f47dafa39efca824b220a8b53b7bb1271892786f9ba6d2b2abe1cb3
                                  • Instruction Fuzzy Hash: A441C5B0C0071DCBDB25DFA9C984B9EBBF5BF89308F208059D409AB251DB756949CF91
                                  Function 0133590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateActCtxA.KERNEL32(?), ref: 013359C9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: eeefb67cc94749dd85d91037d825a64797f5fd05758d67d9b9aa9697ed12005c
                                  • Instruction ID: c6d1f4f44a6641b0e7de7491d5b7d937d989f5fd5aca4b3621f8c04142642513
                                  • Opcode Fuzzy Hash: eeefb67cc94749dd85d91037d825a64797f5fd05758d67d9b9aa9697ed12005c
                                  • Instruction Fuzzy Hash: 4641F4B0C00719CBEB25CFA9C884BCEBBF5BF85304F208059D409AB251DB75694ACF91
                                  Function 01335A84 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a0c3cdb9d4f55757ba1cf4e699485637f7d095cfff7784f7a0d97b3dd2094c25
                                  • Instruction ID: 5be7bd11e5246062d0dd0cb0e8c2197b2b936065ab5d1d98a328598be0e16818
                                  • Opcode Fuzzy Hash: a0c3cdb9d4f55757ba1cf4e699485637f7d095cfff7784f7a0d97b3dd2094c25
                                  • Instruction Fuzzy Hash: 8231E872C09349CFEB12CBA8C8553DDBFB1AF92319F24808AC4459B252C735594ACF45
                                  Function 07077290 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07077328
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 990bc309c557a51b53f70421b88fbece5f7c62ece80c2d8e787b4448a445fbbc
                                  • Instruction ID: ecd5163128102303057bdd8104922d60c39cd041112b75ff96d430f956d0621d
                                  • Opcode Fuzzy Hash: 990bc309c557a51b53f70421b88fbece5f7c62ece80c2d8e787b4448a445fbbc
                                  • Instruction Fuzzy Hash: FB2124B2D002499FCB10CFA9C885BDEBBF5FF48310F10842AE919A7240D7789945CBA5
                                  Function 07077298 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07077328
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: MemoryProcessWrite
                                  • String ID:
                                  • API String ID: 3559483778-0
                                  • Opcode ID: 7a57175b68f2427ca7c67193170ab8bc638bac6ec890323cf2ab1f9b68fc5731
                                  • Instruction ID: 6ea026a4b8806a8b176f3d37d359f2150efae5607d457253cca99c95326087b4
                                  • Opcode Fuzzy Hash: 7a57175b68f2427ca7c67193170ab8bc638bac6ec890323cf2ab1f9b68fc5731
                                  • Instruction Fuzzy Hash: 572125B2D003499FCB10CFA9C885BDEBBF5FF88314F10842AE919A7240D7789945CBA5
                                  Function 07077381 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07077408
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: c6895b50617a1a9382d0713510d09347abccdb396f4cb9615e27eeacada22349
                                  • Instruction ID: ec8e9cede2ed41717f65af82b6fe05cc40bfad8e52a4949b57e8778aac1bb18e
                                  • Opcode Fuzzy Hash: c6895b50617a1a9382d0713510d09347abccdb396f4cb9615e27eeacada22349
                                  • Instruction Fuzzy Hash: BF2136B2D003599FCB10DFAAC845ADEBFF5FF88310F10882AE519A7240D7749945CBA5
                                  Function 070770F8 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0707717E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 0240cdedfa14ddf78f9e7d8af600c2ff6f8bb2ba396c27cbe7d09f0c2ff018fc
                                  • Instruction ID: ba9612de35a3a9d6753a75963e6de33dcea7106b174c62f87d2a84ec70ed3604
                                  • Opcode Fuzzy Hash: 0240cdedfa14ddf78f9e7d8af600c2ff6f8bb2ba396c27cbe7d09f0c2ff018fc
                                  • Instruction Fuzzy Hash: 752128B1D002099FDB14DFAAC8857EEBBF4AF88324F148429D559A7340CB789945CFA5
                                  Function 0133D4C1 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0133D54F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 017f02c08198d4a67bb50b9e8fdcb3d99db3aee88bd761a2dfca5648381fc887
                                  • Instruction ID: a4fdc3ea93ae1f6aa97be16b188350e72789d36d7c149ebc0f4b438addb7f059
                                  • Opcode Fuzzy Hash: 017f02c08198d4a67bb50b9e8fdcb3d99db3aee88bd761a2dfca5648381fc887
                                  • Instruction Fuzzy Hash: 9621E3B5D002099FDB10CF9AD484ADEBFF8FB48314F14841AE918A3350D374A944CF65
                                  Function 07077388 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07077408
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: MemoryProcessRead
                                  • String ID:
                                  • API String ID: 1726664587-0
                                  • Opcode ID: 081b814ac8363449854514c5b5b00846983869a1e1d4621024f33fe63ce38abe
                                  • Instruction ID: 6029958dd4b68f1293c164f102defe7ebf6d2318b3a3df0359d132918d0b6910
                                  • Opcode Fuzzy Hash: 081b814ac8363449854514c5b5b00846983869a1e1d4621024f33fe63ce38abe
                                  • Instruction Fuzzy Hash: 7F2116B1D002599FCB10DFAAC845ADEBBF5FF48310F508429E519A7240C7749945DBA5
                                  Function 07077100 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0707717E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: ContextThreadWow64
                                  • String ID:
                                  • API String ID: 983334009-0
                                  • Opcode ID: 6b56f45089f6f2f665cb8b9a01a1d3db1d9afef0291744c52f71ec4e6d0df697
                                  • Instruction ID: e552330f5919b4a87c766f076e05dd602d868373cbe4b9f53eedd48b9526e12f
                                  • Opcode Fuzzy Hash: 6b56f45089f6f2f665cb8b9a01a1d3db1d9afef0291744c52f71ec4e6d0df697
                                  • Instruction Fuzzy Hash: F72134B1D003098FDB10DFAAC4857AEBBF4AB88324F10842AD519A7340CB78A945CFA5
                                  Function 0133D4C8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0133D54F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: cca77ea3d68bd52c242e833a31e6280c06bb10761385433bca454e534ca5e313
                                  • Instruction ID: ecb5051b0a479ef8ae3535ebd2cdfedecbbf2f29b057acf2d472807ac4d8d0cd
                                  • Opcode Fuzzy Hash: cca77ea3d68bd52c242e833a31e6280c06bb10761385433bca454e534ca5e313
                                  • Instruction Fuzzy Hash: A921C2B5D002499FDB10CFAAD984ADEBFF9FB48314F14841AE918A3350D374A954CFA5
                                  Function 070771D0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07077246
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: f9805b02a9f550f722454976a686ed73e74238cdf1f1743479a0ab2b4c52a646
                                  • Instruction ID: 9ca772e5db4329dbe47401d832061020a1e969f92625cd477f5f0b3a7c515b3a
                                  • Opcode Fuzzy Hash: f9805b02a9f550f722454976a686ed73e74238cdf1f1743479a0ab2b4c52a646
                                  • Instruction Fuzzy Hash: AC116AB6C002499FCB10DFA9C845ADFBFF5EF88320F108819E529A7250C7359945CFA1
                                  Function 0133AD08 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0133B2B9,00000800,00000000,00000000), ref: 0133B4CA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 53f7867281a43c73b6c9e8432c448c64e88bebcd282aa0c47257639c60e78499
                                  • Instruction ID: 8ae39487ed115a32bd8ccdbaf1dc30bacf7107b10bfa7409e7fea781d3a0bc32
                                  • Opcode Fuzzy Hash: 53f7867281a43c73b6c9e8432c448c64e88bebcd282aa0c47257639c60e78499
                                  • Instruction Fuzzy Hash: C31103B6D003099FDB10CF9AC444A9EFBF8EB88314F10842AE519B7700C375A945CFA9
                                  Function 0133B458 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0133B2B9,00000800,00000000,00000000), ref: 0133B4CA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 93e9bd2b18bc2a6d3f138f93ca2e90affccc1e7bc1fc7bf2f8a5986ade1819a4
                                  • Instruction ID: aeccc9a97e84bf90916f51b712e492f9792a7785fcd55c81f5fe40a60524db1a
                                  • Opcode Fuzzy Hash: 93e9bd2b18bc2a6d3f138f93ca2e90affccc1e7bc1fc7bf2f8a5986ade1819a4
                                  • Instruction Fuzzy Hash: A01114B6C002498FDB20CFAAD445ADEFFF4EB88314F10842AD959B7600C375A945CFA5
                                  Function 070771D8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07077246
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: b9474d815590f6f55da91cf5500bd754c1750ff71bdfaf443e550984d9762c0a
                                  • Instruction ID: d7a942dd04bcccf0cedd195db012542730f912968cdaa9ba2a2dccfeda4af3e4
                                  • Opcode Fuzzy Hash: b9474d815590f6f55da91cf5500bd754c1750ff71bdfaf443e550984d9762c0a
                                  • Instruction Fuzzy Hash: AD1137B2D002499FCB10DFAAC845ADFBFF5EF88324F108819E519A7250C775A955CFA1
                                  Function 0707704A Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: 855d1d7f2e51d7858ce8427d9f63e613593f77a8c793175074f4275ab91478c2
                                  • Instruction ID: 13d31927d7cf9f2de42eb5f51c4c51a7494d453a8a76c343381967cddf32e4dc
                                  • Opcode Fuzzy Hash: 855d1d7f2e51d7858ce8427d9f63e613593f77a8c793175074f4275ab91478c2
                                  • Instruction Fuzzy Hash: 521128B1D002498BCB20DFAAC8457DEFFF4AF88325F248419D519A7340CB75A944CBA5
                                  Function 0707BC1C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0707C911,?,?), ref: 0707CAB8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: 12d59908c0ace5ebf19f2745b040401fabf85bef63d4a724e944bb11d2d00514
                                  • Instruction ID: f86d9a844e949074287e80ba476058df59dce86debf151bdc91148899800c1b9
                                  • Opcode Fuzzy Hash: 12d59908c0ace5ebf19f2745b040401fabf85bef63d4a724e944bb11d2d00514
                                  • Instruction Fuzzy Hash: 3A1125B5C003499FDB10DF99C449BEEBBF8EB48324F14885AE559A7340D338A944CFA5
                                  Function 0707BC64 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0707C911,?,?), ref: 0707CAB8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: e9e01bf0d69c36499dd66aaa030c2758f80e84f69177a5e8f4553648caf62c1b
                                  • Instruction ID: e1e37116d8fda978f706d5ec91496e59f2cc45a262264d2046da3897871ccdf0
                                  • Opcode Fuzzy Hash: e9e01bf0d69c36499dd66aaa030c2758f80e84f69177a5e8f4553648caf62c1b
                                  • Instruction Fuzzy Hash: 4F1136B5C003499FDB10DF99C449BDEBBF8EB48324F14885AE559A7340D338A944CFA5
                                  Function 0707BB7C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0707C911,?,?), ref: 0707CAB8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: c94de4bad08d2c9c2cc125573f8c8b80a5feec482f97fe09dda8ecd230c14e2b
                                  • Instruction ID: c560f4c3ec132bc145410b320f66f3f4a3e607e49ebb26aec0f06727f8893d50
                                  • Opcode Fuzzy Hash: c94de4bad08d2c9c2cc125573f8c8b80a5feec482f97fe09dda8ecd230c14e2b
                                  • Instruction Fuzzy Hash: 4E1136B5C003499FDB10DF9AC449BDEBBF8EB48324F14886AD559A7340D338A944CFA5
                                  Function 07077050 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: ResumeThread
                                  • String ID:
                                  • API String ID: 947044025-0
                                  • Opcode ID: b5959c86edff07935cc90f6322c90e3d956fd6448395c33d95610ec8ddbc0ef0
                                  • Instruction ID: a4e4ec4f3ea12c68f924609aa78f70fc01c06d842e874e864ffbdafc291383ed
                                  • Opcode Fuzzy Hash: b5959c86edff07935cc90f6322c90e3d956fd6448395c33d95610ec8ddbc0ef0
                                  • Instruction Fuzzy Hash: 911125B1D002498BCB20DFAAC8497DEFFF4AB88324F208819D519A7240CB75A944CBA5
                                  Function 0707CA58 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                  Download Yara Rule
                                  APIs
                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0707C911,?,?), ref: 0707CAB8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: ChangeCloseFindNotification
                                  • String ID:
                                  • API String ID: 2591292051-0
                                  • Opcode ID: 9201f47af2537a077e390d81d69e3caee58351b943911e76189c6d8794d8cc68
                                  • Instruction ID: 68fa0e94ccb69b0ce3b1ca459d1351a3d1257e4e7c27e14c83d4296570afebc7
                                  • Opcode Fuzzy Hash: 9201f47af2537a077e390d81d69e3caee58351b943911e76189c6d8794d8cc68
                                  • Instruction Fuzzy Hash: 331136B5C002499FDB10DF99D445BEEBBF5EB48320F24881AD558A7740C338A944CFA5
                                  Function 07077534 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07079E85
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 9d5c97531d366e5a6a9f548c932dbde126ee9e44cf2b9c559528ba3c79233240
                                  • Instruction ID: aacb17dee42461d9d22b94a1e95931818e3026eeded83f95dcbc37bd631d5db2
                                  • Opcode Fuzzy Hash: 9d5c97531d366e5a6a9f548c932dbde126ee9e44cf2b9c559528ba3c79233240
                                  • Instruction Fuzzy Hash: DD11E0B5C143499FCB10DF9AC449BDEBBF8EB48324F108859E558A7300C375A944CFA5
                                  Function 07079E20 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 07079E85
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: MessagePost
                                  • String ID:
                                  • API String ID: 410705778-0
                                  • Opcode ID: 221d561979b5ac20903ed8893df82ffb5667909312018d12b54b84c90983b11a
                                  • Instruction ID: c699af29f31aee6b849e633de46dcb133bd4c61a0a238dbb756341345818a3e8
                                  • Opcode Fuzzy Hash: 221d561979b5ac20903ed8893df82ffb5667909312018d12b54b84c90983b11a
                                  • Instruction Fuzzy Hash: 2211E0B5C003499FCB10CF9AD849BDEBBF8EB48324F148419E558A7610C375A984CFA5
                                  Function 0133B1D8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0133B23E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: aed641ffbb5702d8f449d361d39bd3d082fe3d73646e88801b20d17e45e1ea3e
                                  • Instruction ID: cda93eee93f1c2d087d211d562ab8f88fba9ea426b1bb2d42d9709aae95a21af
                                  • Opcode Fuzzy Hash: aed641ffbb5702d8f449d361d39bd3d082fe3d73646e88801b20d17e45e1ea3e
                                  • Instruction Fuzzy Hash: 361122B6C003498FDB10CF9AD444ADEFBF4EF88314F10851AD529A7600C375A549CFA5
                                  Function 0133B500 Relevance: 1.5, APIs: 1, Instructions: 44libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0133B2B9,00000800,00000000,00000000), ref: 0133B4CA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 78dd8cae57a9ef05fc6415c0bbbaf89c580ff11740b972bfc3efcef735f24a2b
                                  • Instruction ID: c70a6863523c80fe457b293f30c02ffce1f2c5107d326fd814454cc50c0cbbbb
                                  • Opcode Fuzzy Hash: 78dd8cae57a9ef05fc6415c0bbbaf89c580ff11740b972bfc3efcef735f24a2b
                                  • Instruction Fuzzy Hash: 6101DFB28043448FDB208BADE4097EAFFF4AF95329F14805AD558E7611C3799815CBA9
                                  Function 058B50F4 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq
                                  • API String ID: 0-1122318316
                                  • Opcode ID: 8cce4d4125f074fc741a831a0391af9928f165b65f4931996de90b3810a7cd61
                                  • Instruction ID: 657e3b21cd3d9abdd9fde3194844b1887866a0510b27feaf493257efc7bd8b70
                                  • Opcode Fuzzy Hash: 8cce4d4125f074fc741a831a0391af9928f165b65f4931996de90b3810a7cd61
                                  • Instruction Fuzzy Hash: 1851C030B0021A4FCB11DB7988549BEBBFAFFC5320B148969E455CB391EF749D058790
                                  Function 058BB750 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq
                                  • API String ID: 0-1122318316
                                  • Opcode ID: a6653dcfd7260577a0de755c89e0ddf425809a79849be306e9cd50d6d8eb31d5
                                  • Instruction ID: 8dff7cc4aa22b92848130a8e45528cc0d88045461dea3de3525711c8d00cfeed
                                  • Opcode Fuzzy Hash: a6653dcfd7260577a0de755c89e0ddf425809a79849be306e9cd50d6d8eb31d5
                                  • Instruction Fuzzy Hash: 3A112171F0020A8BDB14EBB999515EFB7FABBC4351B544079C909E7354EB718D01CBA1
                                  Function 058BB281 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: "
                                  • API String ID: 0-123907689
                                  • Opcode ID: a8d0d5279693c907dd0b0ef24ae3d54cf7fdd3a3a582a23473dd4142cdb21710
                                  • Instruction ID: 4d28547469517ffccb4ca4507d6008a147e569e25950f788b749cd02cb27f8dc
                                  • Opcode Fuzzy Hash: a8d0d5279693c907dd0b0ef24ae3d54cf7fdd3a3a582a23473dd4142cdb21710
                                  • Instruction Fuzzy Hash: 93F0B4357042505FCB1156B9A4298AA3BEB9BC662131541A7ED09CF361DDB08C068791
                                  Function 058B9ACF Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a09bb0795595678962bcaaa68052e0686d9aa89ea99d3f5d4aa21bfb35ab67c
                                  • Instruction ID: fb2f39a2e78b73eeb96831bc1da1a91467c164e5e44c39b64b3c9722a617c06b
                                  • Opcode Fuzzy Hash: 2a09bb0795595678962bcaaa68052e0686d9aa89ea99d3f5d4aa21bfb35ab67c
                                  • Instruction Fuzzy Hash: A0519D74909688DFD706CBAAE554988BFB1AF4A200F2A80C6D984DF263CB749D15CB13
                                  Function 058B9C80 Relevance: .1, Instructions: 124COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fff47a4edd23f233aa67c308ad8fd098687ade200bc3282ad8539bfbccdd7670
                                  • Instruction ID: fbdffcc2057dc1a2d8635f36f73f8ff4a85a7e1b3b1557cbcc04036ad4b1748a
                                  • Opcode Fuzzy Hash: fff47a4edd23f233aa67c308ad8fd098687ade200bc3282ad8539bfbccdd7670
                                  • Instruction Fuzzy Hash: 1E41067490921DDFDB00CFAAE4848FEBBBAFB0E214F455855EA56E7311D7B09820CB61
                                  Function 058B9C90 Relevance: .1, Instructions: 117COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c727c6148ab0fb4dd5bfed2db546589ef2dbe020b3102efceec37413274151d1
                                  • Instruction ID: b5f8497d4f7203464dd52367f8c06c9d48cf7e7434e6c6819c3d38386cc9fc9c
                                  • Opcode Fuzzy Hash: c727c6148ab0fb4dd5bfed2db546589ef2dbe020b3102efceec37413274151d1
                                  • Instruction Fuzzy Hash: 2941F77490921DDFDB00CFAAE4848FEBBBAFB4E204F455855EA16E7311D7B09810CB60
                                  Function 058BA553 Relevance: .1, Instructions: 108COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a49b3ced3edc636ee683bbd4aa25a5b40c4fa57bb2909516c1faf8f0fe58827
                                  • Instruction ID: a2c1ffd6004fb40932146ffd8a4e1fa3787fafede748c0c429fa73a36dbaa4b5
                                  • Opcode Fuzzy Hash: 1a49b3ced3edc636ee683bbd4aa25a5b40c4fa57bb2909516c1faf8f0fe58827
                                  • Instruction Fuzzy Hash: F94189B4E0021D9FDB09DFA9D884AEEBBB6BB0A200F509015E816FB310DB749E41CF14
                                  Function 058BBB14 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1d7f113403a743ea3dfc8ed4ee65869251ecd446368e11a775faa8e3309b6fe1
                                  • Instruction ID: 3467b02911eb2f555d78572574ffdbe0147fb332e64a426d33e2c08de657ed54
                                  • Opcode Fuzzy Hash: 1d7f113403a743ea3dfc8ed4ee65869251ecd446368e11a775faa8e3309b6fe1
                                  • Instruction Fuzzy Hash: BD3166B6904249AFDB10DFA9D844ADEBFF9EF49310F10846AE909E7310D770A945CFA1
                                  Function 0102D1FC Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2152993211.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_102d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 18c5b5b10a82490b923e7b020d6d3ebb4ee435c2cbff3b78e663425b9f3797e0
                                  • Instruction ID: 6f0db9d0825e3c902c301f755a0573a3b2321454a8f521e6a82e023cb9e3ff17
                                  • Opcode Fuzzy Hash: 18c5b5b10a82490b923e7b020d6d3ebb4ee435c2cbff3b78e663425b9f3797e0
                                  • Instruction Fuzzy Hash: 65210AB1504240DFDF05DF98D9C4B2ABFA5FB99324F24C5A9ED490B246C336D81ACBA1
                                  Function 0102D4C4 Relevance: .1, Instructions: 75COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2152993211.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_102d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0bad2deaf560a569a22f4b318ef6ea9e60f2a348cedef80b5b3f704007b3d28b
                                  • Instruction ID: f183a29e2a83b92f62cc4965f4b1f3a49c4de6bf68389c86bcb47e63093c7047
                                  • Opcode Fuzzy Hash: 0bad2deaf560a569a22f4b318ef6ea9e60f2a348cedef80b5b3f704007b3d28b
                                  • Instruction Fuzzy Hash: F82167B1504250DFDB01DF58D9C0B2ABFA5FB88318F34C5ADE8890B246C376D856CBA1
                                  Function 058BBDDC Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 721942054d138cc5835b9c5b75aa83f151b5412ad9136e97424131f0dfa82091
                                  • Instruction ID: 9b809923893f9f2e2c0cbdcc4b0a5389e5274c61a3e6df81be61c25c6776db02
                                  • Opcode Fuzzy Hash: 721942054d138cc5835b9c5b75aa83f151b5412ad9136e97424131f0dfa82091
                                  • Instruction Fuzzy Hash: 5F31C0B5C012189FDB20CFA9D989BCEBFF5BB48314F14805AE944AB350C7B55885CBA1
                                  Function 058BBAAC Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4b60585d20fcec2793df683f137133c55492bc170918c5eef179d2f8f7f13e7b
                                  • Instruction ID: fe6888a5daf33a9f84686a29fbed5d35f0185de718f8f36c4b143b08d9aee976
                                  • Opcode Fuzzy Hash: 4b60585d20fcec2793df683f137133c55492bc170918c5eef179d2f8f7f13e7b
                                  • Instruction Fuzzy Hash: 8421A564A093C56FDB06DB7888158A93FB99B0720071648DBE844C7253E9749D09C761
                                  Function 0103D1D4 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153018465.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_103d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 45fcb7e50dc39491aaab6897fcac31a78831a02cd507c675a6ecba1ebe54f036
                                  • Instruction ID: f332b24ec109ecfe18608ea72b59b47b45950563ed104484b4725a4c181f119c
                                  • Opcode Fuzzy Hash: 45fcb7e50dc39491aaab6897fcac31a78831a02cd507c675a6ecba1ebe54f036
                                  • Instruction Fuzzy Hash: 7D2168B1504200EFDB01DF98D9C0B2ABBA9FBD4324F64C9ADE8894B342C336D406CB61
                                  Function 0103D01C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153018465.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_103d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d6ead9a942e047bcfb35e6ffe8b14f510229745b088994c89faf89cbae4519df
                                  • Instruction ID: b1fa3f978c6f335080438e9265c7e2c31e49e8ed48d3ba7c2f74f00ad2c7633b
                                  • Opcode Fuzzy Hash: d6ead9a942e047bcfb35e6ffe8b14f510229745b088994c89faf89cbae4519df
                                  • Instruction Fuzzy Hash: F22103B1504200DFDB15DF98D5C0B16FBA9EBC4714F64C5ADE98A0B246C336D407CB61
                                  Function 058BB954 Relevance: .1, Instructions: 67COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 374651680ad5ff2d98021a8d98523d7e777448e2a25159fe5cbd90d971c04e22
                                  • Instruction ID: aa34f04f89ff587dcee3207a1e9dd181915d2679286371070ca3a84d4d28fc73
                                  • Opcode Fuzzy Hash: 374651680ad5ff2d98021a8d98523d7e777448e2a25159fe5cbd90d971c04e22
                                  • Instruction Fuzzy Hash: 7631E0B0C012589BDB20CF99C588BCEBFF5BB48314F248059E904BB350C7B55845CFA5
                                  Function 058B9BA9 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8d426b690cb483b0ed1beafbef2a4b78889aea20991f69ab4a78bcdb04c967b1
                                  • Instruction ID: ace4b0a3212640b83e95f8ff534f03d4461182e22123ef6e21f8f8faf7aa0aad
                                  • Opcode Fuzzy Hash: 8d426b690cb483b0ed1beafbef2a4b78889aea20991f69ab4a78bcdb04c967b1
                                  • Instruction Fuzzy Hash: 3F21B374A00908DFD704DF9AE684989BBF1FF88300B6280D5D548AB365DBB1DE20DF05
                                  Function 0103D006 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153018465.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_103d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c73d5e1cde5570b19e7d84fdb3a4c792a81ee92aed8fd54a23e2a3193184172e
                                  • Instruction ID: b0f3aaf222c6402c45d46eddf25d447e46c8ff66a1e2601be18d87c648d117e1
                                  • Opcode Fuzzy Hash: c73d5e1cde5570b19e7d84fdb3a4c792a81ee92aed8fd54a23e2a3193184172e
                                  • Instruction Fuzzy Hash: 342183755083809FCB02CF64D994711BFB5EB86214F28C5DAD8898F2A7C33A9816CB62
                                  Function 058BBC2B Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4141283ed316c8bf882d23d66d55ae642c892f75fc15ca34046809960cf9b57e
                                  • Instruction ID: 992d3af56649c8d5ba7fc6031ea0f545be87c8b74cf75c696f4b07bf84f4d468
                                  • Opcode Fuzzy Hash: 4141283ed316c8bf882d23d66d55ae642c892f75fc15ca34046809960cf9b57e
                                  • Instruction Fuzzy Hash: A6119175A0031A5F9B11EB7988548BFBBFBFBC4250714452AE865D7340EF709D0587A1
                                  Function 058B9BB8 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1353da2a8824308cfce4048ec3ec3ca1303f3f9d4a77a6e3a1d1a1b5767c11dc
                                  • Instruction ID: 0b64a7d576794a97332762b32e6dcc830753142d93963054c5167f56da4d358f
                                  • Opcode Fuzzy Hash: 1353da2a8824308cfce4048ec3ec3ca1303f3f9d4a77a6e3a1d1a1b5767c11dc
                                  • Instruction Fuzzy Hash: 2D218074A00908DFD744DF9AE284999BBF1FF88310B6281D5D948AB325DBB1EE20DF05
                                  Function 0102D1F7 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2152993211.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_102d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 137f5766051e4324e45f0217ede9c43a14289fab1ea42f994ba2cff73d56ee7c
                                  • Instruction ID: 075b66ad6c244ee97dfc20cab53033ab2d0f1a2f9bffd4c2d222ad089f428178
                                  • Opcode Fuzzy Hash: 137f5766051e4324e45f0217ede9c43a14289fab1ea42f994ba2cff73d56ee7c
                                  • Instruction Fuzzy Hash: 8F21E176404240CFDB06CF44D9C4B16BFB2FB85324F24C1AADD480B656C33AD82ACBA1
                                  Function 0102D4BF Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2152993211.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_102d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                  • Instruction ID: 5a7f2bd1c9dca4f9ceb5a43bb7e0ba6c7a15b769b0c804e117969c544b189685
                                  • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                                  • Instruction Fuzzy Hash: B6110372404280CFDB02CF54D5C4B16BFB1FB84314F24C6A9D8490B657C336D85ACBA1
                                  Function 058BBB24 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b8775c682ee7dbcd89ede4302257388cc39335f943a653fd41da8830682b34b1
                                  • Instruction ID: 5e597b20bdbbe99e888f8eed49048fcaf1b9d660642eb588c63917592cff0473
                                  • Opcode Fuzzy Hash: b8775c682ee7dbcd89ede4302257388cc39335f943a653fd41da8830682b34b1
                                  • Instruction Fuzzy Hash: 3721C4B5D002499FDB10CF9AD884BDEBBF8FB48314F508419E919A7310C375A955CFA5
                                  Function 058B67B2 Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d42ba95718fc1969cc733d2877dbb7606fa49f56e57c6212ca5ef3c30cc3bb48
                                  • Instruction ID: 5df93cb787f9c5aabc3e83e433b6bf5131588345c54385b6044989055367535a
                                  • Opcode Fuzzy Hash: d42ba95718fc1969cc733d2877dbb7606fa49f56e57c6212ca5ef3c30cc3bb48
                                  • Instruction Fuzzy Hash: 87214734615A409FE711CF6AE896D6A7FB8FB46300B144446EC52CB711EA75FC06CF15
                                  Function 0103D1CF Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153018465.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_103d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                  • Instruction ID: 17fe14c9ac63fbf3cd0b4461454bfd9616813a6ec2c1f8b944fdb21316acc3d3
                                  • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                  • Instruction Fuzzy Hash: 8511BB75904280DFDB02CF54D5C4B15BBA1FB84224F24C6A9D8894B696C33AD41ACB61
                                  Function 058B9E49 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a5c7ca33d833b6bb274cae3e4768c924736983012c067c67167163d8f2e607a6
                                  • Instruction ID: 2ff00ca9110e553cfa268dcd9e3c143e988236b379bf6c31db74553bc86a80b9
                                  • Opcode Fuzzy Hash: a5c7ca33d833b6bb274cae3e4768c924736983012c067c67167163d8f2e607a6
                                  • Instruction Fuzzy Hash: BB118D74D4924EDBEB00CFA8C4849EDBBBABB09218F10541AEE5AFB341D3B55D41CB24
                                  Function 058BBEEF Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1103325f80ea4bcc63bb387625a7820928b47cfb1f55b32317dea78a64cda2a0
                                  • Instruction ID: 159c543826d4df86c2c7464361500dd84a0263cd0a1d409cef5a6fe10f00ae5c
                                  • Opcode Fuzzy Hash: 1103325f80ea4bcc63bb387625a7820928b47cfb1f55b32317dea78a64cda2a0
                                  • Instruction Fuzzy Hash: 5111EC71904208DFEB15CFAAC4447DABFF5BF49365F24C169E8189B350C6B44985CF94
                                  Function 058BDAA9 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e48476598809c513589640981d74a0e7439526241f85b6cd76ec82663b22adb4
                                  • Instruction ID: 45e1b896d04a5b85f7a6fe785f4967fcdcaa5d900f8135cd49b05cc80d764c7e
                                  • Opcode Fuzzy Hash: e48476598809c513589640981d74a0e7439526241f85b6cd76ec82663b22adb4
                                  • Instruction Fuzzy Hash: 57014F343596849FE315CB25C849F927BA6BF46710F1990D9E5068F2B2D761EC40CB05
                                  Function 058BDAC0 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 98dc4bb8f5dc30a5604239691680cfd538d65ce34453c360c559bd47031005a5
                                  • Instruction ID: c7792088149836801f814d198cd4ad3c3da2f936197da2c45988d97d35ba2450
                                  • Opcode Fuzzy Hash: 98dc4bb8f5dc30a5604239691680cfd538d65ce34453c360c559bd47031005a5
                                  • Instruction Fuzzy Hash: D0014C3075A6849FE315DB29C855B627BA6BF87700F6A80D6E506CF3B2DA65DC01CB02
                                  Function 058B6080 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53909c9d7e8feedb7a01908ca08a33318b9e1a0aecfa2ff7fe8f6736a36ed91d
                                  • Instruction ID: cda57d23d77a9dec421a352b3a1bb6d3a9bde636758da5834e0e2db7a5307c92
                                  • Opcode Fuzzy Hash: 53909c9d7e8feedb7a01908ca08a33318b9e1a0aecfa2ff7fe8f6736a36ed91d
                                  • Instruction Fuzzy Hash: 31016432B086059BD308DF5B9A81542BBAFFFC420031AC037990CC7252EB709C19C291
                                  Function 0102D759 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2152993211.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_102d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fe251a0112a0e84673ff9e07dc759d5b4dec84e5cf602ae671729a4b4844942c
                                  • Instruction ID: 74614e361d04800248fce31f5a8776e75f4f92a8461d86ea76e706e70340e741
                                  • Opcode Fuzzy Hash: fe251a0112a0e84673ff9e07dc759d5b4dec84e5cf602ae671729a4b4844942c
                                  • Instruction Fuzzy Hash: 9001D6711053909AE7508AA9DCC4B6BFFE8FF41724F18C85AED894A286D37D9C44CBB1
                                  Function 058B64B0 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a62dc31deb00c723ac6e15a0e03d1e047bd082f762d880e24179bc27dcecffd
                                  • Instruction ID: 6787b71322430543247f1f1fca731a82a874676fb04bf6254fb14a6069e242da
                                  • Opcode Fuzzy Hash: 1a62dc31deb00c723ac6e15a0e03d1e047bd082f762d880e24179bc27dcecffd
                                  • Instruction Fuzzy Hash: 52017C39A10218CBD7189B36D4554AABFBBFF88721B00456EE90687350DF71A811DB91
                                  Function 058BB719 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3869043d02ba8718a556991f156421fa0b7241453accc3bc8317cfc85adde031
                                  • Instruction ID: 6dd737b7bfb2136c456a82803e583d3887291ddd73da207ac99190aef2d19dc5
                                  • Opcode Fuzzy Hash: 3869043d02ba8718a556991f156421fa0b7241453accc3bc8317cfc85adde031
                                  • Instruction Fuzzy Hash: 1F018F72D0D3869FDB42EBB898045DEBFF8AF06211F1840B7C588D6252E3358919CB96
                                  Function 058B6090 Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d44ec3daab92df5f69418fcc4271a76795b1046e376799c2fded814d14f571ad
                                  • Instruction ID: fece0b35c4cc096b3d76604aa7554aef43daab443e95d427c9fd5144f0955de4
                                  • Opcode Fuzzy Hash: d44ec3daab92df5f69418fcc4271a76795b1046e376799c2fded814d14f571ad
                                  • Instruction Fuzzy Hash: 13F0FF72B08519A7A708DE6B9A81553FAAFFBC8250314C53BA909C2350EFB0AD11C6D1
                                  Function 058BBEF8 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bc6872b2a6f7f41d61062c64dc08ee91635c32c0d7bf4a50a07a5334c146929b
                                  • Instruction ID: 558e18d7c9e68acdf4bf47ded33fe4929bfd63e3ddd91e2dca1b485d08797bfc
                                  • Opcode Fuzzy Hash: bc6872b2a6f7f41d61062c64dc08ee91635c32c0d7bf4a50a07a5334c146929b
                                  • Instruction Fuzzy Hash: 2C01C970900208EFEB14CF9AC4487DABEF5BB48361F24C169E818AB390C7B48985CF94
                                  Function 058B9028 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6b26dec91a3fc580b99535c31fa63d246dba7aef22625e452eb1e899c6728c4e
                                  • Instruction ID: 714d938d4cd2754cae1eab707f3bc8353ea076d7f28f05bc4b297a0cee611e4d
                                  • Opcode Fuzzy Hash: 6b26dec91a3fc580b99535c31fa63d246dba7aef22625e452eb1e899c6728c4e
                                  • Instruction Fuzzy Hash: 0D0128357001058FC740DA38E844A5A3BDFEBC9356F004475F60ACB368CE71AC538752
                                  Function 058B902A Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 97c38e75c8a7327b9670643420d8c2f0ec54e873366cb254916b1354a4ddc156
                                  • Instruction ID: 1f3ed5a311f1ad5ef6cded5d3687019fb425bd4ee9745318566d34e9b526b7e1
                                  • Opcode Fuzzy Hash: 97c38e75c8a7327b9670643420d8c2f0ec54e873366cb254916b1354a4ddc156
                                  • Instruction Fuzzy Hash: FFF04C357001058FC740DA38E444A693BDBEBC9356F004475F60ACB368CF71AC538752
                                  Function 058BC19C Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cddc831ab9aff13db12bc1450f0519ca97117fe62cd07cca8dcafcef345c4827
                                  • Instruction ID: b8cc1b4f2a1b9f1ee6d8e0e2df0cea60dab9aaeacd8789193d6c54885a80bf26
                                  • Opcode Fuzzy Hash: cddc831ab9aff13db12bc1450f0519ca97117fe62cd07cca8dcafcef345c4827
                                  • Instruction Fuzzy Hash: 2C014C7080421ADFEB21DFA9C8043EEBBF5BF04314F208216E865EB2A0D7B44D41CB91
                                  Function 058B9DF9 Relevance: .0, Instructions: 37COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e59b40976632ed5fb7430c3eab058d900df85f6912f015d9015af87c15128bc2
                                  • Instruction ID: 48b6af7c8c10e1ce2d8600ee6919ab836a874d5d5c87461e6edd6433bac4d520
                                  • Opcode Fuzzy Hash: e59b40976632ed5fb7430c3eab058d900df85f6912f015d9015af87c15128bc2
                                  • Instruction Fuzzy Hash: ACF04930D0E249DFD7128BA4C8045FEBFBAAB46310F04455AE996E7351CBF41D00CBA2
                                  Function 0102D758 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2152993211.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_102d000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a6e553f1e9e1dee346de12e6546bfbf03114c34e1c3b7eeffcabc7700ae36641
                                  • Instruction ID: b0f68a2a88ca53f525939537f7dd9c2db83843f4b20fd6d37ecf34bbf601a852
                                  • Opcode Fuzzy Hash: a6e553f1e9e1dee346de12e6546bfbf03114c34e1c3b7eeffcabc7700ae36641
                                  • Instruction Fuzzy Hash: A6F0C2714043809EE7108A0ADC84B62FFE8EF40724F18C49AED484B286C3799C44CBB0
                                  Function 058BCFD8 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03e9f759fab96c970baf4caf4e267a4e9ffd77b9df5b6baab6c01430ae2f9c6c
                                  • Instruction ID: 92c05839d2fdbac08a8f4fbd69a767d5b49b9fc5bbea418d937a55b0ee3063df
                                  • Opcode Fuzzy Hash: 03e9f759fab96c970baf4caf4e267a4e9ffd77b9df5b6baab6c01430ae2f9c6c
                                  • Instruction Fuzzy Hash: 02F09A32605218AFEF08EBA8DC059DEBFBAEB04220F04C16AE508D7210E671E9008795
                                  Function 058BC238 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e584c95b1960d62c2c9c8082d4930a05002d71e2823c7234f4b14484329bfec7
                                  • Instruction ID: f0018d7f224abb4def89c93c193a6044b7314a5137a59fdace1e92d1a59dc861
                                  • Opcode Fuzzy Hash: e584c95b1960d62c2c9c8082d4930a05002d71e2823c7234f4b14484329bfec7
                                  • Instruction Fuzzy Hash: 83F03AB2B082286FD3049A6A9898D67BBE9FF8D26171581BAE548C7351D9349C0087A4
                                  Function 058B7120 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: daa3b9bb18bddd99ccd98bd2942029877bfafc0fcbbc03668f58e1d5b5fb40d8
                                  • Instruction ID: 5c13435116392ecd43a0d37cabe1cb1fec5fb6cc265262d6cd8343f164f9efd8
                                  • Opcode Fuzzy Hash: daa3b9bb18bddd99ccd98bd2942029877bfafc0fcbbc03668f58e1d5b5fb40d8
                                  • Instruction Fuzzy Hash: 31F02BB174075257D3198A2A5C1066BFBDFEBC4251B06C82BE54BC7254EA7099124A90
                                  Function 058BC1A8 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e899281e3f9aebcc7c23651a5f815fdf57332952dc07bfe9f0e05e9fc3199d71
                                  • Instruction ID: 1211f1814893c8c1e940477ca45c000a29781689609a50989dc92aab236e58d4
                                  • Opcode Fuzzy Hash: e899281e3f9aebcc7c23651a5f815fdf57332952dc07bfe9f0e05e9fc3199d71
                                  • Instruction Fuzzy Hash: 0E01DA7080421ADFEB14DF95C4047EE7AF5BB44350F108625E825EB2A0D7B44E44CB95
                                  Function 058BB290 Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 53bce5e85e8fa911e16809556e162b9411c6758940df91f9dba2445090ca7ab3
                                  • Instruction ID: 15eda2cc9111741c2271fa717f20482730d163982055fb83ae556ed7bf28a1a3
                                  • Opcode Fuzzy Hash: 53bce5e85e8fa911e16809556e162b9411c6758940df91f9dba2445090ca7ab3
                                  • Instruction Fuzzy Hash: 67F0A7357001145B9B5496BDA01882E37EFABC96563554477E90ECB364DDB0DC028B91
                                  Function 058B7130 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8478ee3828951573c8e490df4d2dac16014b5e9fd0ea46ffa443160341b37173
                                  • Instruction ID: 2013970614608120436866a0cab92dd8f5f6b8bfc8b0f90c07dd29f64b934b99
                                  • Opcode Fuzzy Hash: 8478ee3828951573c8e490df4d2dac16014b5e9fd0ea46ffa443160341b37173
                                  • Instruction Fuzzy Hash: A9F0273131075647D3189A2B980086BFBEFFBC5250705C83BE50BC7310DE70E90286E0
                                  Function 058BC248 Relevance: .0, Instructions: 32COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b86e6176e9c32212d632c4361001b29205ed887e7a36d48470615e251ed7c904
                                  • Instruction ID: 216a25596292f104bcf075e013e41cfbc57b0002d26e44f71c5f230029cedd2b
                                  • Opcode Fuzzy Hash: b86e6176e9c32212d632c4361001b29205ed887e7a36d48470615e251ed7c904
                                  • Instruction Fuzzy Hash: 78E03972B041286F93049A6EEC84C6BBBEDFBCD660311807AE508C7350D9319C0086A0
                                  Function 058B64A2 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: df5269ab6cd9e46ef04daada8c123648506785d8811bfcad3de56a4a6e8f6c70
                                  • Instruction ID: f52a956e7ce4f90c8e5f145f562b3fdc0f8a900615d89bfda20f659e96e579b2
                                  • Opcode Fuzzy Hash: df5269ab6cd9e46ef04daada8c123648506785d8811bfcad3de56a4a6e8f6c70
                                  • Instruction Fuzzy Hash: 98F02E75F105148BE7098A7689115AD7EBBAFC8350F05413BE401D7394EEB05C1487C0
                                  Function 058B71A1 Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b7beebd0143ecb605525fef736d0a0f40e78f4d8d8bdc568d306297699e41b8d
                                  • Instruction ID: 573199567cde8b7d15792f1c1d3189ee2c1e73a39cfaec1c5a76505e0b83dd1d
                                  • Opcode Fuzzy Hash: b7beebd0143ecb605525fef736d0a0f40e78f4d8d8bdc568d306297699e41b8d
                                  • Instruction Fuzzy Hash: 44E0D8B6B046105BD30897A65C05B6BBBDAAFC8721B05C05AA409D77C4DD706C018AD0
                                  Function 058B50B7 Relevance: .0, Instructions: 26COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 918ffdc4c42933e96bc62bcbc9429659be0eec2a29cffde79f3fca0cff03d093
                                  • Instruction ID: f3070e992ec7693f0cc6a7582ea98311f6421c465864dae2a2d965245e5418d6
                                  • Opcode Fuzzy Hash: 918ffdc4c42933e96bc62bcbc9429659be0eec2a29cffde79f3fca0cff03d093
                                  • Instruction Fuzzy Hash: D5E0D8B341012167F200EA1CCDD19EA3BD4EF613447D44C42E848C9220E614C90AD699
                                  Function 058B8FC8 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 63320a6719503fcfded666b4e9eabe9693616efb030450354122dbc9fbd134f3
                                  • Instruction ID: 4e1cdc960fab877e224ff633aed3205e99830fa09353f4eda739ccb87579d33b
                                  • Opcode Fuzzy Hash: 63320a6719503fcfded666b4e9eabe9693616efb030450354122dbc9fbd134f3
                                  • Instruction Fuzzy Hash: E0E0D8B6B000008FC740DBE89D09A163BE66B8C7127118096F605CF3E4DE708C114F52
                                  Function 058B71B0 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1814aaabcd11fc04a574b7cc5ac84e4d7ac672fe8646c59438a60d0ff81e1e45
                                  • Instruction ID: dfbb8beb80d2f1ec762252bc5974131dbf3f6dbd91b8524722bfe1e41a1af6f5
                                  • Opcode Fuzzy Hash: 1814aaabcd11fc04a574b7cc5ac84e4d7ac672fe8646c59438a60d0ff81e1e45
                                  • Instruction Fuzzy Hash: ECE0863570462417D218566B5C00A6BBBDEEFCD720B14C069E419D7344DD707C0186D4
                                  Function 058B8FD8 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ca63e72fd3701fa6572c0a2c5749e924ccb92629a6c0960c1fc4249008e69856
                                  • Instruction ID: b8b7c0544b9dc4ae6bf5c640aa0f18fee7cc9b98452de1e0bd74fccddfa49a56
                                  • Opcode Fuzzy Hash: ca63e72fd3701fa6572c0a2c5749e924ccb92629a6c0960c1fc4249008e69856
                                  • Instruction Fuzzy Hash: 8CE086757000144F8740EBACD80491A3BEAAB8C6113108065F60ACB394DE749C024F95
                                  Function 058B9F16 Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4d55f5036c4d0d48c800924d4dd1bb506bef40c99f1ee6018f9fae8ed89d6fb3
                                  • Instruction ID: 26b625154d1e56be59b0ff23f59263b774be46a2e473458a459883b9b6458502
                                  • Opcode Fuzzy Hash: 4d55f5036c4d0d48c800924d4dd1bb506bef40c99f1ee6018f9fae8ed89d6fb3
                                  • Instruction Fuzzy Hash: D2D0A932E8900CDBDB10DAE8E8844ECFB39EB8A222B044422DB47E3700C7F00C29CB05
                                  Function 058BCFB0 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f0b7b6521748bad435d9550b036e365429a1d9c4cd35216eafa585f09cc5b146
                                  • Instruction ID: 4a53b15951516ff5da78b2c1f9180bc221218d7ba7b87abb66f1ad9de89e759e
                                  • Opcode Fuzzy Hash: f0b7b6521748bad435d9550b036e365429a1d9c4cd35216eafa585f09cc5b146
                                  • Instruction Fuzzy Hash: 0DC0126651C3C03FE703523094058C32F740B177107178487E180890B394640999D777
                                  Function 058BF928 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 051e6e636c052db1a8b40f4bc2bdf598ddb8c3dc6c0e2af6b225b8d9b3a7258f
                                  • Instruction ID: fe92060296731e4c24b3d495e19ffdee4a96d1f49c129db56f2de29d672162aa
                                  • Opcode Fuzzy Hash: 051e6e636c052db1a8b40f4bc2bdf598ddb8c3dc6c0e2af6b225b8d9b3a7258f
                                  • Instruction Fuzzy Hash: 4BC04C3004560C8BD6146BADA94D3B87FAEE701316F441121E74E85560DBF45860C657
                                  Function 058B9920 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9b3e48f08b917399a9058a7dbea7f96c88cc79c6b7c6f49e0897952f9ff3a808
                                  • Instruction ID: c31e67a653626c06d435efa19433d54a9e02972c2c27b4778ac718fe5d3e9183
                                  • Opcode Fuzzy Hash: 9b3e48f08b917399a9058a7dbea7f96c88cc79c6b7c6f49e0897952f9ff3a808
                                  • Instruction Fuzzy Hash: D0C0925364D3C11FD70B03A54C22D40BFA00C6348430F50C39189EB5F3D020CA65E766
                                  Function 058BA2B8 Relevance: .0, Instructions: 9COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: db12d9d0aba87f9a6abfa75267bc7e09604a89062330f82cd26271f0087278a8
                                  • Instruction ID: 531617a1ed374790737bf39a71718e21b7b14e9596de4158fda2bdc259f8ef4b
                                  • Opcode Fuzzy Hash: db12d9d0aba87f9a6abfa75267bc7e09604a89062330f82cd26271f0087278a8
                                  • Instruction Fuzzy Hash: 2CD0EA74D0820DCBEB54CF94D5886EDBBBAEB49309F204015D81AA6350D7B56D868F41
                                  Function 058BBACC Relevance: .0, Instructions: 8COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 629432db03a57f21b7541394455cb8c7720df774466de00b3a5d3bce10159465
                                  • Instruction ID: 992f595d053c166640bfea88f493319c330f653b57bada972ece4140abaa35fe
                                  • Opcode Fuzzy Hash: 629432db03a57f21b7541394455cb8c7720df774466de00b3a5d3bce10159465
                                  • Instruction Fuzzy Hash: 35B0127B3F960BA2B00862684C949AB5465FFA2B01F90DC017A488021485F05C6A997F
                                  Function 058B891C Relevance: .0, Instructions: 7COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0f5ee535ce72543bc4df31ac1c592b9d5ae28ec8da833ee5a06eaa3ff9bc3207
                                  • Instruction ID: 0c71c119e2c7aea5f0bea79dc5102e09a73f676e33bf35b55f3f01b0b244571b
                                  • Opcode Fuzzy Hash: 0f5ee535ce72543bc4df31ac1c592b9d5ae28ec8da833ee5a06eaa3ff9bc3207
                                  • Instruction Fuzzy Hash: 83C02B30D2022D85D200EB74E840C8C236FEB4060030009245804821A2C5907C105D03

                                  Non-executed Functions

                                  Function 0707BDB0 Relevance: 2.8, Strings: 2, Instructions: 298COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHcq$PHcq
                                  • API String ID: 0-4229179212
                                  • Opcode ID: bda9c6d06b36edfe882d384ee2e691534241704ab9a09a0c6e2363fa60cf43ce
                                  • Instruction ID: 44dad94c518acbe87867ba391e1e07e870b618c878ec587c7883874af7d0f75c
                                  • Opcode Fuzzy Hash: bda9c6d06b36edfe882d384ee2e691534241704ab9a09a0c6e2363fa60cf43ce
                                  • Instruction Fuzzy Hash: 23D1B2B4A006098FDB58DF69C598AA9B7F1BF8D701F2581A8E505EB361DB31AD40CF60
                                  Function 058B51E4 Relevance: 2.7, Strings: 2, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq
                                  • API String ID: 0-2088518435
                                  • Opcode ID: e47cf752167e0e6d771a505c44edb38396372473f5c56452c832c63ed5316d01
                                  • Instruction ID: 6f5f1ffd82ffc6bc2ddac5cbf7508fad5997e809b84a12d0966af03f7830c30b
                                  • Opcode Fuzzy Hash: e47cf752167e0e6d771a505c44edb38396372473f5c56452c832c63ed5316d01
                                  • Instruction Fuzzy Hash: A171C370B101098FEB04DF69D8919AEBBFAFB89304F15811AE901DB351EB71AD05CF91
                                  Function 058B5940 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq
                                  • API String ID: 0-2088518435
                                  • Opcode ID: 04573b8f339557fb46f61fcc922b5dca35c3b0592ff29ae4352916c9d0f7002b
                                  • Instruction ID: 9dae7fb6744f6138f600cac62f42396f3658bbe0c2cd3b8f47e89f903d694a25
                                  • Opcode Fuzzy Hash: 04573b8f339557fb46f61fcc922b5dca35c3b0592ff29ae4352916c9d0f7002b
                                  • Instruction Fuzzy Hash: 1F41E971B100198FEB08DF69D9556BEFBBAFB98314F11412AD502EB390DAB19D01CF91
                                  Function 058B5950 Relevance: 2.6, Strings: 2, Instructions: 133COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Tecq$Tecq
                                  • API String ID: 0-2088518435
                                  • Opcode ID: 11bdafddac5d0be153512399cf9de49d34c1e5065a311cc8d1a70d32c6238859
                                  • Instruction ID: 53b7fedaaa2d26f300a838a19934705f12dddec6192834a588a67f66a1540cba
                                  • Opcode Fuzzy Hash: 11bdafddac5d0be153512399cf9de49d34c1e5065a311cc8d1a70d32c6238859
                                  • Instruction Fuzzy Hash: 4941E871B100198FDB08DF69D855ABEFBBAFB88314F11412AD902EB390DA719D01CF91
                                  Function 058B4888 Relevance: 1.6, Strings: 1, Instructions: 348COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Hgq
                                  • API String ID: 0-2103768809
                                  • Opcode ID: 8d7234e953525b92a4eb3aa213a1934c635f4bd581d872ea23b0beae670008be
                                  • Instruction ID: 5ed7ee45862e69cf3620c1ec536df084ee5ed6c7d1cb1b06c79702a3124c8137
                                  • Opcode Fuzzy Hash: 8d7234e953525b92a4eb3aa213a1934c635f4bd581d872ea23b0beae670008be
                                  • Instruction Fuzzy Hash: AAD184B5A102199FDB04DFB8D8546AEBBF6FF88300F108469D449EB395DB34AD41CBA1
                                  Function 058B8140 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ax^
                                  • API String ID: 0-994873808
                                  • Opcode ID: 5f299271c9ca40fee71ebd2ff28ed14b5b943f8ee8b6ca61af30c73131c200a7
                                  • Instruction ID: feeba9e9ddc37976f862c8b604823dab7fa057f46ae9218867e36cb78a533f19
                                  • Opcode Fuzzy Hash: 5f299271c9ca40fee71ebd2ff28ed14b5b943f8ee8b6ca61af30c73131c200a7
                                  • Instruction Fuzzy Hash: 3C41A079F1120ACFDB44DF99C8859EEBBBABB88304F15852AD905EB350D2B4CD018E61
                                  Function 058B8150 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ax^
                                  • API String ID: 0-994873808
                                  • Opcode ID: dad259ecc5e49ef042380b0164620bdf37b4d8a218a74231cd167962496c5be0
                                  • Instruction ID: 5aefb8559327d9754742abe057b80998cf0f789b29a256d41f469c210c33b0d4
                                  • Opcode Fuzzy Hash: dad259ecc5e49ef042380b0164620bdf37b4d8a218a74231cd167962496c5be0
                                  • Instruction Fuzzy Hash: CF418279F1520ACBDB44DF99C8858EABBBEBB88304F15852AD905EB350C674DD018E61
                                  Function 052F0040 Relevance: .3, Instructions: 315COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2161036198.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_52f0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1282da783d7158fb7507cda7e99d7958852b95f4f7e17c215f524ec8c0ea4007
                                  • Instruction ID: 5cf888bfc1deb05de4d4ad7be6da84d9b2ec911536f51c5e792e37051e87aa32
                                  • Opcode Fuzzy Hash: 1282da783d7158fb7507cda7e99d7958852b95f4f7e17c215f524ec8c0ea4007
                                  • Instruction Fuzzy Hash: 8012B8F1C817459AD330CF65E94E5893BB1B741398FD04A09D2A12F2E9EBB416AACF44
                                  Function 070744D8 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f4c31595a812d3bf2fe1d19a52b99ea72f936ee9bdb6d3344418ab8b30897c2b
                                  • Instruction ID: d8cc73087f5ebdda2bc91c3a24334094feed0acd7af23e4e5e0c3a75e5413858
                                  • Opcode Fuzzy Hash: f4c31595a812d3bf2fe1d19a52b99ea72f936ee9bdb6d3344418ab8b30897c2b
                                  • Instruction Fuzzy Hash: F7E109B4E012598FCB54DFA9C5809AEFBF2FF89304F248269E414AB356D730A941CF65
                                  Function 070763F0 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 90690d70e05dd2fc30f34235d2039a5a14d141c48322c4637b0edbd3bdbedc97
                                  • Instruction ID: 3422e78543b91c95869037eab143279dc4d6df8c45147489bdfc2d0c3166485d
                                  • Opcode Fuzzy Hash: 90690d70e05dd2fc30f34235d2039a5a14d141c48322c4637b0edbd3bdbedc97
                                  • Instruction Fuzzy Hash: ACE128B4E016198FCB14DFA8C5809AEFBF2FF89304F248269D415AB355D731A981CF65
                                  Function 07075FB8 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5a7638a0ec7e104d33c7ce2e2ee9f52353af4ee01543c730d11713225bb005a5
                                  • Instruction ID: 383fa25370cb5a3f0ae1c2af9fb3c73b4c6f6668971ec3250acb7a216c9fcda3
                                  • Opcode Fuzzy Hash: 5a7638a0ec7e104d33c7ce2e2ee9f52353af4ee01543c730d11713225bb005a5
                                  • Instruction Fuzzy Hash: 88E138B4E006198FCB14DFA8C5809AEFBF2FF89304F248269D415AB316D731A941CFA5
                                  Function 07074910 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e8ca2b0bf6240318575829b0bdc931adf9fa9c0317e850eedfc81de1513ba8db
                                  • Instruction ID: d68661bfdefd86788a20bba3023fcba3f8c4689235d331b8c0cc113dc40c4fbb
                                  • Opcode Fuzzy Hash: e8ca2b0bf6240318575829b0bdc931adf9fa9c0317e850eedfc81de1513ba8db
                                  • Instruction Fuzzy Hash: 9AE106B4E0125A8FCB54DFA9C5809AEFBF2BF89304F248269E414AB355D730AD41CF65
                                  Function 07076828 Relevance: .3, Instructions: 312COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ba7bde4d7a06cee55a40cc3e7101a08499be650b096441a189c7ae5e03a6716
                                  • Instruction ID: 8feeefee0107425674e2b485945f422cf73fce95af7fefc8722552c5a448813d
                                  • Opcode Fuzzy Hash: 5ba7bde4d7a06cee55a40cc3e7101a08499be650b096441a189c7ae5e03a6716
                                  • Instruction Fuzzy Hash: 57E128B4E006598FCB14DFA9C5809AEFBF2FF89304F248269D415AB315D731A981CF65
                                  Function 058BC7B0 Relevance: .3, Instructions: 273COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 31dba9f66b235bd28f4fc4308823ffe4d3e44e503f3b1408505a6120560443cd
                                  • Instruction ID: 8eb94af34aa364934ebbd84cc978817e74c20a902738392a470fb0a5cc79e072
                                  • Opcode Fuzzy Hash: 31dba9f66b235bd28f4fc4308823ffe4d3e44e503f3b1408505a6120560443cd
                                  • Instruction Fuzzy Hash: 32D1063191075A8ACB10EF64D99069DB772FF95300F20DB9AE50A3B224EB706AC5CF91
                                  Function 058BC7C0 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f501673c2210701cd0b4a8764f7c4b149786c324ac1a78550eaa14e6a151a95a
                                  • Instruction ID: 0e60bef0ff16274c02675a2f66aee7c4e9284af166c1db5b131076d46c45f576
                                  • Opcode Fuzzy Hash: f501673c2210701cd0b4a8764f7c4b149786c324ac1a78550eaa14e6a151a95a
                                  • Instruction Fuzzy Hash: CCD1073191075A8ACB10EF64D99069DF772FF95300F20DB9AE50A3B224EB706AC5CF91
                                  Function 0133DDEC Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2153505804.0000000001330000.00000040.00000800.00020000.00000000.sdmp, Offset: 01330000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1330000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0a5d42b37e347816353656b2f8fbb2986643b982dcc734c991644add94e6a87b
                                  • Instruction ID: 6d161b7a8d1548228d79560f8fea8f6afe895ef77de012b8aace98d2ba201a16
                                  • Opcode Fuzzy Hash: 0a5d42b37e347816353656b2f8fbb2986643b982dcc734c991644add94e6a87b
                                  • Instruction Fuzzy Hash: 55A18E32E0020ACFCF05DFB8C88049EBBB6FFD9304B55856AE905AB265DB31E915CB50
                                  Function 052F0006 Relevance: .2, Instructions: 238COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2161036198.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_52f0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a7876e0917d15f8105b665f2fbf0668f54443935df7b4efad479d62118ce02a
                                  • Instruction ID: b04e7ba9bab3d28fa225a35723cebd5bb41d254eec2a3dda30ded775fe39a646
                                  • Opcode Fuzzy Hash: 1a7876e0917d15f8105b665f2fbf0668f54443935df7b4efad479d62118ce02a
                                  • Instruction Fuzzy Hash: DBC15AB1C817459FD720CF24E84E5897BB1BB81394FD04B09D1A16F2E9EBB416AACF44
                                  Function 052FE8E0 Relevance: .2, Instructions: 184COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2161036198.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_52f0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ae6c8f3bc758ce1d7281ed104b4e97dc9a2460d9611845e5bbf1db0711ec55cc
                                  • Instruction ID: 5dc7e8d05b4c620ffb4cbe0eb37478cd5da58526014bc4b133689cd421d3990f
                                  • Opcode Fuzzy Hash: ae6c8f3bc758ce1d7281ed104b4e97dc9a2460d9611845e5bbf1db0711ec55cc
                                  • Instruction Fuzzy Hash: EA71E571620A068FE775CF38D481A96B7F6FF89304B054E29E2A6CB660D774F845CB90
                                  Function 07074900 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162634051.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7070000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e627ece820d1fba02091bab714dff2177451dc20d06fdb341843355367d56e1a
                                  • Instruction ID: dd8bad4616f5c66cf844b0f1844c607ba522385c33805909e48c1d484a742418
                                  • Opcode Fuzzy Hash: e627ece820d1fba02091bab714dff2177451dc20d06fdb341843355367d56e1a
                                  • Instruction Fuzzy Hash: 9B512DB1E012598FCB14DFA9C5805AEFBF2BF89304F24C26AE418A7315D7309941CF65
                                  Function 058BCD60 Relevance: .1, Instructions: 118COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 872f057a79c2af0ea6ba25a5ad356fc510b03607d1a41769fc3d160c14e04cab
                                  • Instruction ID: a964091ffad9d3d7f0cfdbf28c5af58a431e89d1c3c25360e9314388d19ae279
                                  • Opcode Fuzzy Hash: 872f057a79c2af0ea6ba25a5ad356fc510b03607d1a41769fc3d160c14e04cab
                                  • Instruction Fuzzy Hash: 0F419235B0521ADFDB44CFA8C9418FEBFBBEF89204B14955AE905EB350D6B18D428B81
                                  Function 058BCD70 Relevance: .1, Instructions: 113COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c7d78a47ad3212cb4d5ca259969f56a6fd3a31e7174973f29254c7ae9b389d50
                                  • Instruction ID: 5da87509cd6a3d0b188044d1ae0b8e091bebcda4327bfafc7a1d3b23ad86b3a2
                                  • Opcode Fuzzy Hash: c7d78a47ad3212cb4d5ca259969f56a6fd3a31e7174973f29254c7ae9b389d50
                                  • Instruction Fuzzy Hash: 5B41A435B0411ADFDB44CFA8D9418FEBF7BEF89204B54541AED05EB350D6B18D428745
                                  Function 058B5E0A Relevance: .1, Instructions: 107COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e534a7c40a5cca4e4995f4de9480b11786d524586f1f2c48f2e2364665f87b05
                                  • Instruction ID: 8b155cbccd301ce0ba4295ca4560dcf3409b69c21a98cc16b09f9627c93eaebd
                                  • Opcode Fuzzy Hash: e534a7c40a5cca4e4995f4de9480b11786d524586f1f2c48f2e2364665f87b05
                                  • Instruction Fuzzy Hash: 2E3104B5F041198FD708CF99D5915BEFBFBEB88600F118066E899EB390D6B1DD028A51
                                  Function 058B75F8 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e147996d967a2e8ffb9ab13605ec2676548ca5a4f3225c01b28516fcaeb113ed
                                  • Instruction ID: 8b3253e04de3680ed7ce366623cdc8ed4ba2b8ba1bc434248af8dfcdfd282a43
                                  • Opcode Fuzzy Hash: e147996d967a2e8ffb9ab13605ec2676548ca5a4f3225c01b28516fcaeb113ed
                                  • Instruction Fuzzy Hash: 1241D135A10706CFD760CB6DC889AAABBF6EFC5340F15883AE45ACB660D674E941CF41
                                  Function 058B7608 Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2162249858.00000000058B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_58b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f9f851111587c460cad148981ed7ef726a588af9eb88b1b2fdd0653b8537c543
                                  • Instruction ID: e560d93deddfc0855bad947773bd48b5fed605c1a978264aaa49d5fe71b22dfc
                                  • Opcode Fuzzy Hash: f9f851111587c460cad148981ed7ef726a588af9eb88b1b2fdd0653b8537c543
                                  • Instruction Fuzzy Hash: 7E41BF35A1070A8FD760CA69C8889AABBF6EBC5314F14882AE41ACB764D674E941CF41

                                  Execution Graph

                                  Execution Coverage:9.1%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:1.8%
                                  Total number of Nodes:166
                                  Total number of Limit Nodes:23
                                  execution_graph 40910 69b3ee8 DuplicateHandle 40911 69b3f7e 40910->40911 40912 69bc648 40913 69bc68a 40912->40913 40914 69bc690 LoadLibraryExW 40912->40914 40913->40914 40915 69bc6c1 40914->40915 40916 2bb0848 40918 2bb084e 40916->40918 40917 2bb091b 40918->40917 40922 2bb137f 40918->40922 40928 69b2b98 40918->40928 40932 69b2b88 40918->40932 40924 2bb1383 40922->40924 40923 2bb14a6 40923->40918 40924->40923 40936 2bb8268 40924->40936 40941 2bbfed8 40924->40941 40947 2bbfee8 40924->40947 40929 69b2ba7 40928->40929 40984 69b233c 40929->40984 40933 69b2ba7 40932->40933 40934 69b233c 4 API calls 40933->40934 40935 69b2bc8 40934->40935 40935->40918 40937 2bb8272 40936->40937 40938 2bb828c 40937->40938 40953 6a1f729 40937->40953 40957 6a1f738 40937->40957 40938->40924 40942 2bbfef0 40941->40942 40943 2bbff35 40942->40943 40961 69b00c2 40942->40961 40966 69b0007 40942->40966 40971 69b0040 40942->40971 40943->40924 40948 2bbfef0 40947->40948 40949 2bbff35 40948->40949 40950 69b00c2 2 API calls 40948->40950 40951 69b0040 2 API calls 40948->40951 40952 69b0007 2 API calls 40948->40952 40949->40924 40950->40948 40951->40948 40952->40948 40954 6a1f74d 40953->40954 40955 6a1f95e 40954->40955 40956 6a1fd78 GlobalMemoryStatusEx GlobalMemoryStatusEx 40954->40956 40955->40938 40956->40954 40958 6a1f74d 40957->40958 40959 6a1f95e 40958->40959 40960 6a1fd78 GlobalMemoryStatusEx GlobalMemoryStatusEx 40958->40960 40959->40938 40960->40958 40963 69b007d 40961->40963 40962 69b00c0 40962->40942 40963->40962 40976 69b00e8 40963->40976 40980 69b00e0 40963->40980 40968 69b0040 40966->40968 40967 69b00c0 40967->40942 40968->40967 40969 69b00e8 SetWindowsHookExA 40968->40969 40970 69b00e0 SetWindowsHookExA 40968->40970 40969->40968 40970->40968 40973 69b005d 40971->40973 40972 69b00c0 40972->40942 40973->40972 40974 69b00e8 SetWindowsHookExA 40973->40974 40975 69b00e0 SetWindowsHookExA 40973->40975 40974->40973 40975->40973 40978 69b012c SetWindowsHookExA 40976->40978 40979 69b0172 40978->40979 40979->40963 40983 69b00e8 SetWindowsHookExA 40980->40983 40982 69b0172 40982->40963 40983->40982 40985 69b2347 40984->40985 40988 69b3a9c 40985->40988 40987 69b454e 40987->40987 40989 69b3aa7 40988->40989 40990 69b4c74 40989->40990 40993 69b6900 40989->40993 40997 69b68ff 40989->40997 40990->40987 40994 69b6921 40993->40994 40995 69b6945 40994->40995 41001 69b6ab0 40994->41001 40995->40990 40999 69b6900 40997->40999 40998 69b6945 40998->40990 40999->40998 41000 69b6ab0 4 API calls 40999->41000 41000->40998 41002 69b6abd 41001->41002 41003 69b6af6 41002->41003 41005 69b57c4 41002->41005 41003->40995 41006 69b57cf 41005->41006 41008 69b6b68 41006->41008 41009 69b57f8 41006->41009 41008->41008 41010 69b5803 41009->41010 41016 69b5808 41010->41016 41012 69b6bd7 41020 69bbf10 41012->41020 41028 69bbf28 41012->41028 41013 69b6c11 41013->41008 41019 69b5813 41016->41019 41017 69b7d78 41017->41012 41018 69b6900 4 API calls 41018->41017 41019->41017 41019->41018 41021 69bbf28 41020->41021 41023 69bbf65 41021->41023 41037 69bc191 41021->41037 41041 69bc1a0 41021->41041 41022 69bbfa5 41045 69bd490 41022->41045 41054 69bd4a0 41022->41054 41023->41013 41029 69bbf59 41028->41029 41031 69bc059 41028->41031 41030 69bbf65 41029->41030 41035 69bc191 3 API calls 41029->41035 41036 69bc1a0 3 API calls 41029->41036 41030->41013 41031->41013 41032 69bbfa5 41033 69bd490 2 API calls 41032->41033 41034 69bd4a0 2 API calls 41032->41034 41033->41031 41034->41031 41035->41032 41036->41032 41063 69bc1e0 41037->41063 41072 69bc1f0 41037->41072 41038 69bc1aa 41038->41022 41042 69bc1aa 41041->41042 41043 69bc1f0 2 API calls 41041->41043 41044 69bc1e0 2 API calls 41041->41044 41042->41022 41043->41042 41044->41042 41046 69bd4a0 41045->41046 41081 69bda00 41046->41081 41086 69bd9f0 41046->41086 41047 69bd54e 41048 69bb584 GetModuleHandleW 41047->41048 41050 69bd57a 41047->41050 41049 69bd5be 41048->41049 41053 69be370 CreateWindowExW 41049->41053 41053->41050 41055 69bd4cb 41054->41055 41061 69bda00 GetModuleHandleW 41055->41061 41062 69bd9f0 GetModuleHandleW 41055->41062 41056 69bd54e 41059 69bd57a 41056->41059 41091 69bb584 41056->41091 41061->41056 41062->41056 41064 69bc201 41063->41064 41067 69bc224 41063->41067 41065 69bb584 GetModuleHandleW 41064->41065 41066 69bc20c 41065->41066 41066->41067 41071 69bc479 GetModuleHandleW 41066->41071 41067->41038 41068 69bc428 GetModuleHandleW 41070 69bc455 41068->41070 41069 69bc21c 41069->41067 41069->41068 41070->41038 41071->41069 41073 69bc201 41072->41073 41075 69bc224 41072->41075 41074 69bb584 GetModuleHandleW 41073->41074 41076 69bc20c 41074->41076 41075->41038 41076->41075 41080 69bc479 GetModuleHandleW 41076->41080 41077 69bc21c 41077->41075 41078 69bc428 GetModuleHandleW 41077->41078 41079 69bc455 41078->41079 41079->41038 41080->41077 41082 69bda2d 41081->41082 41083 69bdaae 41082->41083 41084 69bdb70 GetModuleHandleW 41082->41084 41085 69bdb60 GetModuleHandleW 41082->41085 41084->41083 41085->41083 41087 69bda00 41086->41087 41088 69bdaae 41087->41088 41089 69bdb70 GetModuleHandleW 41087->41089 41090 69bdb60 GetModuleHandleW 41087->41090 41089->41088 41090->41088 41092 69bc3e0 GetModuleHandleW 41091->41092 41094 69bc455 41092->41094 41095 69be370 41094->41095 41097 69be37a 41095->41097 41096 69be386 41096->41059 41097->41096 41098 69be493 CreateWindowExW 41097->41098 41099 69be4f4 41098->41099 40907 2bb70b0 40908 2bb70f4 CheckRemoteDebuggerPresent 40907->40908 40909 2bb7136 40908->40909 41100 7052e38 41101 7053140 41100->41101 41102 7052e60 41100->41102 41103 7052e69 41102->41103 41106 7052344 41102->41106 41105 7052e8c 41107 705234f 41106->41107 41109 7053183 41107->41109 41110 7052360 41107->41110 41109->41105 41111 70531b8 OleInitialize 41110->41111 41112 705321c 41111->41112 41112->41109

                                  Executed Functions

                                  Function 06A13140 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 6a13140-6a13161 1 6a13163-6a13166 0->1 2 6a13168-6a13187 1->2 3 6a1318c-6a1318f 1->3 2->3 4 6a13930-6a13932 3->4 5 6a13195-6a131b4 3->5 6 6a13934 4->6 7 6a13939-6a1393c 4->7 13 6a131b6-6a131b9 5->13 14 6a131cd-6a131d7 5->14 6->7 7->1 9 6a13942-6a1394b 7->9 13->14 15 6a131bb-6a131cb 13->15 18 6a131dd-6a131ec 14->18 15->18 126 6a131ee call 6a13960 18->126 127 6a131ee call 6a13958 18->127 19 6a131f3-6a131f8 20 6a13205-6a134e2 19->20 21 6a131fa-6a13200 19->21 42 6a13922-6a1392f 20->42 43 6a134e8-6a13597 20->43 21->9 52 6a135c0 43->52 53 6a13599-6a135be 43->53 54 6a135c9-6a135dc 52->54 53->54 57 6a135e2-6a13604 54->57 58 6a13909-6a13915 54->58 57->58 61 6a1360a-6a13614 57->61 58->43 59 6a1391b 58->59 59->42 61->58 62 6a1361a-6a13625 61->62 62->58 63 6a1362b-6a13701 62->63 75 6a13703-6a13705 63->75 76 6a1370f-6a1373f 63->76 75->76 80 6a13741-6a13743 76->80 81 6a1374d-6a13759 76->81 80->81 82 6a137b9-6a137bd 81->82 83 6a1375b-6a1375f 81->83 84 6a137c3-6a137ff 82->84 85 6a138fa-6a13903 82->85 83->82 86 6a13761-6a1378b 83->86 96 6a13801-6a13803 84->96 97 6a1380d-6a1381b 84->97 85->58 85->63 93 6a13799-6a137b6 86->93 94 6a1378d-6a1378f 86->94 93->82 94->93 96->97 100 6a13832-6a1383d 97->100 101 6a1381d-6a13828 97->101 104 6a13855-6a13866 100->104 105 6a1383f-6a13845 100->105 101->100 106 6a1382a 101->106 110 6a13868-6a1386e 104->110 111 6a1387e-6a1388a 104->111 107 6a13847 105->107 108 6a13849-6a1384b 105->108 106->100 107->104 108->104 112 6a13870 110->112 113 6a13872-6a13874 110->113 115 6a138a2-6a138f3 111->115 116 6a1388c-6a13892 111->116 112->111 113->111 115->85 117 6a13894 116->117 118 6a13896-6a13898 116->118 117->115 118->115 126->19 127->19
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq$$cq$$cq$$cq$$cq
                                  • API String ID: 0-2877684506
                                  • Opcode ID: c1a7ae24338fefb1155bbf0ab4e541c14a30a44741a15a85aad1507ad5559125
                                  • Instruction ID: 8da635e471664eac7a3f92aba6dc77b8f0228fa143209c39bc8355fe730107d6
                                  • Opcode Fuzzy Hash: c1a7ae24338fefb1155bbf0ab4e541c14a30a44741a15a85aad1507ad5559125
                                  • Instruction Fuzzy Hash: AC323F31E1061ACBCB14EF75C99459DB7B6BFC9300F60969AD409AB264EF30A985CB90
                                  Function 06A17E68 Relevance: 3.0, Strings: 2, Instructions: 477COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 670 6a17e68-6a17e86 671 6a17e88-6a17e8b 670->671 672 6a17e8d-6a17ea7 671->672 673 6a17eac-6a17eaf 671->673 672->673 674 6a17eb1-6a17ebf 673->674 675 6a17ec6-6a17ec9 673->675 682 6a17ec1 674->682 683 6a17f0e-6a17f24 674->683 676 6a17ecb-6a17ee7 675->676 677 6a17eec-6a17eef 675->677 676->677 680 6a17ef1-6a17efb 677->680 681 6a17efc-6a17efe 677->681 685 6a17f00 681->685 686 6a17f05-6a17f08 681->686 682->675 690 6a17f2a-6a17f33 683->690 691 6a1813f-6a18149 683->691 685->686 686->671 686->683 692 6a17f39-6a17f56 690->692 693 6a1814a-6a1817f 690->693 702 6a1812c-6a18139 692->702 703 6a17f5c-6a17f84 692->703 696 6a18181-6a18184 693->696 698 6a181a7-6a181aa 696->698 699 6a18186-6a181a2 696->699 700 6a181b0-6a181bc 698->700 701 6a18257-6a1825a 698->701 699->698 707 6a181c7-6a181c9 700->707 704 6a18260-6a1826f 701->704 705 6a1848f-6a18491 701->705 702->690 702->691 703->702 724 6a17f8a-6a17f93 703->724 720 6a18271-6a1828c 704->720 721 6a1828e-6a182d2 704->721 708 6a18493 705->708 709 6a18498-6a1849b 705->709 711 6a181e1-6a181e5 707->711 712 6a181cb-6a181d1 707->712 708->709 709->696 713 6a184a1-6a184aa 709->713 718 6a181f3 711->718 719 6a181e7-6a181f1 711->719 716 6a181d3 712->716 717 6a181d5-6a181d7 712->717 716->711 717->711 723 6a181f8-6a181fa 718->723 719->723 720->721 730 6a18463-6a18479 721->730 731 6a182d8-6a182e9 721->731 726 6a18211-6a1824a 723->726 727 6a181fc-6a181ff 723->727 724->693 729 6a17f99-6a17fb5 724->729 726->704 750 6a1824c-6a18256 726->750 727->713 736 6a17fbb-6a17fe5 729->736 737 6a1811a-6a18126 729->737 730->705 740 6a182ef-6a1830c 731->740 741 6a1844e-6a1845d 731->741 753 6a18110-6a18115 736->753 754 6a17feb-6a18013 736->754 737->702 737->724 740->741 752 6a18312-6a18408 call 6a16688 740->752 741->730 741->731 803 6a18416 752->803 804 6a1840a-6a18414 752->804 753->737 754->753 761 6a18019-6a18047 754->761 761->753 766 6a1804d-6a18056 761->766 766->753 767 6a1805c-6a1808e 766->767 775 6a18090-6a18094 767->775 776 6a18099-6a180b5 767->776 775->753 777 6a18096 775->777 776->737 778 6a180b7-6a1810e call 6a16688 776->778 777->776 778->737 805 6a1841b-6a1841d 803->805 804->805 805->741 806 6a1841f-6a18424 805->806 807 6a18432 806->807 808 6a18426-6a18430 806->808 809 6a18437-6a18439 807->809 808->809 809->741 810 6a1843b-6a18447 809->810 810->741
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq
                                  • API String ID: 0-2695052418
                                  • Opcode ID: 6ad3d3409a17c5344a37ef636b2ec51d9788f845a7c4515bdf70fb8ebc23975d
                                  • Instruction ID: 6c6c35a65ff9a440f1a27beb80dff8c047b65ca90879cdb25fa1b55083248a95
                                  • Opcode Fuzzy Hash: 6ad3d3409a17c5344a37ef636b2ec51d9788f845a7c4515bdf70fb8ebc23975d
                                  • Instruction Fuzzy Hash: 4F029E31B002168FDB55EB68D9906AEB7F2FF84310F248569E8169F394DB35ED42CB90
                                  Function 06A15268 Relevance: 1.9, Strings: 1, Instructions: 607COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2073 6a15268-6a15285 2074 6a15287-6a1528a 2073->2074 2075 6a1528c-6a152a9 2074->2075 2076 6a152ae-6a152b1 2074->2076 2075->2076 2077 6a153c7-6a153d0 2076->2077 2078 6a152b7-6a152ba 2076->2078 2081 6a153d6 2077->2081 2082 6a152f8-6a15301 2077->2082 2079 6a152d2-6a152d5 2078->2079 2080 6a152bc-6a152cd 2078->2080 2084 6a152d7-6a152da 2079->2084 2085 6a152df-6a152e2 2079->2085 2080->2079 2086 6a153db-6a153de 2081->2086 2087 6a15307-6a15312 2082->2087 2088 6a15456-6a15483 2082->2088 2084->2085 2093 6a152f3-6a152f6 2085->2093 2094 6a152e4-6a152e8 2085->2094 2091 6a153e0-6a153e3 2086->2091 2092 6a153ea-6a153ed 2086->2092 2087->2088 2095 6a15318-6a15328 2087->2095 2113 6a1548d-6a15490 2088->2113 2096 6a153e5 2091->2096 2097 6a15419-6a15427 2091->2097 2101 6a153fa-6a153fd 2092->2101 2102 6a153ef-6a153f5 2092->2102 2093->2082 2103 6a15337-6a1533a 2093->2103 2098 6a15448-6a15455 2094->2098 2099 6a152ee 2094->2099 2095->2088 2104 6a1532e-6a15332 2095->2104 2096->2092 2112 6a1542e-6a15431 2097->2112 2099->2093 2107 6a15414-6a15417 2101->2107 2108 6a153ff-6a1540f 2101->2108 2102->2101 2105 6a15342-6a15345 2103->2105 2106 6a1533c-6a1533d 2103->2106 2104->2103 2110 6a15362-6a15365 2105->2110 2111 6a15347-6a1535d 2105->2111 2106->2105 2107->2097 2109 6a15436-6a15438 2107->2109 2108->2107 2114 6a1543a 2109->2114 2115 6a1543f-6a15442 2109->2115 2116 6a15367-6a1536c 2110->2116 2117 6a1536f-6a15372 2110->2117 2111->2110 2112->2109 2118 6a154b2-6a154b5 2113->2118 2119 6a15492-6a15496 2113->2119 2114->2115 2115->2074 2115->2098 2116->2117 2124 6a15374-6a1537d 2117->2124 2125 6a1537e-6a15381 2117->2125 2121 6a154b7-6a154c1 2118->2121 2122 6a154c6-6a154c9 2118->2122 2126 6a1557a-6a155b4 2119->2126 2127 6a1549c-6a154a4 2119->2127 2121->2122 2128 6a154eb-6a154ee 2122->2128 2129 6a154cb-6a154cf 2122->2129 2130 6a15391-6a15394 2125->2130 2131 6a15383-6a1538a 2125->2131 2140 6a155b6-6a155b9 2126->2140 2127->2126 2132 6a154aa-6a154ad 2127->2132 2135 6a154f0-6a154f7 2128->2135 2136 6a154f8-6a154fb 2128->2136 2129->2126 2134 6a154d5-6a154dd 2129->2134 2130->2091 2138 6a15396-6a15399 2130->2138 2131->2106 2137 6a1538c 2131->2137 2132->2118 2134->2126 2141 6a154e3-6a154e6 2134->2141 2142 6a1550b-6a1550e 2136->2142 2143 6a154fd-6a15504 2136->2143 2137->2130 2144 6a153b5-6a153b8 2138->2144 2145 6a1539b-6a153b0 2138->2145 2146 6a155c7-6a155ca 2140->2146 2147 6a155bb-6a155c2 2140->2147 2141->2128 2152 6a15510-6a15514 2142->2152 2153 6a15528-6a1552b 2142->2153 2150 6a15572-6a15579 2143->2150 2151 6a15506 2143->2151 2148 6a153c2-6a153c5 2144->2148 2149 6a153ba-6a153bf 2144->2149 2145->2144 2157 6a15644-6a157d8 2146->2157 2158 6a155cc-6a155cf 2146->2158 2147->2146 2148->2077 2148->2086 2149->2148 2151->2142 2152->2126 2159 6a15516-6a1551e 2152->2159 2155 6a15543-6a15546 2153->2155 2156 6a1552d-6a1553e 2153->2156 2163 6a15560-6a15562 2155->2163 2164 6a15548-6a1554c 2155->2164 2156->2155 2222 6a15911-6a15924 2157->2222 2223 6a157de-6a157e5 2157->2223 2161 6a155d1-6a155e2 2158->2161 2162 6a155ed-6a155f0 2158->2162 2159->2126 2160 6a15520-6a15523 2159->2160 2160->2153 2175 6a155e8 2161->2175 2176 6a1598b-6a15992 2161->2176 2162->2157 2168 6a155f2-6a155f5 2162->2168 2169 6a15564 2163->2169 2170 6a15569-6a1556c 2163->2170 2164->2126 2166 6a1554e-6a15556 2164->2166 2166->2126 2172 6a15558-6a1555b 2166->2172 2173 6a15613-6a15616 2168->2173 2174 6a155f7-6a15608 2168->2174 2169->2170 2170->2113 2170->2150 2172->2163 2178 6a15618-6a1562b 2173->2178 2179 6a1562e-6a15631 2173->2179 2174->2176 2189 6a1560e 2174->2189 2175->2162 2180 6a15997-6a15999 2176->2180 2181 6a15633-6a15638 2179->2181 2182 6a1563b-6a1563e 2179->2182 2185 6a159a0-6a159a3 2180->2185 2186 6a1599b 2180->2186 2181->2182 2182->2157 2187 6a15927-6a1592a 2182->2187 2185->2140 2192 6a159a9-6a159b2 2185->2192 2186->2185 2190 6a15948-6a1594b 2187->2190 2191 6a1592c-6a1593d 2187->2191 2189->2173 2193 6a15965-6a15968 2190->2193 2194 6a1594d-6a1595e 2190->2194 2191->2161 2199 6a15943 2191->2199 2197 6a15986-6a15989 2193->2197 2198 6a1596a-6a1597b 2193->2198 2194->2176 2202 6a15960 2194->2202 2197->2176 2197->2180 2198->2178 2205 6a15981 2198->2205 2199->2190 2202->2193 2205->2197 2224 6a15899-6a158a0 2223->2224 2225 6a157eb-6a1580e 2223->2225 2224->2222 2227 6a158a2-6a158d5 2224->2227 2234 6a15816-6a1581e 2225->2234 2238 6a158d7 2227->2238 2239 6a158da-6a15907 2227->2239 2236 6a15820 2234->2236 2237 6a15823-6a15864 2234->2237 2236->2237 2247 6a15866-6a15877 2237->2247 2248 6a1587c-6a1588d 2237->2248 2238->2239 2239->2192 2247->2192 2248->2192
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $
                                  • API String ID: 0-3993045852
                                  • Opcode ID: 199d86ab26ea3d2543ccca65209d82c4820f608c244c93c8a72bbbc3033de02d
                                  • Instruction ID: 0e2d3a6842a8d2c105bd373bb0e75ca2c828caee2c72372ae63cb623c7fa8ad3
                                  • Opcode Fuzzy Hash: 199d86ab26ea3d2543ccca65209d82c4820f608c244c93c8a72bbbc3033de02d
                                  • Instruction Fuzzy Hash: 3222A1B5E002198FDF60EBA4C5906AEFBB2EFC5320F248569D455AF354DA31DC41CB91
                                  Function 02BB70B0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                  Download Yara Rule
                                  APIs
                                  • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02BB7127
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4599135742.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2bb0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: CheckDebuggerPresentRemote
                                  • String ID:
                                  • API String ID: 3662101638-0
                                  • Opcode ID: e063c07dc75d05f4d2fd74beef4c2d0cfdc7af6ffe8ea8c98e725b6102760ea4
                                  • Instruction ID: a987ac7a5828d28249dd1ce4e81b45731a9dcff329e7e8495184a7e235bdb90d
                                  • Opcode Fuzzy Hash: e063c07dc75d05f4d2fd74beef4c2d0cfdc7af6ffe8ea8c98e725b6102760ea4
                                  • Instruction Fuzzy Hash: 8C2125B2D002598FCB10CF9AD884BEEFBF4AF49314F15846AE459A3350D778A944DFA1
                                  Function 06A1C280 Relevance: .6, Instructions: 646COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a39d26eb62f688bede1699786a9fbf261c19fcecb44d9198a13d9633f0d8d466
                                  • Instruction ID: 24d8d383ca2e6efca0ef3d0cc61d9942f2e7d3c298ea0e061aaf604fc49aef93
                                  • Opcode Fuzzy Hash: a39d26eb62f688bede1699786a9fbf261c19fcecb44d9198a13d9633f0d8d466
                                  • Instruction Fuzzy Hash: 83328131B502059FDB55EB68D990BADB7B2EB88320F208565E406EF355DB38EC42CB91
                                  Function 06A1B31A Relevance: .6, Instructions: 575COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f3322a27889dae7a28f8c9e094c212187a9e139b772c4d36dacd5c25cc441eb8
                                  • Instruction ID: f94b1a0eb40226d71af65f6a2b49717d4e54841b42974f372414a38b23164fbf
                                  • Opcode Fuzzy Hash: f3322a27889dae7a28f8c9e094c212187a9e139b772c4d36dacd5c25cc441eb8
                                  • Instruction Fuzzy Hash: EB228274E1010A8FDF64EB68C5907AEB7B6EB49310F248926E459DF391DB34DC81CBA1
                                  Function 06A1B738 Relevance: 8.0, Strings: 6, Instructions: 473COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 128 6a1b738-6a1b75a 129 6a1b75c-6a1b75f 128->129 130 6a1b761-6a1b76a 129->130 131 6a1b775-6a1b778 129->131 132 6a1b770 130->132 133 6a1ba06-6a1ba0f 130->133 134 6a1b788-6a1b78b 131->134 135 6a1b77a-6a1b783 131->135 132->131 138 6a1bae3-6a1bb1e 133->138 139 6a1ba15-6a1ba1c 133->139 136 6a1b795-6a1b798 134->136 137 6a1b78d-6a1b792 134->137 135->134 140 6a1ba7f-6a1ba80 136->140 141 6a1b79e-6a1b7a1 136->141 137->136 151 6a1bb20-6a1bb23 138->151 142 6a1ba21-6a1ba24 139->142 146 6a1ba85-6a1ba88 140->146 143 6a1b7a3-6a1b800 call 6a16688 141->143 144 6a1b805-6a1b808 141->144 147 6a1ba47-6a1ba4a 142->147 148 6a1ba26-6a1ba42 142->148 143->144 149 6a1b80a-6a1b80e 144->149 150 6a1b81f-6a1b822 144->150 152 6a1ba98-6a1ba9b 146->152 153 6a1ba8a-6a1ba93 146->153 147->130 154 6a1ba50-6a1ba53 147->154 148->147 149->138 157 6a1b814-6a1b81a 149->157 159 6a1b824-6a1b828 150->159 160 6a1b839-6a1b83c 150->160 161 6a1bb25-6a1bb41 151->161 162 6a1bb46-6a1bb49 151->162 163 6a1baa1-6a1baa4 152->163 164 6a1b96f-6a1b972 152->164 153->152 155 6a1ba55-6a1ba59 154->155 156 6a1ba7a-6a1ba7d 154->156 155->138 166 6a1ba5f-6a1ba6f 155->166 156->140 156->146 157->150 159->138 170 6a1b82e-6a1b834 159->170 171 6a1b87b-6a1b87e 160->171 172 6a1b83e-6a1b853 160->172 161->162 175 6a1bdb5-6a1bdb7 162->175 176 6a1bb4f-6a1bb77 162->176 173 6a1bac6-6a1bac8 163->173 174 6a1baa6-6a1bac1 163->174 167 6a1b8c7-6a1b8ca 164->167 168 6a1b978 164->168 200 6a1ba75 166->200 201 6a1b98f-6a1b993 166->201 167->138 184 6a1b8d0-6a1b8d7 167->184 182 6a1b97d-6a1b980 168->182 170->160 171->140 181 6a1b884-6a1b887 171->181 172->138 199 6a1b859-6a1b876 172->199 177 6a1baca 173->177 178 6a1bacf-6a1bad2 173->178 174->173 185 6a1bdb9 175->185 186 6a1bdbe-6a1bdc1 175->186 238 6a1bb81-6a1bbc5 176->238 239 6a1bb79-6a1bb7c 176->239 177->178 178->129 187 6a1bad8-6a1bae2 178->187 190 6a1b899-6a1b89c 181->190 191 6a1b889 181->191 193 6a1b982-6a1b985 182->193 194 6a1b98a-6a1b98d 182->194 196 6a1b8dc-6a1b8df 184->196 185->186 186->151 197 6a1bdc7-6a1bdd0 186->197 203 6a1b8ac-6a1b8af 190->203 204 6a1b89e-6a1b8a7 190->204 212 6a1b891-6a1b894 191->212 193->194 194->201 202 6a1b9b4-6a1b9b7 194->202 206 6a1b8e1-6a1b8e8 196->206 207 6a1b8f3-6a1b8f6 196->207 199->171 200->156 201->138 213 6a1b999-6a1b9a9 201->213 216 6a1b9c1-6a1b9c4 202->216 217 6a1b9b9-6a1b9bc 202->217 214 6a1b8b1-6a1b8bd 203->214 215 6a1b8c2-6a1b8c5 203->215 204->203 206->153 208 6a1b8ee 206->208 209 6a1b934-6a1b937 207->209 210 6a1b8f8-6a1b90d 207->210 208->207 219 6a1b947-6a1b94a 209->219 220 6a1b939-6a1b942 209->220 210->138 235 6a1b913-6a1b92f 210->235 212->190 213->140 240 6a1b9af 213->240 214->215 215->167 215->196 223 6a1b9c6-6a1b9ca 216->223 224 6a1b9db-6a1b9de 216->224 217->216 228 6a1b951-6a1b954 219->228 229 6a1b94c-6a1b94e 219->229 220->219 223->138 233 6a1b9d0-6a1b9d6 223->233 225 6a1ba01-6a1ba04 224->225 226 6a1b9e0-6a1b9e4 224->226 225->133 225->142 226->138 234 6a1b9ea-6a1b9fa 226->234 236 6a1b961-6a1b964 228->236 237 6a1b956-6a1b95c 228->237 229->228 233->224 234->155 247 6a1b9fc 234->247 235->209 236->140 242 6a1b96a-6a1b96d 236->242 237->236 251 6a1bbcb-6a1bbd4 238->251 252 6a1bdaa-6a1bdb4 238->252 239->197 240->202 242->164 242->182 247->225 253 6a1bda0-6a1bda5 251->253 254 6a1bbda-6a1bc46 call 6a16688 251->254 253->252 262 6a1bd40-6a1bd55 254->262 263 6a1bc4c-6a1bc51 254->263 262->253 264 6a1bc53-6a1bc59 263->264 265 6a1bc6d 263->265 267 6a1bc5b-6a1bc5d 264->267 268 6a1bc5f-6a1bc61 264->268 269 6a1bc6f-6a1bc75 265->269 270 6a1bc6b 267->270 268->270 271 6a1bc77-6a1bc7d 269->271 272 6a1bc8a-6a1bc97 269->272 270->269 273 6a1bc83 271->273 274 6a1bd2b-6a1bd3a 271->274 279 6a1bc99-6a1bc9f 272->279 280 6a1bcaf-6a1bcbc 272->280 273->272 275 6a1bcf2-6a1bcff 273->275 276 6a1bcbe-6a1bccb 273->276 274->262 274->263 287 6a1bd01-6a1bd07 275->287 288 6a1bd17-6a1bd24 275->288 285 6a1bce3-6a1bcf0 276->285 286 6a1bccd-6a1bcd3 276->286 282 6a1bca1 279->282 283 6a1bca3-6a1bca5 279->283 280->274 282->280 283->280 285->274 290 6a1bcd5 286->290 291 6a1bcd7-6a1bcd9 286->291 292 6a1bd09 287->292 293 6a1bd0b-6a1bd0d 287->293 288->274 290->285 291->285 292->288 293->288
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq$$cq$$cq$$cq$$cq
                                  • API String ID: 0-2877684506
                                  • Opcode ID: f493a382b8c8e056643bc09fd8fce6f4a2907a1b0c90f7007a7a8a27ca63b787
                                  • Instruction ID: 26d4d45bd5ec6a99fda6949c8843f8ae096ff048ee6d3dfdc7f9d94be666bc97
                                  • Opcode Fuzzy Hash: f493a382b8c8e056643bc09fd8fce6f4a2907a1b0c90f7007a7a8a27ca63b787
                                  • Instruction Fuzzy Hash: 4F026D70E1020A8FDBA4EB68D5807ADB7F2EB85310F24896AD415DF355DB35EC41CBA1
                                  Function 06A19240 Relevance: 5.2, Strings: 4, Instructions: 230COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 296 6a19240-6a19265 297 6a19267-6a1926a 296->297 298 6a19270-6a19285 297->298 299 6a19b28-6a19b2b 297->299 307 6a19287-6a1928d 298->307 308 6a1929d-6a192b3 298->308 300 6a19b51-6a19b53 299->300 301 6a19b2d-6a19b4c 299->301 302 6a19b55 300->302 303 6a19b5a-6a19b5d 300->303 301->300 302->303 303->297 306 6a19b63-6a19b6d 303->306 309 6a19291-6a19293 307->309 310 6a1928f 307->310 313 6a192be-6a192c0 308->313 309->308 310->308 314 6a192c2-6a192c8 313->314 315 6a192d8-6a19349 313->315 316 6a192ca 314->316 317 6a192cc-6a192ce 314->317 326 6a19375-6a19391 315->326 327 6a1934b-6a1936e 315->327 316->315 317->315 332 6a19393-6a193b6 326->332 333 6a193bd-6a193d8 326->333 327->326 332->333 338 6a19403-6a1941e 333->338 339 6a193da-6a193fc 333->339 344 6a19420-6a1943c 338->344 345 6a19443-6a19451 338->345 339->338 344->345 346 6a19461-6a194db 345->346 347 6a19453-6a1945c 345->347 353 6a19528-6a1953d 346->353 354 6a194dd-6a194fb 346->354 347->306 353->299 358 6a19517-6a19526 354->358 359 6a194fd-6a1950c 354->359 358->353 358->354 359->358
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq$$cq$$cq
                                  • API String ID: 0-2876200767
                                  • Opcode ID: e279ef8d7d9a4fbee5c56d78448501914e4ab9d64352d4c5434f7d084c148dc6
                                  • Instruction ID: ecc2fb71cd6c7f3acd1a0289d77fc07f7c5ef9825207f7d49eed4b81e72a7a69
                                  • Opcode Fuzzy Hash: e279ef8d7d9a4fbee5c56d78448501914e4ab9d64352d4c5434f7d084c148dc6
                                  • Instruction Fuzzy Hash: 91915D71F1061A8FDB55EB68D9607AFB7F6AF85300F108569D809EF384EA309C46CB91
                                  Function 06A1D048 Relevance: 4.6, Strings: 3, Instructions: 801COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 362 6a1d048-6a1d063 363 6a1d065-6a1d068 362->363 364 6a1d08b-6a1d08e 363->364 365 6a1d06a-6a1d086 363->365 366 6a1d534-6a1d540 364->366 367 6a1d094-6a1d097 364->367 365->364 369 6a1d131-6a1d140 366->369 370 6a1d546-6a1d833 366->370 371 6a1d0e0-6a1d0e3 367->371 372 6a1d099-6a1d0a8 367->372 373 6a1d142-6a1d147 369->373 374 6a1d14f-6a1d15b 369->374 575 6a1d839-6a1d83f 370->575 576 6a1da5a-6a1da64 370->576 375 6a1d0e5-6a1d127 371->375 376 6a1d12c-6a1d12f 371->376 377 6a1d0b7-6a1d0c3 372->377 378 6a1d0aa-6a1d0af 372->378 373->374 380 6a1da65-6a1da9e 374->380 382 6a1d161-6a1d173 374->382 375->376 376->369 379 6a1d178-6a1d17b 376->379 377->380 381 6a1d0c9-6a1d0db 377->381 378->377 386 6a1d1c4-6a1d1c7 379->386 387 6a1d17d-6a1d1bf 379->387 398 6a1daa0-6a1daa3 380->398 381->371 382->379 389 6a1d210-6a1d213 386->389 390 6a1d1c9-6a1d20b 386->390 387->386 394 6a1d215-6a1d257 389->394 395 6a1d25c-6a1d25f 389->395 390->389 394->395 400 6a1d261-6a1d263 395->400 401 6a1d26e-6a1d271 395->401 402 6a1daa5-6a1dac1 398->402 403 6a1dac6-6a1dac9 398->403 412 6a1d269 400->412 413 6a1d3ef-6a1d3f8 400->413 405 6a1d273-6a1d289 401->405 406 6a1d28e-6a1d291 401->406 402->403 408 6a1dad8-6a1dadb 403->408 409 6a1dacb call 6a1dbbd 403->409 405->406 416 6a1d2a0-6a1d2a3 406->416 417 6a1d293-6a1d295 406->417 418 6a1dadd-6a1db09 408->418 419 6a1db0e-6a1db10 408->419 433 6a1dad1-6a1dad3 409->433 412->401 421 6a1d407-6a1d413 413->421 422 6a1d3fa-6a1d3ff 413->422 429 6a1d2a5-6a1d2e7 416->429 430 6a1d2ec-6a1d2ef 416->430 427 6a1d531 417->427 428 6a1d29b 417->428 418->419 434 6a1db12 419->434 435 6a1db17-6a1db1a 419->435 424 6a1d524-6a1d529 421->424 425 6a1d419-6a1d42d 421->425 422->421 424->427 425->427 453 6a1d433-6a1d445 425->453 427->366 428->416 429->430 439 6a1d2f1-6a1d333 430->439 440 6a1d338-6a1d33b 430->440 433->408 434->435 435->398 441 6a1db1c-6a1db2b 435->441 439->440 443 6a1d345-6a1d348 440->443 444 6a1d33d-6a1d342 440->444 458 6a1db92-6a1dba7 441->458 459 6a1db2d-6a1db90 call 6a16688 441->459 451 6a1d391-6a1d394 443->451 452 6a1d34a-6a1d38c 443->452 444->443 462 6a1d396-6a1d3d8 451->462 463 6a1d3dd-6a1d3df 451->463 452->451 474 6a1d447-6a1d44d 453->474 475 6a1d469-6a1d46b 453->475 484 6a1dba8 458->484 459->458 462->463 471 6a1d3e1 463->471 472 6a1d3e6-6a1d3e9 463->472 471->472 472->363 472->413 481 6a1d451-6a1d45d 474->481 482 6a1d44f 474->482 483 6a1d475-6a1d481 475->483 488 6a1d45f-6a1d467 481->488 482->488 498 6a1d483-6a1d48d 483->498 499 6a1d48f 483->499 484->484 488->483 504 6a1d494-6a1d496 498->504 499->504 504->427 507 6a1d49c-6a1d4b8 call 6a16688 504->507 519 6a1d4c7-6a1d4d3 507->519 520 6a1d4ba-6a1d4bf 507->520 519->424 522 6a1d4d5-6a1d522 519->522 520->519 522->427 577 6a1d841-6a1d846 575->577 578 6a1d84e-6a1d857 575->578 577->578 578->380 579 6a1d85d-6a1d870 578->579 581 6a1d876-6a1d87c 579->581 582 6a1da4a-6a1da54 579->582 583 6a1d88b-6a1d894 581->583 584 6a1d87e-6a1d883 581->584 582->575 582->576 583->380 585 6a1d89a-6a1d8bb 583->585 584->583 588 6a1d8ca-6a1d8d3 585->588 589 6a1d8bd-6a1d8c2 585->589 588->380 590 6a1d8d9-6a1d8f6 588->590 589->588 590->582 593 6a1d8fc-6a1d902 590->593 593->380 594 6a1d908-6a1d921 593->594 596 6a1d927-6a1d94e 594->596 597 6a1da3d-6a1da44 594->597 596->380 600 6a1d954-6a1d95e 596->600 597->582 597->593 600->380 601 6a1d964-6a1d97b 600->601 603 6a1d98a-6a1d9a5 601->603 604 6a1d97d-6a1d988 601->604 603->597 609 6a1d9ab-6a1d9c4 call 6a16688 603->609 604->603 613 6a1d9d3-6a1d9dc 609->613 614 6a1d9c6-6a1d9cb 609->614 613->380 615 6a1d9e2-6a1da36 613->615 614->613 615->597
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq$$cq
                                  • API String ID: 0-2085107096
                                  • Opcode ID: af2ca425399e04ee7cb877620e88a26ad41b932436d9dc8c62dfc778553e9bd2
                                  • Instruction ID: 7c87a49bcd85a41e975c5fa69c512dcacc33fa40fc128c9071c6cef2124eacdb
                                  • Opcode Fuzzy Hash: af2ca425399e04ee7cb877620e88a26ad41b932436d9dc8c62dfc778553e9bd2
                                  • Instruction Fuzzy Hash: D6622C31A102068FCB55EF68D990A5EB7B3FF84304B608A68E4469F359DB75FD46CB80
                                  Function 06A14840 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 623 6a14840-6a14864 624 6a14866-6a14869 623->624 625 6a1486b-6a14885 624->625 626 6a1488a-6a1488d 624->626 625->626 627 6a14893-6a1498b 626->627 628 6a14f6c-6a14f6e 626->628 646 6a14991-6a149de call 6a150e9 627->646 647 6a14a0e-6a14a15 627->647 629 6a14f70 628->629 630 6a14f75-6a14f78 628->630 629->630 630->624 632 6a14f7e-6a14f8b 630->632 660 6a149e4-6a14a00 646->660 648 6a14a99-6a14aa2 647->648 649 6a14a1b-6a14a8b 647->649 648->632 666 6a14a96 649->666 667 6a14a8d 649->667 663 6a14a02 660->663 664 6a14a0b-6a14a0c 660->664 663->664 664->647 666->648 667->666
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: fhq$XPhq$\Ohq
                                  • API String ID: 0-1165799323
                                  • Opcode ID: 4a878bbe289be53eeb6286e41f91428cdfeb52c7a608ab1d73f7668f159ca071
                                  • Instruction ID: b4113d3c0d21f4417b6441faf83d54a9887ece6c50b573f795833e5d8050ed91
                                  • Opcode Fuzzy Hash: 4a878bbe289be53eeb6286e41f91428cdfeb52c7a608ab1d73f7668f159ca071
                                  • Instruction Fuzzy Hash: CD615170F002199FDB54AFA9C8147AEBAF6FF88700F20842AD106AB395DB758C058F95
                                  Function 06A19230 Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1048 6a19230-6a19265 1050 6a19267-6a1926a 1048->1050 1051 6a19270-6a19285 1050->1051 1052 6a19b28-6a19b2b 1050->1052 1060 6a19287-6a1928d 1051->1060 1061 6a1929d-6a192b3 1051->1061 1053 6a19b51-6a19b53 1052->1053 1054 6a19b2d-6a19b4c 1052->1054 1055 6a19b55 1053->1055 1056 6a19b5a-6a19b5d 1053->1056 1054->1053 1055->1056 1056->1050 1059 6a19b63-6a19b6d 1056->1059 1062 6a19291-6a19293 1060->1062 1063 6a1928f 1060->1063 1066 6a192be-6a192c0 1061->1066 1062->1061 1063->1061 1067 6a192c2-6a192c8 1066->1067 1068 6a192d8-6a19349 1066->1068 1069 6a192ca 1067->1069 1070 6a192cc-6a192ce 1067->1070 1079 6a19375-6a19391 1068->1079 1080 6a1934b-6a1936e 1068->1080 1069->1068 1070->1068 1085 6a19393-6a193b6 1079->1085 1086 6a193bd-6a193d8 1079->1086 1080->1079 1085->1086 1091 6a19403-6a1941e 1086->1091 1092 6a193da-6a193fc 1086->1092 1097 6a19420-6a1943c 1091->1097 1098 6a19443-6a19451 1091->1098 1092->1091 1097->1098 1099 6a19461-6a194db 1098->1099 1100 6a19453-6a1945c 1098->1100 1106 6a19528-6a1953d 1099->1106 1107 6a194dd-6a194fb 1099->1107 1100->1059 1106->1052 1111 6a19517-6a19526 1107->1111 1112 6a194fd-6a1950c 1107->1112 1111->1106 1111->1107 1112->1111
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq
                                  • API String ID: 0-2695052418
                                  • Opcode ID: 1e900143dea0123559c600ff73949cbee3150491cedbaa545ccea186aa3c1d26
                                  • Instruction ID: 2aa2c27da2d638eb8d031459f34ad8caf2a80da7ff8271e49182cb3f07870d5c
                                  • Opcode Fuzzy Hash: 1e900143dea0123559c600ff73949cbee3150491cedbaa545ccea186aa3c1d26
                                  • Instruction Fuzzy Hash: 0D516131F105069FDB55EB78D960BAF77F6AF88600F148569D80ADF388EA309C02CB91
                                  Function 06A14830 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1115 6a14830-6a14864 1117 6a14866-6a14869 1115->1117 1118 6a1486b-6a14885 1117->1118 1119 6a1488a-6a1488d 1117->1119 1118->1119 1120 6a14893-6a1498b 1119->1120 1121 6a14f6c-6a14f6e 1119->1121 1139 6a14991-6a149de call 6a150e9 1120->1139 1140 6a14a0e-6a14a15 1120->1140 1122 6a14f70 1121->1122 1123 6a14f75-6a14f78 1121->1123 1122->1123 1123->1117 1125 6a14f7e-6a14f8b 1123->1125 1153 6a149e4-6a14a00 1139->1153 1141 6a14a99-6a14aa2 1140->1141 1142 6a14a1b-6a14a8b 1140->1142 1141->1125 1159 6a14a96 1142->1159 1160 6a14a8d 1142->1160 1156 6a14a02 1153->1156 1157 6a14a0b-6a14a0c 1153->1157 1156->1157 1157->1140 1159->1141 1160->1159
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: fhq$XPhq
                                  • API String ID: 0-3594109931
                                  • Opcode ID: 35c421e48382af517c0564ecef625d18b4631549418de6d7961414dee037e4f1
                                  • Instruction ID: 571d36613ef08a810b3d3c0f806878d711c258e1efcb349148f2be5a3dab7c57
                                  • Opcode Fuzzy Hash: 35c421e48382af517c0564ecef625d18b4631549418de6d7961414dee037e4f1
                                  • Instruction Fuzzy Hash: 54516F70F002199FDB55AFA9C814BAEBAF7EF88700F208529D106AF395DE709C058F91
                                  Function 069BC1F0 Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2251 69bc1f0-69bc1ff 2252 69bc22b-69bc22f 2251->2252 2253 69bc201-69bc20e call 69bb584 2251->2253 2255 69bc243-69bc284 2252->2255 2256 69bc231-69bc23b 2252->2256 2258 69bc210-69bc21e call 69bc479 2253->2258 2259 69bc224 2253->2259 2262 69bc291-69bc29f 2255->2262 2263 69bc286-69bc28e 2255->2263 2256->2255 2258->2259 2269 69bc360-69bc420 2258->2269 2259->2252 2264 69bc2c3-69bc2c5 2262->2264 2265 69bc2a1-69bc2a6 2262->2265 2263->2262 2270 69bc2c8-69bc2cf 2264->2270 2267 69bc2a8-69bc2af call 69bb590 2265->2267 2268 69bc2b1 2265->2268 2272 69bc2b3-69bc2c1 2267->2272 2268->2272 2302 69bc428-69bc453 GetModuleHandleW 2269->2302 2303 69bc422-69bc425 2269->2303 2273 69bc2dc-69bc2e3 2270->2273 2274 69bc2d1-69bc2d9 2270->2274 2272->2270 2276 69bc2f0-69bc2f9 call 69b4804 2273->2276 2277 69bc2e5-69bc2ed 2273->2277 2274->2273 2282 69bc2fb-69bc303 2276->2282 2283 69bc306-69bc30b 2276->2283 2277->2276 2282->2283 2284 69bc329-69bc336 2283->2284 2285 69bc30d-69bc314 2283->2285 2292 69bc359-69bc35f 2284->2292 2293 69bc338-69bc356 2284->2293 2285->2284 2287 69bc316-69bc326 call 69b9814 call 69bb5a0 2285->2287 2287->2284 2293->2292 2304 69bc45c-69bc470 2302->2304 2305 69bc455-69bc45b 2302->2305 2303->2302 2305->2304
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 452bac6f5835fb19cb598c3ed0d0ea925b730fadf5111e3fe0c19c046440ee11
                                  • Instruction ID: aea3011b6a0081741a5f6a45d63fa7c750c2c6d895c146c88a8dcd2ad40c6b10
                                  • Opcode Fuzzy Hash: 452bac6f5835fb19cb598c3ed0d0ea925b730fadf5111e3fe0c19c046440ee11
                                  • Instruction Fuzzy Hash: 76716470A00B05CFDBA4DF6AD54479ABBF6FF88300F109929D48AD7A40DB74E846CB91
                                  Function 069BE370 Relevance: 1.7, APIs: 1, Instructions: 161COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2308 69be370-69be378 2309 69be37a-69be384 2308->2309 2310 69be3be-69be436 2308->2310 2309->2310 2311 69be386-69be3b0 call 69bb73c 2309->2311 2317 69be438-69be43e 2310->2317 2318 69be441-69be448 2310->2318 2315 69be3b5-69be3b6 2311->2315 2317->2318 2319 69be44a-69be450 2318->2319 2320 69be453-69be4f2 CreateWindowExW 2318->2320 2319->2320 2322 69be4fb-69be533 2320->2322 2323 69be4f4-69be4fa 2320->2323 2327 69be540 2322->2327 2328 69be535-69be538 2322->2328 2323->2322 2329 69be541 2327->2329 2328->2327 2329->2329
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 069BE4E2
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: CreateWindow
                                  • String ID:
                                  • API String ID: 716092398-0
                                  • Opcode ID: dbdb01f6eea2eca75fdaf6229cee9f4bbbc8b36d68a86791f199f996ffec4249
                                  • Instruction ID: 14534c5484c516c78420834794621bed45103729ff1682ed7499ebc45359f32d
                                  • Opcode Fuzzy Hash: dbdb01f6eea2eca75fdaf6229cee9f4bbbc8b36d68a86791f199f996ffec4249
                                  • Instruction Fuzzy Hash: B86114B1C04349AFCF11CF99C980ADEBFBABF49350F24815AE918AB221D7719845CF91
                                  Function 02BBF161 Relevance: 1.6, APIs: 1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4599135742.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2bb0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5a94aee1e36144dd81013628ecb0fa88482bb8d23420a8476b47a35a8f93a241
                                  • Instruction ID: 8f6749270c776e9a26a1fae483a980e67f4820987017999dc1f234192d9f452a
                                  • Opcode Fuzzy Hash: 5a94aee1e36144dd81013628ecb0fa88482bb8d23420a8476b47a35a8f93a241
                                  • Instruction Fuzzy Hash: C3412472E0434A8FCB04DF69D8046EEBBF5AF89310F1585AAE404E7741DB749841CBE1
                                  Function 069BE3D0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 069BE4E2
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: CreateWindow
                                  • String ID:
                                  • API String ID: 716092398-0
                                  • Opcode ID: da11b3f6ff26466c85dfa6e93c9ae98c995bc483941be53cf06ba52cbe634a0d
                                  • Instruction ID: 6549599aaab3262c984f9828f5677ef9695f2a7a0a3f70c9637140c5c375b35a
                                  • Opcode Fuzzy Hash: da11b3f6ff26466c85dfa6e93c9ae98c995bc483941be53cf06ba52cbe634a0d
                                  • Instruction Fuzzy Hash: 9A41CFB1D003099FDF14CF99C984ADEBBF6BF48310F24852AE819AB210D7B4A845CF90
                                  Function 02BB70A9 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                  Download Yara Rule
                                  APIs
                                  • CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 02BB7127
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4599135742.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2bb0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: CheckDebuggerPresentRemote
                                  • String ID:
                                  • API String ID: 3662101638-0
                                  • Opcode ID: 8947beb6db962fc7197b9294ab9a2c33d00723471e5cd20f581516d376bfe485
                                  • Instruction ID: f92d2374ffacb1e75f52d1cbad8533c7a759f8b621fda3dbcf8156d8c5eec666
                                  • Opcode Fuzzy Hash: 8947beb6db962fc7197b9294ab9a2c33d00723471e5cd20f581516d376bfe485
                                  • Instruction Fuzzy Hash: 7C2155B2C002598FCB00CF9AD985BEEFBF4AF49310F14846AE459A3250C778A944CFA1
                                  Function 069B3EE0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 069B3F6F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 70642bcb00066b479dc273c38a210a1ad80bc9c555b6f364e1985fdb7d3eaec7
                                  • Instruction ID: 2fe6e6fdbb9ebac1dfbb7486a39890ae5c9c71a200b5ac23a82c148fdb66cd4e
                                  • Opcode Fuzzy Hash: 70642bcb00066b479dc273c38a210a1ad80bc9c555b6f364e1985fdb7d3eaec7
                                  • Instruction Fuzzy Hash: 5E21E5B5D002099FDB10CF99D985ADEBFF9FB48314F14805AE918A3310D378A954DFA1
                                  Function 069B00E0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 069B0163
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: HookWindows
                                  • String ID:
                                  • API String ID: 2559412058-0
                                  • Opcode ID: 754688de59eaaae927fda584f4e0c194c298119f8fa99840feff522a9e2ecd7e
                                  • Instruction ID: ba6e66c552867fff0985220601600a2bffec5e0bc734180e92b6021ed762063d
                                  • Opcode Fuzzy Hash: 754688de59eaaae927fda584f4e0c194c298119f8fa99840feff522a9e2ecd7e
                                  • Instruction Fuzzy Hash: 9C2134B5D002099FCB14CFAAC948BDFFBF9EB88314F14842AE419A7250C774A945CFA1
                                  Function 069B3EE8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                  Download Yara Rule
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 069B3F6F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 5285897d3c56d234b07ec4cbd9512ed10abf7c414f656452af8b747875cf0489
                                  • Instruction ID: 8741210aae43b149be7b0234826900d3bd40ccb0d1ce8fc4b5261349a879c1ec
                                  • Opcode Fuzzy Hash: 5285897d3c56d234b07ec4cbd9512ed10abf7c414f656452af8b747875cf0489
                                  • Instruction Fuzzy Hash: E421E2B5D002099FDB10CFAAD984ADEBFF8FB48310F14801AE918A3310D378A944CFA1
                                  Function 069BC640 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 069BC6B2
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 76f2a513d6fbf004741096f149f763d010d61cd4b46bd2435ce811149d80e3ff
                                  • Instruction ID: 8f66f4418c9b7128cf4c69415c72479958d6cf26bbda467af4c421c27ec95098
                                  • Opcode Fuzzy Hash: 76f2a513d6fbf004741096f149f763d010d61cd4b46bd2435ce811149d80e3ff
                                  • Instruction Fuzzy Hash: FD1103B6C00349DFDB10CF9AD944ADEFBF9AB88310F10942AD519A7700C375A545CFA5
                                  Function 069B00E8 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 069B0163
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: HookWindows
                                  • String ID:
                                  • API String ID: 2559412058-0
                                  • Opcode ID: 964def845b23412a65d3de67d8a53cf530a5c29c20789339a59d7f5ec452a670
                                  • Instruction ID: 341f36186d55f824c7ea18707ad56fda3e29e8cdf4afe2d800560cea299e61b6
                                  • Opcode Fuzzy Hash: 964def845b23412a65d3de67d8a53cf530a5c29c20789339a59d7f5ec452a670
                                  • Instruction Fuzzy Hash: 752113B1D002099FCB14CF9AC944BEEFBF5AB88314F14842AD419A7250C774A944CFA1
                                  Function 02BBF248 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                  Download Yara Rule
                                  APIs
                                  • GlobalMemoryStatusEx.KERNELBASE ref: 02BBF2AF
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4599135742.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2bb0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: GlobalMemoryStatus
                                  • String ID:
                                  • API String ID: 1890195054-0
                                  • Opcode ID: 973f620b06400591c6168715c7deaf2393a93391c3c75e31c8a88c884ab1ab4d
                                  • Instruction ID: be59ab70eb502a7eda989270ca80c026f727ce7ebe8bfc3ebddf07e6a018bd86
                                  • Opcode Fuzzy Hash: 973f620b06400591c6168715c7deaf2393a93391c3c75e31c8a88c884ab1ab4d
                                  • Instruction Fuzzy Hash: 6E11E7B1C006599BCB10DF9AC5457EEFBF4AF48314F15816AE818A7740D378A944CFE5
                                  Function 069BC648 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 069BC6B2
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: d0abd55d8da8ce3b3be779ff1a4bfd71e4483a02fac02776694034460f5a96cb
                                  • Instruction ID: 028cd1a1f1a79dc3f7d4a3168ad0e2551f76f8c46d19b475e40733b8019d2efb
                                  • Opcode Fuzzy Hash: d0abd55d8da8ce3b3be779ff1a4bfd71e4483a02fac02776694034460f5a96cb
                                  • Instruction Fuzzy Hash: 6F11E2B6D00349DFDB10CF9AD948AEEFBF8AB88310F10842AD419A7700C375A545CFA5
                                  Function 069BB584 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,069BC20C), ref: 069BC446
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4602953528.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_69b0000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: HandleModule
                                  • String ID:
                                  • API String ID: 4139908857-0
                                  • Opcode ID: 687f0741f6cd589ce75db3dc19fddd3ba2ec1f1c05adca05e2049199875cdcd7
                                  • Instruction ID: 742a1cd0ea41376c9b6d7b74c30df398de999e31b636424531a0021641cb4008
                                  • Opcode Fuzzy Hash: 687f0741f6cd589ce75db3dc19fddd3ba2ec1f1c05adca05e2049199875cdcd7
                                  • Instruction Fuzzy Hash: 6B11F0B6C00249CFCB10DF9AD544AEEFBF9EB88214F10846AD859A7610D375A945CFA1
                                  Function 07052360 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                  Download Yara Rule
                                  APIs
                                  • OleInitialize.OLE32(00000000), ref: 0705320D
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603512837.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7050000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: Initialize
                                  • String ID:
                                  • API String ID: 2538663250-0
                                  • Opcode ID: a54efec6f504c511a550e8e08d90fd79dc38c08ccb6e0b196404fa4d251af77d
                                  • Instruction ID: 7d8490c0359aebc7dd0796c5041379a281cb1ff96a3985f9e94d6edb3daf48c8
                                  • Opcode Fuzzy Hash: a54efec6f504c511a550e8e08d90fd79dc38c08ccb6e0b196404fa4d251af77d
                                  • Instruction Fuzzy Hash: 0B1103B5D047499FCB20DF9AD449B9EFBF4EB48314F108459D919A7300D374A944CFA5
                                  Function 070531B0 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                  Download Yara Rule
                                  APIs
                                  • OleInitialize.OLE32(00000000), ref: 0705320D
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603512837.0000000007050000.00000040.00000800.00020000.00000000.sdmp, Offset: 07050000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_7050000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID: Initialize
                                  • String ID:
                                  • API String ID: 2538663250-0
                                  • Opcode ID: c6336a693b3b5cd20c6219c578a80da28147beea47cc06ad568703e2fed4627b
                                  • Instruction ID: db2d1d2fac0cfec4d5f995734fb9e2a66f8a02f0b0edd535d2f60ce18253bc15
                                  • Opcode Fuzzy Hash: c6336a693b3b5cd20c6219c578a80da28147beea47cc06ad568703e2fed4627b
                                  • Instruction Fuzzy Hash: E81112B5D002498FCB10DF9AD489BCEFBF4EB48324F20845AE529A7300C378A944CFA1
                                  Function 06A1DBBD Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHcq
                                  • API String ID: 0-4245845256
                                  • Opcode ID: 52c2917fb67f3bd5036a25b3c3c6e32fead5abdaa64b94769f392fe8f2f39dd4
                                  • Instruction ID: 1a4bdd043479007c0a6341d4e5caf3861ecdd3905d65a5edf7926335d82bfa9a
                                  • Opcode Fuzzy Hash: 52c2917fb67f3bd5036a25b3c3c6e32fead5abdaa64b94769f392fe8f2f39dd4
                                  • Instruction Fuzzy Hash: 3F417E70E0020A9FDB54EFB5C95469EBBB2FF85300F204929E506EF284DB74E946CB91
                                  Function 06A121D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PHcq
                                  • API String ID: 0-4245845256
                                  • Opcode ID: d07a507d919c4877f547f68e045d4b2a403efb4385ba1a34aea1828745a216cf
                                  • Instruction ID: a110b5a8785ee32ff7adec66d29782b2ca83c48200171cd4b21c770774d2d10b
                                  • Opcode Fuzzy Hash: d07a507d919c4877f547f68e045d4b2a403efb4385ba1a34aea1828745a216cf
                                  • Instruction Fuzzy Hash: 3931FE31B002068FDB59ABB4C51476F7BA7AF88300B644868D40ADF385DE39DE86CB91
                                  Function 06A14729 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: \Ohq
                                  • API String ID: 0-1367279102
                                  • Opcode ID: e81c3a15bedafdf48650f4781524cd23cd1fd24e53f61055ee0b54a7084a63b7
                                  • Instruction ID: 358ff8ced1bd35de870c00836ee1e9abd2782016ae25cf4249937ad49f595eec
                                  • Opcode Fuzzy Hash: e81c3a15bedafdf48650f4781524cd23cd1fd24e53f61055ee0b54a7084a63b7
                                  • Instruction Fuzzy Hash: BEF0B730A50129DFDB54AF94E859BADBBB2FF88711F20052AE402AB294CB745C41CBC0
                                  Function 06A12BB2 Relevance: .5, Instructions: 462COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8d14228cbc06b6f5f72ae9c1dd5f580c0c5de9067037ef6168a94b9e3976ae3a
                                  • Instruction ID: 3d2e93690c218b2c5cbb6fd4b1f042a82687f81a7657e62074ee555baec46190
                                  • Opcode Fuzzy Hash: 8d14228cbc06b6f5f72ae9c1dd5f580c0c5de9067037ef6168a94b9e3976ae3a
                                  • Instruction Fuzzy Hash: 13125434A002048FCB64EF68C584A99BBF2EF85314F55C4A9D44AAF365DB35ED85CF90
                                  Function 06A16E00 Relevance: .3, Instructions: 257COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7db4ff41a199d00520fdfd9188aaa8d1ed7fc34f5de48d0cc0d2f8e56bf0691e
                                  • Instruction ID: d6d6de4e8d7fbfe7026738a1df5404d897fe9d8ffc14d98756127a73fd42f090
                                  • Opcode Fuzzy Hash: 7db4ff41a199d00520fdfd9188aaa8d1ed7fc34f5de48d0cc0d2f8e56bf0691e
                                  • Instruction Fuzzy Hash: 27A18931A002158FCB64EB68D554AADB7F3EF84314F659468E81AAF3A0DB35EC41CF90
                                  Function 06A15ED0 Relevance: .2, Instructions: 229COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b62025f4abb3cdf201e4bd77951b2ffeaace24ded422ee0e0b84872ece711534
                                  • Instruction ID: d81494871fdc82c011ff9e44b6f34a32d69a2ea5f4af879703db87727824d064
                                  • Opcode Fuzzy Hash: b62025f4abb3cdf201e4bd77951b2ffeaace24ded422ee0e0b84872ece711534
                                  • Instruction Fuzzy Hash: 7B61A3B1F101124FCB55AB6EC84466FAAE7AFC4220B254439E80EDF364EE75DD0287D1
                                  Function 06A14294 Relevance: .2, Instructions: 225COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a8eba932da709edf578660dd935098f0bd66145792be02f297cc8f0909fd962e
                                  • Instruction ID: 6cf9b9c8cdcecfe594076612ea165d76c9c14342377988d3f827c70690548825
                                  • Opcode Fuzzy Hash: a8eba932da709edf578660dd935098f0bd66145792be02f297cc8f0909fd962e
                                  • Instruction Fuzzy Hash: 70915E74E006198BDF60DF68C880B9DB7B2FF89310F208599E449AB295DB70AD85CF91
                                  Function 06A13F79 Relevance: .2, Instructions: 222COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4bb7aa5913581b0d8afcb32475a969696d2f2dc23eff6639114cc782cd6bfeb4
                                  • Instruction ID: b4933c127391c548649248fda6b120f356bbc1dd2b0422555a040947c22056e9
                                  • Opcode Fuzzy Hash: 4bb7aa5913581b0d8afcb32475a969696d2f2dc23eff6639114cc782cd6bfeb4
                                  • Instruction Fuzzy Hash: 10813D31B102068BDF54EFA9D55476EBBF6EF88300F248429D80ADF399EA34DC428B51
                                  Function 06A1B010 Relevance: .2, Instructions: 215COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fc523c4b8440dab0446a0698cef7c09d0d2a1dc2284b40e621baf7fd5e2bc053
                                  • Instruction ID: ed5585c11a6ccfdd6db38f69f491b5640dea07a41671da689641f8adec5e0e51
                                  • Opcode Fuzzy Hash: fc523c4b8440dab0446a0698cef7c09d0d2a1dc2284b40e621baf7fd5e2bc053
                                  • Instruction Fuzzy Hash: F7716031F0031A8FCF55EFA5D5406AEB7B2FF85300F608529E806AF358DB74A8468B90
                                  Function 06A142A8 Relevance: .2, Instructions: 210COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 939d4f1f2ca7f46ae4d4f7d23bd1d7aa2315b48631bd237a5f03a8233fcbe83a
                                  • Instruction ID: 446e428edd5469c966f21692e9c5e0db412268b328b671cb0cbffb8876af9347
                                  • Opcode Fuzzy Hash: 939d4f1f2ca7f46ae4d4f7d23bd1d7aa2315b48631bd237a5f03a8233fcbe83a
                                  • Instruction Fuzzy Hash: A1914E74E106198BDF60DF68C880B9DB7B1FF89310F208599D549BB295EB70AE85CF90
                                  Function 06A1EC0F Relevance: .2, Instructions: 204COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a952c444dfef1e96d986d0acb2681a9e68e8c2c5d7e963c3eeba58d839f4c747
                                  • Instruction ID: 9873333a3a8b0a54dd39ee39b64d6fbd4b63039ecf59eb0fd539fae9e9e282a7
                                  • Opcode Fuzzy Hash: a952c444dfef1e96d986d0acb2681a9e68e8c2c5d7e963c3eeba58d839f4c747
                                  • Instruction Fuzzy Hash: 02713F71E002099FCB54EFA9D990A9DBBF6FF88300F648569E406EB354DB30E946CB51
                                  Function 06A1EC20 Relevance: .2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 294c1b8ff70c8d20048bf22bd99ee6aa9f55dec3dded2e777e647f5f37680cb5
                                  • Instruction ID: e9f1b262e43dca4e36bb6d785cd7a27cdad6ba9f28e121683f3fa5410efbc823
                                  • Opcode Fuzzy Hash: 294c1b8ff70c8d20048bf22bd99ee6aa9f55dec3dded2e777e647f5f37680cb5
                                  • Instruction Fuzzy Hash: EA712C71E002099FDB54EBA9C990AADBBF6FF88300F648469E405EB354DB30E946CB51
                                  Function 06A1FD78 Relevance: .2, Instructions: 178COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 219de97d884af9108f2f2362d8389f30c51014fa1d7d96537930d95b42a239cc
                                  • Instruction ID: e6649263588e6eee5352dd785b8ad27115a77c68fa409d633d5852b61f6c08b9
                                  • Opcode Fuzzy Hash: 219de97d884af9108f2f2362d8389f30c51014fa1d7d96537930d95b42a239cc
                                  • Instruction Fuzzy Hash: BF51FF32E001459FCB54BBB8E8486ADBBF2EF85315F108869E10ADF290DF359956CB81
                                  Function 06A1F729 Relevance: .2, Instructions: 164COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dde330d8e151bf66a6de109e40bf22131b2c02d3d7d9fe1a7aa50d224e0445f7
                                  • Instruction ID: 828fa9fed47c21e527028b45d2594b5081a501a8045e48010aa70f196222d051
                                  • Opcode Fuzzy Hash: dde330d8e151bf66a6de109e40bf22131b2c02d3d7d9fe1a7aa50d224e0445f7
                                  • Instruction Fuzzy Hash: 6551D575B201555FEF607B6CD8A477E269AEB8D310F20443AD10ACF399CB39DC518792
                                  Function 06A1F738 Relevance: .2, Instructions: 163COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a6419ad84290738da3ff1715cb70baf94685b0e69b6f76d1f307003fa3c10617
                                  • Instruction ID: b4ec059607e08c1ab51ca8744b7265712483f32cedc0d34ab0c16ba5292c5977
                                  • Opcode Fuzzy Hash: a6419ad84290738da3ff1715cb70baf94685b0e69b6f76d1f307003fa3c10617
                                  • Instruction Fuzzy Hash: A051C174B201555FEF607B6CD8A473F269AEB8D310F20442AE10ACF398CB79DC5187A2
                                  Function 06A150E9 Relevance: .1, Instructions: 131COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 748f03e8af8c70d305e0a877a337c2a7787ac3295226ecda95f4c49f5462e736
                                  • Instruction ID: 7ff10b8e9ec5b96c0fd846783ffe380d9cb22b7deb5d8c54296a3bb8c58600cb
                                  • Opcode Fuzzy Hash: 748f03e8af8c70d305e0a877a337c2a7787ac3295226ecda95f4c49f5462e736
                                  • Instruction Fuzzy Hash: 1A4164B1E006099FDF71EFA9D8816AFF7B6FB94310F10492AD155DB640D731A8458B90
                                  Function 06A1DA70 Relevance: .1, Instructions: 99COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3137711406b0f04f03423464ceec047cce724169a9aab3f045273b737b4d7a3e
                                  • Instruction ID: f990506971e0e7370e5cf9419f125eb35b8e6753fa1120f6e89f52440f3ef547
                                  • Opcode Fuzzy Hash: 3137711406b0f04f03423464ceec047cce724169a9aab3f045273b737b4d7a3e
                                  • Instruction Fuzzy Hash: 2831B670E1430A9BCF15EF69D98069EB7B6EF85314F244929E406EF354EB70A942CB80
                                  Function 06A12080 Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5fd2e63d5fa6e9840d4646fa1c110d79233cfce129a038f3565fcc24efd7cac2
                                  • Instruction ID: b8cc59c56ed9dbf4059218eb11697fc943f28af4b67586f9d4a6238077440346
                                  • Opcode Fuzzy Hash: 5fd2e63d5fa6e9840d4646fa1c110d79233cfce129a038f3565fcc24efd7cac2
                                  • Instruction Fuzzy Hash: 79318D71E102099BDB48DF64D994B9EF7B2BF89300F108529E906EB754DB71ED82CB90
                                  Function 06A12090 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ddb24dc7cdc0f36990f97f6eb5f42067abf56c99bac5680c2d869af97f1f870f
                                  • Instruction ID: b42042c40503d469c087202b97f5e461ca53a925d3872b4ebec11670ef6ad2a1
                                  • Opcode Fuzzy Hash: ddb24dc7cdc0f36990f97f6eb5f42067abf56c99bac5680c2d869af97f1f870f
                                  • Instruction Fuzzy Hash: 99318E30E102099BDB48DF64D854B9EF7B6BF89300F108529E906EB754DB71ED82CB50
                                  Function 06A13B81 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4dadca239b093226fd82a8c762bca97bcab8d5602da7b8377fd938adfd981f13
                                  • Instruction ID: 2662deac7273af68e5a6acfd76ea3270db91bb4e2baef583a1253c509f78959b
                                  • Opcode Fuzzy Hash: 4dadca239b093226fd82a8c762bca97bcab8d5602da7b8377fd938adfd981f13
                                  • Instruction Fuzzy Hash: A221BF71F00216AFDB50EF79D980AEEBBF6EB48710F004429E805EB355E730E9018BA0
                                  Function 06A13B90 Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e44408f5b414456bec2cba291481264da0a9e0b37cbc07ba5cacc9dc02fa075
                                  • Instruction ID: cbdf975531cdc5e8eff5152d324a61fbd3f35e944b83760a555823d5fc793c67
                                  • Opcode Fuzzy Hash: 9e44408f5b414456bec2cba291481264da0a9e0b37cbc07ba5cacc9dc02fa075
                                  • Instruction Fuzzy Hash: D9219075F006169FDF50EFA9D980AAEBBF1EB48710F108069E905EB354E730E9018F90
                                  Function 06A16DF1 Relevance: .1, Instructions: 77COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9812fd153b92194ae7fbdebd3f324ae2689b3233526bf681e91f79d62c01966d
                                  • Instruction ID: 95a6af871b818a7f6b3d61cf96589b29e59855992ff079636f1b431556be1171
                                  • Opcode Fuzzy Hash: 9812fd153b92194ae7fbdebd3f324ae2689b3233526bf681e91f79d62c01966d
                                  • Instruction Fuzzy Hash: 9A21CF31B110099FDF44EB69E9546AEBBB7EB85310F248429E809DF391DA30DD428B90
                                  Function 02AED110 Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4598477138.0000000002AED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AED000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2aed000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 872e093eaff8b7d2883bbfe9988ad234881c9f2b97582b02da7ffc49fb7a801d
                                  • Instruction ID: 47e0be5e10a95216e165348b5c1bed57920e1d81d709bbf4361fc8d43dfd6262
                                  • Opcode Fuzzy Hash: 872e093eaff8b7d2883bbfe9988ad234881c9f2b97582b02da7ffc49fb7a801d
                                  • Instruction Fuzzy Hash: A62104B5604604EFDF04DF14D9C0B26BBA9FB88314F24C56DE80B4B246CB36D44BCA61
                                  Function 06A13ED8 Relevance: .1, Instructions: 60COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4e931bdd61caa0a8617bf364ce8fca93f2a4a4bd2dd223a38fc22b4b33b753f4
                                  • Instruction ID: f876c35347e6ca6178aa4c5e2c7c09ac06850cc1a4559d3901db5d2e75ed847f
                                  • Opcode Fuzzy Hash: 4e931bdd61caa0a8617bf364ce8fca93f2a4a4bd2dd223a38fc22b4b33b753f4
                                  • Instruction Fuzzy Hash: 7A01BC71B101101BDF60AA6DA811BABB7EFDBC9720F248839F50BCF785DA65DC424391
                                  Function 06A16518 Relevance: .1, Instructions: 60COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1f4d552a3036376e41be5328891184bec5a5ee082702814580d2bdaf66e5f600
                                  • Instruction ID: e8287a329f2542fcb045972f5eeabf47ed0cecd29821b66e2d446ca6430fbdb1
                                  • Opcode Fuzzy Hash: 1f4d552a3036376e41be5328891184bec5a5ee082702814580d2bdaf66e5f600
                                  • Instruction Fuzzy Hash: 7A115E6191E3E16FCB13AB384C645D63F699F43214F1905D3E884CF193D1258A18C3E6
                                  Function 06A13CA0 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 905f716a53eb57a28789afbe2088adc4716bb85bca9198a7930751e0ccff9c1e
                                  • Instruction ID: 3d8071ba5f6af980e29f45e31cb751faf3c2c4bf60c33b8b850b8b8bf3feb1ac
                                  • Opcode Fuzzy Hash: 905f716a53eb57a28789afbe2088adc4716bb85bca9198a7930751e0ccff9c1e
                                  • Instruction Fuzzy Hash: A611A136B141254FDF54AA78D9146AE73FAEBC9610F048439D90AEF358EE24DC068BD1
                                  Function 06A13958 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 29df869f10a24804112bf170858749459d58d5182705e35ba4145b518ac74403
                                  • Instruction ID: 3a7f87285d2429db0afd290d01ed5a40f4f289aca9c18c6e74c0d85e0f5d19cc
                                  • Opcode Fuzzy Hash: 29df869f10a24804112bf170858749459d58d5182705e35ba4145b518ac74403
                                  • Instruction Fuzzy Hash: 4821E0B5D01259AFCB00DF9AD885ACEFFB9FB48310F10816AE918A7300C374A954CBA5
                                  Function 06A13C91 Relevance: .1, Instructions: 56COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dcf0542228e85211648eb2df0da8aa7c139f83e30d965b5c0d75e3f5dee5cec0
                                  • Instruction ID: cc6e1a96450b348fb9a14ee1d688e92aea896170210af7e5b2b5c9f0d9e36967
                                  • Opcode Fuzzy Hash: dcf0542228e85211648eb2df0da8aa7c139f83e30d965b5c0d75e3f5dee5cec0
                                  • Instruction Fuzzy Hash: CD01D832B141251BEF55AA79DC146EF7BFBDBC9310F044439D546DB344EE20980647E1
                                  Function 06A1EE8F Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cbdef7e52126e629e605b76d529461363166b37125db97b8da0633eb2c91da98
                                  • Instruction ID: 906f4ee5165b91d90e99490141783199339c7450eb7f1787b4bc7e31fc11da6f
                                  • Opcode Fuzzy Hash: cbdef7e52126e629e605b76d529461363166b37125db97b8da0633eb2c91da98
                                  • Instruction Fuzzy Hash: F3018F72B105155BDB65A73CA45076A27DBEBCA720F208839F90BCF784DA25DC034796
                                  Function 02AED10B Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4598477138.0000000002AED000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AED000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_2aed000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                  • Instruction ID: 7425e40878fe8b59cea3dc8cb947c8f93c66a5ca3b26ed844f3c663c08641cdd
                                  • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                                  • Instruction Fuzzy Hash: C011DD75504680CFCB05CF10D9C4B15BBB2FB88318F24C6AADC4A4B696C33AD44BCB61
                                  Function 06A1A3F2 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 58fb5bc657927c79ed8ac94282dfe6d2d9e06f93cd287c850d433803a47e9dda
                                  • Instruction ID: e5b0b4a4da083680a88efca03aeaee918798758822c0e2d41e8731f039008f74
                                  • Opcode Fuzzy Hash: 58fb5bc657927c79ed8ac94282dfe6d2d9e06f93cd287c850d433803a47e9dda
                                  • Instruction Fuzzy Hash: 28012F31B221510FDB51A738A85472A7BEAEB86320F20886AE24BCF755DE20DD028380
                                  Function 06A13960 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f8ffc7546b4183d96cb615a8093a7a8f22773d5a37f93a9cfc04e734a922f712
                                  • Instruction ID: 52ee7c294035d8596b4f048ecdff0906a27fabab175896615fd7c323dfc14b10
                                  • Opcode Fuzzy Hash: f8ffc7546b4183d96cb615a8093a7a8f22773d5a37f93a9cfc04e734a922f712
                                  • Instruction Fuzzy Hash: 9011DDB1D01259AFCB00DF9AD885ADEFFB8FB48310F10812AE918A7300C374A954CFA5
                                  Function 06A13EE8 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 45f7dbe3f9805ae33737a99b45a4e2d1b7d1f4b931bc01d4ce8f3bd4a2a1c0b0
                                  • Instruction ID: f83bdacc42274542e1cff03cd2e98f548af5dd0a50abb90892930273dfdcfe10
                                  • Opcode Fuzzy Hash: 45f7dbe3f9805ae33737a99b45a4e2d1b7d1f4b931bc01d4ce8f3bd4a2a1c0b0
                                  • Instruction Fuzzy Hash: 56016971B101105BDF64AA6EA41172BB2EBDBC9B20F20883AF50BCF784DE65DC424791
                                  Function 06A1EEA0 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1385c8128353c4a192221b3638f658f2f30ae446d13786a1558e04218ec6648f
                                  • Instruction ID: b62254b454f78b510ee20fb4442f3d7a5db443df8a91fe49ffcc2ecec61427dd
                                  • Opcode Fuzzy Hash: 1385c8128353c4a192221b3638f658f2f30ae446d13786a1558e04218ec6648f
                                  • Instruction Fuzzy Hash: 4B01AF71B101155BDB64A77CA45072E72DBEBCA720F208839F90BCF384DE25EC024795
                                  Function 06A1A400 Relevance: .0, Instructions: 46COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9f7976cf8211cd535a9c1100296dcf650d3ffba5c19be109508b7b438b0bc217
                                  • Instruction ID: a768f6ab3e8868ee5ee60c605b53146713c84efa1c2ebcd92fb2bffe10f5a08e
                                  • Opcode Fuzzy Hash: 9f7976cf8211cd535a9c1100296dcf650d3ffba5c19be109508b7b438b0bc217
                                  • Instruction Fuzzy Hash: 16018171B215114BDB54FB7CE45472A77DAEB85710F108429E60BCF754DE21ED028780

                                  Non-executed Functions

                                  Function 06A17788 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq
                                  • API String ID: 0-539408830
                                  • Opcode ID: 5e7ca2870a23c9c0d920b92dd52aaee1a3574ee7b1ddf0c3e255859bb7a8b8fe
                                  • Instruction ID: 89d81adff3d0be4ad21b49654e708981c56b9b20815e8665dec5eb63b45cf559
                                  • Opcode Fuzzy Hash: 5e7ca2870a23c9c0d920b92dd52aaee1a3574ee7b1ddf0c3e255859bb7a8b8fe
                                  • Instruction Fuzzy Hash: 8D120C34E0021A8FDB65EF65D954AAEB7F2BF89300F2095A9D406AB355DB30DD85CF80
                                  Function 06A1AA28 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq$$cq$$cq$$cq$$cq$$cq$$cq
                                  • API String ID: 0-3377385791
                                  • Opcode ID: fdc82da1ea58b88b9530a6b16c67b5ccba95eedbd00367510cd8c0d3555e799c
                                  • Instruction ID: 669ca46cb89096cb9e3911e9a19d95c468ab8e0d0a157ffb9079929ca623efc7
                                  • Opcode Fuzzy Hash: fdc82da1ea58b88b9530a6b16c67b5ccba95eedbd00367510cd8c0d3555e799c
                                  • Instruction Fuzzy Hash: 54917C70E022099FDB64FBA5D9547AEBBF2AF84300F208429E9069F395DB749C45CB90
                                  Function 06A17188 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .5{q$$cq$$cq$$cq$$cq$$cq$$cq
                                  • API String ID: 0-986819311
                                  • Opcode ID: 09045df8ca950f701448cdd4d8882050e1a2f44949348397a5ae1669317005db
                                  • Instruction ID: 76981ec47fc202b0ecaf99b03ea3f6a558cba171232fd6b05219dc2abbabd5a4
                                  • Opcode Fuzzy Hash: 09045df8ca950f701448cdd4d8882050e1a2f44949348397a5ae1669317005db
                                  • Instruction Fuzzy Hash: 4DF12934A102098FDB59FBA4D554A6EBBB3BF88300F648469D4159F398DB35EC82CF80
                                  Function 06A184C0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $cq$$cq$$cq$$cq
                                  • API String ID: 0-2876200767
                                  • Opcode ID: b7b4e01585a485b31f6240e9819ed042fd96b2d6019e619c3f365525c6c5efe3
                                  • Instruction ID: 6102a9405ea54661a3ba6489b67bef6d8956e02e4b797e0f692f73f3220014e0
                                  • Opcode Fuzzy Hash: b7b4e01585a485b31f6240e9819ed042fd96b2d6019e619c3f365525c6c5efe3
                                  • Instruction Fuzzy Hash: B0B12A70E112198FDB65EF69C5506AEBBB3EF84300F248469D4069F394DB79DC86CB81
                                  Function 06A188D8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.4603078148.0000000006A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A10000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_6a10000_SOA Payment for June 30th.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LRcq$LRcq$$cq$$cq
                                  • API String ID: 0-2876661331
                                  • Opcode ID: 85a459506648cb2eddf4e4cab3104960925d6f64e3d01e1ea87f8b593039cebb
                                  • Instruction ID: b5be920df0fb043e6b46fca05d8fcd8035be3e8ccbdc2b1efe9aa16723312b77
                                  • Opcode Fuzzy Hash: 85a459506648cb2eddf4e4cab3104960925d6f64e3d01e1ea87f8b593039cebb
                                  • Instruction Fuzzy Hash: 8B51A171B002028FDB54FB68D950A6AB7F6FF85300F25896DE4069F395DA35EC41CB91